Перейти к содержанию
19 лет клубу! Встречаемся в офисе «Лаборатории Касперского»

Внимание! Все важные файлы на всех дисках вашего компьютера были зашифрованы

Леонид Сокольский

Автор Леонид Сокольский
в Помощь в борьбе с шифровальщиками-вымогателями

 Поделиться

Рекомендуемые сообщения

Леонид Сокольский

Леонид Сокольский

Опубликовано
Опубликовано

Все текстовые файлы, файлы "Ворд" и "Эксель" на ПК поменяли свое название и расширение. Выполнил первые 3 пункта "Порядка оформления запроса о помощи". Что делать дальше? На ПК большинство файлов связаны с работой. Как открыть зашифрованные файлы? 

CollectionLog-2015.03.04-21.11.zip

Ссылка на комментарий
Поделиться на другие сайты
thyrex

thyrex

Опубликовано
Опубликовано

Выполните скрипт в AVZ

 

begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
  begin
   SearchRootkit(true, true);
   SetAVZGuardStatus(True);
  end;
TerminateProcessByName('c:\users\leonid\appdata\local\amigo\application\amigo.exe');
DeleteFile('c:\users\leonid\appdata\local\amigo\application\amigo.exe','32');
DeleteFile('C:\Users\Leonid\AppData\Local\Amigo\Application\vk.exe','32');
DeleteFile('C:\Windows\system32\Tasks\{2AC34700-C24B-4147-8127-BAEED47B8132}','32');
DeleteFile('C:\Windows\system32\Tasks\{B59D6F5B-B091-4338-8828-49966CD6796E}','32');
DeleteFile('C:\Windows\system32\Tasks\{F3D9D83D-8F37-4D1A-8668-DE5B20C38818}','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.

 

Пофиксите в HiJack

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
O4 - HKCU\..\Run: [26C78E01] C:\Users\Leonid\AppData\Roaming\26C78E01\bin.exe

Сделайте новые логи по правилам

 

Скачайте Farbar Recovery Scan Tool  NAAC5Ba.png и сохраните на Рабочем столе.

 

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.

  • Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
  • Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5".
    B92LqRQ.png
  • Нажмите кнопку Scan.
  • После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.
  • Если программа была запущена в первый раз, будет создан отчет (Addition.txt). Пожалуйста, прикрепите его в следующем сообщении.

Ссылка на комментарий
Поделиться на другие сайты
Леонид Сокольский

Леонид Сокольский

Опубликовано
  • Автор
Опубликовано
Первую пофиксили 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>

Второй не было в HiJack
O4 - HKCU\..\Run: [26C78E01] C:\Users\Leonid\AppData\Roaming\26C78E01\bin.exe
 

Логи:

 

hijackthis.log:   

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:05:12, on 07.03.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\USB Camera2\VM332_STI.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\Lenovo\YouCam\YouCamTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
D:\Program Files\2gis\3.0\2GISTrayNotifier.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\drivers\usb_driver.exe
C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe
C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe
C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe
C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Intel\WiMAX\bin\wimaxcu.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
D:\Skype\Phone\Skype.exe
D:\Install\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?win=130&clid=2153702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: IEPwdBankBHO - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files\EgisTec BioExcess\EgisIEPwdBank.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Визуальные закладки - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - C:\Program Files\Yandex\FastDial\fastdial.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll
O3 - Toolbar: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O4 - HKLM\..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
O4 - HKLM\..\Run: [TpShocks] C:\Windows\system32\TpShocks.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [2Gis Update Notifier] "D:\Program Files\2gis\3.0\2GISTrayNotifier.exe" -delayed_start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [KabAuth] C:\Users\Leonid\Desktop\kabauth.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [usbDriver] c:\WINDOWS\system32\drivers\usb_driver.exe
O4 - HKCU\..\Run: [Praetorian] C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe
O4 - HKCU\..\Run: [syncManPath] "C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" -autostart
O4 - HKCU\..\Run: [MailRuUpdater] C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.bft-tender.ru
O15 - Trusted Zone: http://*.otc-agro.ru
O15 - Trusted Zone: http://*.otc-finance.ru
O15 - Trusted Zone: http://*.otc-region.ru
O15 - Trusted Zone: http://*.otc-tender.ru
O15 - Trusted Zone: http://*.otc.ru
O15 - Trusted Zone: http://*.rts-tender.ru
O15 - Trusted Zone: *.sberbank-ast.ru
O15 - Trusted Zone: http://*.sberbank-ast.ru
O16 - DPF: {2E3F2257-5717-48F6-B923-F83E908E2311} (TSPSigner Class) - https://web-ppo.zakazrf.ru/ICLCrypt-x32.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F7E60974-7F71-4F4A-BC3B-DF67801BD1AC} (Signer Class) - https://supplier-web.rts-tender.ru/RTSCrypto.cab
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: 2GIS UpdateService (2GISUpdateService) - ООО ДубльГИС - D:\Program Files\2gis\3.0\2GISUpdateService.exe
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Служба управления устройствами Intel® PROSet/Wireless WiMAX Red Bend (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: EgisTec Data Security Service - Egis Technology Inc.  - C:\Program Files\EgisTec BioExcess\EgisDSService.exe
O23 - Service: EgisTec Service - Egis Technology Inc.  - C:\Program Files\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc.  - C:\Program Files\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: IdeaPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Служба Intel® PROSet/Wireless WiMAX (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
 
--
End of file - 13322 bytes

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Leonid (administrator) on LEONID-PC on 07-03-2015 18:26:26
Running from C:\Users\Leonid\Downloads
Loaded Profiles: Leonid (Available profiles: Leonid & Неуймина)
Platform: Microsoft Windows 7 Максимальная  Service Pack 1 (X86) OS Language: Русский (Россия)
Internet Explorer Version 11 (Default browser path: "C:\Users\Leonid\AppData\Local\Amigo\Application\amigo.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Egis Technology Inc. ) C:\Program Files\EgisTec BioExcess\EgisService.exe
(Egis Technology Inc. ) C:\Program Files\EgisTec Port Locker\Egishlpsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY (BIT Software)) C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Egis Technology Inc. ) C:\Program Files\EgisTec BioExcess\EgisDSService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
() C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
() C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Lenovo.) C:\Windows\System32\TPHDEXLG.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Vimicro) C:\Program Files\USB Camera2\VM332_STI.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(CyberLink Corp.) C:\Program Files\Lenovo\YouCam\YouCamTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ООО ДубльГИС) D:\Program Files\2gis\3.0\2GISTrayNotifier.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Akamai Technologies, Inc.) C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Корпорация Майкрософт) C:\Windows\System32\drivers\usb_driver.exe
(Yandex LLC) C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
() C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe
(Mail.Ru) C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe
(Akamai Technologies, Inc.) C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
() C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(КАБiNET) C:\Users\Leonid\Desktop\kabauth.exe
(Skype Technologies S.A.) D:\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [332BigDog] => C:\Program Files\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [1822600 2010-03-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-09-30] ()
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4204448 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [6285216 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EgisTecPMMUpdate] => C:\Program Files\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] => C:\Program Files\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.)
HKLM\...\Run: [uCam_Menu] => C:\Program Files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [YouCam Mirror Tray icon] => C:\Program Files\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)
HKLM\...\Run: [intelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1437696 2009-09-16] (Intel® Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [186272 2010-03-15] (Lenovo.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG)
HKLM\...\Run: [2Gis Update Notifier] => D:\Program Files\2gis\3.0\2GISTrayNotifier.exe [4582936 2014-12-18] (ООО ДубльГИС)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-14] (ESET)
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2009-03-25] (Nero AG)
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [Corel Photo Downloader] => "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [KabAuth] => C:\Users\Leonid\Desktop\kabauth.exe [877568 2011-06-15] (КАБiNET)
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [usbDriver] => c:\WINDOWS\system32\drivers\usb_driver.exe [577536 2011-04-20] (Корпорация Майкрософт)
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [Praetorian] => C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe [1737024 2014-01-09] (Yandex LLC)
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [syncManPath] => C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe [17410336 2015-02-09] ()
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [MailRuUpdater] => C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe [7241960 2015-02-25] (Mail.Ru)
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [26C78E01] => C:\Users\Leonid\AppData\Roaming\26C78E01\bin.exe [49152 2015-03-07] ()
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
ShellIconOverlayIdentifiers: [0YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()
ShellIconOverlayIdentifiers: [0YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()
ShellIconOverlayIdentifiers: [0YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()
ShellIconOverlayIdentifiers: [0YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ru.msn.com/?ocid=iehp
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?win=130&clid=2153702
SearchScopes: HKLM -> DefaultScope Yandex URL = http://yandex.ru/yandsearch?clid=155830&text={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg
SearchScopes: HKU\.DEFAULT -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg
SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg
SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> Moikrug URL = http://moikrug.ru/persons/?clid=155830&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> Yandex URL = 
SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?win=151&clid=2153703&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> {F76319B5-BE67-4DE4-A3C5-00B656A59C8D} URL = http://nova.rambler.ru/search?query={searchTerms}&utm_source=r33&utm_medium=distribution&utm_content=e09&utm_campaign=4w01
SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO: IEPwdBankBHO Class -> {56CBB761-DA41-4E31-B270-B13B4B0A61D0} -> C:\Program Files\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )
BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: MailRuBHO Class -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> C:\Program Files\Yandex\FastDial\fastdial.dll ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
Toolbar: HKLM - Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll (ООО «ЯНДЕКС»)
Toolbar: HKLM - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
Toolbar: HKU\.DEFAULT -> Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll (ООО «ЯНДЕКС»)
Toolbar: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll (ООО «ЯНДЕКС»)
Toolbar: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
DPF: {2E3F2257-5717-48F6-B923-F83E908E2311} https://web-ppo.zakazrf.ru/ICLCrypt-x32.cab
DPF: {F7E60974-7F71-4F4A-BC3B-DF67801BD1AC} https://supplier-web.rts-tender.ru/RTSCrypto.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF NewTab: yafd:tabs
FF DefaultSearchEngine: Поиск@Mail.Ru
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxp://go.mail.ru/?ffverfix=1&fr=ffverfix_sg
FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-3904404758-3084505066-3444409724-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-3904404758-3084505066-3444409724-1000: @rts-tender.ru -> C:\Windows\system32\npRTSCrypto.dll (RTS )
FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml
FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\rambler.xml
FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-093331.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml
FF Extension: Візуальныя закладкі - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\vb@yandex.ru [2014-08-02]
FF Extension: Спутник @Mail.Ru - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2013-12-29]
FF Extension: DownloadHelper - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-06]
FF Extension: Adblock Plus - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-04-23]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-04-23]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-02-20]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-07-27]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.yandex.ru/?win=75&clid=1936586
CHR StartupUrls: Profile 1 -> "hxxp://www.yandex.ru/?win=75&clid=1936586", "hxxp://ru.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchKeyword: Profile 1 -> yandex.ru
CHR DefaultSearchURL: Profile 1 -> http://yandex.ru/yandsearch?text={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Profile: C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-30]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-30]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-10-30]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcncjpganfocbfoenaemagjjopkkindp [2014-06-27]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaocgokledfmfebefgbeokdodbbdjhdd [2013-10-11]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-10-30]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-30]
CHR Profile: C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-05]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-05]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-11-05]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-10]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nkcpopggjcjkiicpenikeogioednjeac [2013-06-19]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-11-05]
CHR Extension: (Gmail) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-05]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\Leonid\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx [2013-06-08]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - https://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 2GISUpdateService; D:\Program Files\2gis\3.0\2GISUpdateService.exe [3764760 2014-12-18] (ООО ДубльГИС)
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [566560 2008-06-18] (ABBYY (BIT Software)) [File not signed]
S3 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2235448 2007-03-26] ()
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 cpcsp1; C:\Program Files\Crypto Pro\CSP\cpcspi.dll [669000 2012-04-20] (Компания Крипто-Про)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [352256 2009-09-15] (Red Bend Ltd.) [File not signed]
R2 EgisTec Data Security Service; C:\Program Files\EgisTec BioExcess\EgisDSService.exe [314736 2010-11-12] (Egis Technology Inc. )
R2 EgisTec Service; C:\Program Files\EgisTec BioExcess\EgisService.exe [709488 2010-11-12] (Egis Technology Inc. )
R2 EgisTec Service Help; C:\Program Files\EgisTec Port Locker\Egishlpsvc.exe [322416 2010-05-19] (Egis Technology Inc. )
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-14] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-14] (ESET)
R2 Guard.Mail.ru; C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [4053736 2015-02-22] ()
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.) [File not signed]
S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)
R3 TermService; C:\Windows\System32\termsrv.dll [521216 2011-02-25] (Microsoft Corporation) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [1368064 2009-09-15] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21256 2009-09-03] (Lenovo Corporation)
R0 B46530BE; C:\Windows\System32\drivers\B46530BE.sys [135264 2015-03-05] (Kaspersky Lab ZAO)
R3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [56832 2009-09-15] (Intel Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R1 CProCtrl; C:\Windows\System32\DRIVERS\CProCtrl.sys [66344 2012-04-10] (Компания Крипто-Про)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed]
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)
R1 EgisTecFF; C:\Windows\System32\DRIVERS\EgisTecFF.sys [44520 2011-04-22] (Egis Technology Inc.)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [131072 2010-03-26] (ELAN Microelectronics Corp.)
R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29232 2011-04-22] (EgisTec)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)
R2 haspflt; C:\Windows\system32\drivers\haspflt.sys [29024 2004-12-10] () [File not signed]
R2 Haspnt; C:\Windows\system32\drivers\Haspnt.sys [47616 2014-12-17] (Aladdin Knowledge Systems) [File not signed]
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [9344 2007-07-06] (Hewlett Packard)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-21] (Корпорация Майкрософт)
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2011-04-22] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2011-04-22] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2011-04-22] (Egis Technology Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [34064 2009-03-16] (CACE Technologies)
R3 RTIFDH; C:\Windows\System32\DRIVERS\rtIFDH.sys [13312 2012-02-27] (Компания "Актив")
S3 RTUSB; C:\Windows\System32\DRIVERS\rtUSB.sys [29824 2012-02-27] (Компания "Актив")
S3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [83208 2007-04-03] (MCCI Corporation)
S3 s616mdfl; C:\Windows\System32\DRIVERS\s616mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s616mdm; C:\Windows\System32\DRIVERS\s616mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s616mgmt; C:\Windows\System32\DRIVERS\s616mgmt.sys [100360 2007-04-03] (MCCI Corporation)
S3 s616nd5; C:\Windows\System32\DRIVERS\s616nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s616obex; C:\Windows\System32\DRIVERS\s616obex.sys [98568 2007-04-03] (MCCI Corporation)
S3 s616unic; C:\Windows\System32\DRIVERS\s616unic.sys [99080 2007-04-03] (MCCI Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed]
S3 uji5njew; C:\Windows\system32\Drivers\uji5njew.sys [10240 2015-03-05] (Zaitsev Oleg, 2006) [File not signed]
S3 uti5njew; C:\Windows\system32\Drivers\uti5njew.sys [7168 2015-03-05] () [File not signed]
R3 vm332avs; C:\Windows\System32\Drivers\vm332avs.sys [198000 2010-05-10] (Vimicro Corporation)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows ® Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AcpiVpc.sys E4D3DD5A1FC4AEF696D34D4B97049343
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\drivers\B46530BE.sys 6022F174CEB149650DCB5BE445A0E72A
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl6.sys CDA161020BF75B12728AE394196AD991
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bpenum.sys 2B21B3E9ABF067CE0B0878E2517A8971
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\drivers\WDBridge.sys B35BB97B6DD9913093579F5C83962636
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1
C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CProCtrl.sys E6E39505B3F9846172C96CACB3986CD8
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\system32\Drivers\DgiVecp.sys 7F19DBA1A467B838CCB23124A2C55568
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\System32\DRIVERS\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\Dot4Scan.sys 9F7DE667C505CE6500BECDD8E11644D7
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\System32\DRIVERS\eamonm.sys 04CBA07E73F152970FC34D66D3892E2A
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\EgisTecFF.sys 1209F5F93B199CF9E7E7F58AC7D90641
C:\Windows\System32\DRIVERS\ehdrv.sys FE7824239D132AD9EBD8645FE1199B30
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfwwfpr.sys DDB45F6371714601A43E8BE38145BE18
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ETD.sys D2AD190C9F89B91C0A8CDEB81FDBDCEB
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\FPSensor.sys 041033F5DED5E58F8198CE31CFD09562
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hardlock.sys C1CC0C9742B881C42F1CC628E6F9EBD1
C:\Windows\system32\drivers\haspflt.sys F535EC9C1E5DAB373C0957D06BA22D6B
C:\Windows\system32\drivers\Haspnt.sys 2DD25F060DC9F79B5CDF33D90ED93669
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECI.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\hpfxbulk.sys 9E3944A558AB84853EF985988E23A8A4
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys 8266AE06DF974E5BA047B3E9E9E70B3F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys E3C36AC5AE87EC970AE8EA2A93D59AE1
C:\Windows\System32\drivers\RTKVHDA.sys ACEC5BBEE4AA34D74BE0E2E512CC2026
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\ivusb.sys 994EBB45C4B438E1F6EA0B958AE9B9A3
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E
C:\Windows\System32\Drivers\ksecpkg.sys D3964885F0A11ACF51DA3AAA776973B2
C:\Windows\System32\DRIVERS\L1C62x86.sys B05ADCD03AAED42607371186F359D8A5
C:\Windows\System32\DRIVERS\LhdX86.sys 8FF8B5F04AC4D57F9A965BB4DF07813E
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mvusbews.sys 12AAA46852CFD850129881971976F047
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys CB47C414E083CA6E50E634B148F28F64
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 647B953019559BFF07536F5C6121F333
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys 5A236A36DB8687D1E64DC81C03EAABE1
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys 6623E51595C0076755C29C00846C4EB2
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys A633399432491BB173BB3CF3B41B9C55
C:\Windows\System32\DRIVERS\rtIFDH.sys 6C5BAB6BE480D966A3904D8BF12AA3AC
C:\Windows\System32\DRIVERS\rtUSB.sys 022548C5D0DFBA837B535FC9C040238B
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\s616bus.sys EF4B5A8D53F15CB269469DD4E4BB0109
C:\Windows\System32\DRIVERS\s616mdfl.sys 96187731EEFCF83E844BC1CE6617AAEB
C:\Windows\System32\DRIVERS\s616mdm.sys D2DD87368BFECFA099E50DC120F3F513
C:\Windows\System32\DRIVERS\s616mgmt.sys 5F0BE24E4D4FA134B0B2FEF35D3A9D90
C:\Windows\System32\DRIVERS\s616nd5.sys B9B507FCC67E204EF38E05FFD4176345
C:\Windows\System32\DRIVERS\s616obex.sys F123A1F2A04A0E8DBA80B64F0072475A
C:\Windows\System32\DRIVERS\s616unic.sys E7E55048EBD5C17BFA791B4A6EC3D54B
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Apsx86.sys A8D80861A96E8964A3C6B5406B3083C4
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys E78C98378A071CE4D48A7C514FA98FA1
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\Drivers\SSPORT.sys EF3458337D7341A05169CEFC73709264
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys F2AD8960812FD111E20E84659EF19D43
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 052306FD76793D5D5AB5D9891FD1ADBB
C:\Windows\System32\DRIVERS\ApsHM86.sys 033C4FEB60ADC2234984DEC816672FED
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
C:\Windows\System32\drivers\tsusbhub.sys 045ACB987C650D8186C6B4A692223860
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\Drivers\uji5njew.sys 817D8D89FE54E6E207BF50582C1C0E4B
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\system32\Drivers\uti5njew.sys 524D8D450622DB4A7875B111C299A76B
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vm332avs.sys 87E8D95688A8C8DEF43288A0613E6CD4
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\WDMirror.sys EA4E9DD00E69B35F9BD3D39ACB113E3F
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wsvd.sys BAEDC491374DEFD5E76336901D6D397D
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-07 18:26 - 2015-03-07 18:27 - 00052397 _____ () C:\Users\Leonid\Downloads\FRST.txt
2015-03-07 18:26 - 2015-03-07 18:26 - 00000000 ____D () C:\FRST
2015-03-07 11:04 - 2015-03-07 11:04 - 00000866 _____ () C:\Users\Leonid\Desktop\HijackThis.exe - Ярлык.lnk
2015-03-05 22:49 - 2015-03-05 22:49 - 00079917 _____ () C:\Users\Leonid\Desktop\logs_05.03.2015_22_36_46.log
2015-03-05 21:07 - 2015-03-05 21:07 - 00010240 _____ (Zaitsev Oleg, 2006) C:\Windows\system32\Drivers\uji5njew.sys
2015-03-05 21:00 - 2015-03-05 23:03 - 00000000 ____D () C:\Program Files\NoVirusThanks
2015-03-05 21:00 - 2015-03-05 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
2015-03-05 20:59 - 2015-03-05 20:59 - 00931678 _____ (NoVirusThanks Company Srl ) C:\Users\Leonid\Downloads\hijackhunter_setup.exe
2015-03-05 20:47 - 2015-03-05 20:47 - 00135264 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\B46530BE.sys
2015-03-05 20:43 - 2015-03-05 20:43 - 01132544 _____ (Farbar) C:\Users\Leonid\Downloads\FRST.exe
2015-03-05 20:41 - 2015-03-05 20:41 - 00007168 ___SH () C:\Users\Leonid\AppData\Roaming\Thumbs.db
2015-03-04 20:13 - 2015-03-05 21:07 - 00007168 _____ () C:\Windows\system32\Drivers\uti5njew.sys
2015-03-04 15:41 - 2015-03-04 15:47 - 00000000 ____D () C:\KVRT_Data
2015-03-04 15:23 - 2015-03-04 15:25 - 193295694 _____ () C:\Users\Leonid\Downloads\Не подтвержден 931626.crdownload
2015-03-04 13:17 - 2015-03-07 09:17 - 00000000 ___RD () C:\Users\Leonid\YandexDisk-slv196
2015-03-03 20:51 - 2015-03-03 20:53 - 00000000 ____D () C:\Users\Leonid\Desktop\Новая папка
2015-03-03 20:44 - 2015-03-03 20:55 - 00069624 _____ () C:\Users\Leonid\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-03 20:44 - 2015-03-03 20:44 - 00000020 ___SH () C:\Users\Leonid\ntuser.ini
2015-03-03 19:06 - 2015-03-03 19:06 - 03148854 _____ () C:\Users\Leonid\AppData\Roaming\8CD78B8D8CD78B8D.bmp
2015-03-03 16:17 - 2015-03-04 15:55 - 00000000 __SHD () C:\Users\Все пользователи\Windows
2015-03-03 16:17 - 2015-03-04 15:55 - 00000000 __SHD () C:\ProgramData\Windows
2015-03-03 16:17 - 2015-03-03 16:17 - 00000000 ___HD () C:\Users\Leonid\AppData\Roaming\26C78E01
2015-02-24 17:33 - 2015-02-24 17:33 - 00000000 ____D () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс.Диск
2015-02-24 15:14 - 2015-02-24 15:14 - 00000000 ____D () C:\Users\Неуймина\AppData\Roaming\Opera
2015-02-24 15:14 - 2015-02-24 15:14 - 00000000 ____D () C:\Users\Неуймина\AppData\Local\Opera
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-07 18:26 - 2015-01-06 19:35 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 18:13 - 2011-04-23 00:07 - 00000000 ____D () C:\Users\Leonid\AppData\Roaming\Skype
2015-03-07 17:52 - 2012-10-30 17:11 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 09:52 - 2012-10-30 17:11 - 00000954 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 09:20 - 2009-07-14 09:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 09:20 - 2009-07-14 09:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 09:15 - 2011-01-23 02:44 - 01103193 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 09:13 - 2014-12-10 15:40 - 08405015 _____ () C:\Windows\TempFile
2015-03-07 09:13 - 2011-04-22 23:33 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
2015-03-07 09:13 - 2009-07-14 09:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 09:13 - 2009-07-14 09:39 - 00194169 _____ () C:\Windows\setupact.log
2015-03-05 21:10 - 2010-11-21 02:48 - 00071076 _____ () C:\Windows\PFRO.log
2015-03-04 15:55 - 2013-07-27 18:42 - 00000000 ____D () C:\Users\Leonid\AppData\Local\MediaGet2
2015-03-04 13:17 - 2014-04-02 11:58 - 00000000 ___RD () C:\Users\Leonid\YandexDisk-l.sokolsky
2015-03-04 13:17 - 2011-04-22 22:47 - 00000000 ____D () C:\Users\Leonid
2015-03-04 13:14 - 2009-07-14 09:33 - 00318576 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-03 20:53 - 2011-04-22 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-03 20:53 - 2011-04-22 23:52 - 00000000 ____D () C:\Users\Все пользователи\Microsoft Help
2015-03-03 20:53 - 2011-04-22 23:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-03 20:45 - 2011-11-11 11:46 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Akamai
2015-03-03 19:05 - 2011-04-23 11:52 - 00000000 ____D () C:\ConsUserData
2015-03-03 19:04 - 2012-03-12 17:55 - 00000000 ____D () C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution
2015-03-03 19:03 - 2014-10-27 10:28 - 01168256 _____ () C:\Users\Leonid\syEt1cYZM2eUGB8fHDvpglHs38J1keN5M5k0ij6OHUlcRS4Mp9GTxioqMQSdIBWNzeWUKSG39TtvXlj8UDiYD0gIKr0DJ3NCayLxCVKc-YA=.xtbl
2015-03-03 19:03 - 2013-04-28 08:09 - 00033152 ___SH () C:\Users\Leonid\RbhdyifbefqrLKZTVxV0kp8FN6HqK7NmIDOOj06LdLQ=.xtbl
2015-03-03 19:03 - 2012-12-17 16:08 - 04571808 ____H () C:\Users\Leonid\AppData\Local\mFMT3pttuY8bNJLQ+hZ0zdW9vJwQ8zEIxe1Lnz5DlqY=.xtbl
2015-03-03 19:03 - 2012-03-12 17:56 - 00003504 _____ () C:\Users\Все пользователи\opYbcl0Y5JSGqmJsy4hKzj8BuGuhvtGGWS3tpdyRDo0=.xtbl
2015-03-03 19:03 - 2012-03-12 17:56 - 00003504 _____ () C:\ProgramData\opYbcl0Y5JSGqmJsy4hKzj8BuGuhvtGGWS3tpdyRDo0=.xtbl
2015-03-03 19:03 - 2011-05-05 14:44 - 00003968 _____ () C:\Users\Leonid\AppData\Local\D34zm0trtLNSsOt-kmsAHdhzVk5kKYs+Q4TTS+P7NyaTYrTNmgDfq35NlA7KN3Sp5zrt4Ruv2pXOMYYKyEEL75Dn5uSotsp4HVWC21VMGy4=.xtbl
2015-03-03 19:03 - 2011-04-22 23:43 - 00000000 ____D () C:\Users\Все пользователи\OneKey Recovery
2015-03-03 19:03 - 2011-04-22 23:43 - 00000000 ____D () C:\ProgramData\OneKey Recovery
2015-03-03 19:03 - 2011-04-22 23:24 - 00000000 ____D () C:\Users\Все пользователи\Port Locker
2015-03-03 19:03 - 2011-04-22 23:24 - 00000000 ____D () C:\ProgramData\Port Locker
2015-03-03 19:03 - 2011-04-22 23:19 - 00069440 _____ () C:\Users\Leonid\AppData\Local\Y2JWQFTP1sJDnoAB924dXJDPvVGPHj2B4XvtEBrYtAbDncPbgB+3VW55+0i8WS0q.xtbl
2015-03-03 19:03 - 2011-04-22 23:16 - 00000000 ____D () C:\Users\Leonid\AppData\Local\BioExcess
2015-03-03 19:03 - 2011-04-22 22:47 - 00000416 ___SH () C:\Users\Leonid\wRyHHhJN2C0BY3w56ZgKvqRL7i23Jksv-cER1UCmlCs=.xtbl
2015-03-03 19:02 - 2011-04-25 13:52 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Lenovo Security Suite
2015-03-03 18:56 - 2014-04-19 21:59 - 00000000 ____D () C:\Users\Leonid\Desktop\Венера
2015-03-03 18:56 - 2013-08-14 14:36 - 00000000 ____D () C:\Users\Leonid\Desktop\катя
2015-03-03 18:56 - 2012-12-17 12:48 - 00000560 ____H () C:\Users\Leonid\Desktop\da9+9tNKyE2mxZhWgM1bqJfSqVJCmhWrq4zYEUy1dlA=.xtbl
2015-03-03 18:56 - 2012-10-05 16:26 - 00000560 ____H () C:\Users\Leonid\Desktop\k3tEVOzAMEzoyvhTIQObB8hXjoogtvJjRJowE7Z8jTr60fe3-NvZzziH6vtGfc2i.xtbl
2015-03-03 18:55 - 2015-02-03 15:48 - 00270352 _____ () C:\Users\Leonid\Downloads\fiso108Co0Pv5U+ao6E6sL3E16NUpzAO1M0Lj4NnX+A=.xtbl
2015-03-03 18:55 - 2015-02-03 14:11 - 00383232 _____ () C:\Users\Leonid\Downloads\u4Da4-pQ26vWRBOOVs8ih8nhbFLVhN1nbio6--kjv2GiBfctxJBX+jxcP08dEfDn2T4VoC-eCJkWjWHUbbcAONHeiEO7jvcvDLXzvS-s+RL7+f96o+42xZos36z9nou+Y-gNvrw0B-tuQdXLtdfx2mAJb6whxE0yEWgEHUsDlrpsBYRkRk3tsDdTUXCXV740.xtbl
2015-03-03 18:55 - 2015-02-02 07:55 - 00002128 _____ () C:\Users\Leonid\Downloads\8-CtMeoVeHS2Ebt0k4cr8sCSE-fnLc7nUtWb-+NQhLE=.xtbl
2015-03-03 18:55 - 2015-01-23 21:50 - 00056704 _____ () C:\Users\Leonid\Downloads\TnkzXCrlsIW-t9ci187PhYfUkT6MplDryLEYq+JOX2+jNMXGgql8Y3jxA+WmwMF6eKk0XxkplgK94htyAcb+XQ==.xtbl
2015-03-03 18:55 - 2015-01-12 10:09 - 00253952 _____ () C:\Users\Leonid\Downloads\9oD0JvLzNeK+p6F1S-XOxzH2eXBZRbxBIF2jVa7JoMpMFmdIA7f24SZuhhICzvC8hNjhcHrUDXbL03ARQ-v-h5kIojyfN25GzZQPxZt5c88=.xtbl
2015-03-03 18:55 - 2014-11-12 10:45 - 00084352 _____ () C:\Users\Leonid\Downloads\ysxmeWBzgPi3zmst-gpPEHu-to4vYUK18kwN4ZlJ-Lg=.xtbl
2015-03-03 18:55 - 2014-09-27 18:56 - 10083280 _____ () C:\Users\Leonid\Downloads\UgMaX5DQgt9q0c6-B04EVDyjnQHrWqFC8665f1ldyUI=.xtbl
2015-03-03 18:55 - 2014-09-27 18:55 - 09482048 _____ () C:\Users\Leonid\Downloads\atQ1AZRRq2nE+ksN0j-ugcK8+XJBAwPvk-qOSlLJJSs=.xtbl
2015-03-03 18:55 - 2014-09-17 18:49 - 20967200 _____ () C:\Users\Leonid\Downloads\Mihail_Kazinik_Taynye_znaki_kul_tury_23_01_11_radio_Serebryanyy_dozhd__-_dlya_skripki_s_orkestrom_sol__minor_Maksa_Bruha_Gost__Boris_Kazinik_syn_s_rasskazom_o_shvedskom_genii_ogane_Hel_mishe_Ro_mane_Johan_Helmich_Ro_ma.mp3.ytbl
2015-03-03 18:55 - 2014-04-01 13:52 - 00133424 _____ () C:\Users\Leonid\Downloads\rOqWHM3f54SUaSu4k+dPpMS92e9nrl3PkgFzt0N+rWZKKhiNZEH5c01T5V01CrXmmyORmWryWlb8QxWwtqX9RKmAz7BbDNihtWpfxrcDC9Q=.xtbl
2015-03-03 18:55 - 2014-02-26 11:05 - 00427392 _____ () C:\Users\Leonid\Downloads\FDfgpxdV4SUfBnnpd5QaaUn9VNJ9r8rhKkgfmqXdI1E=.xtbl
2015-03-03 18:55 - 2013-12-20 10:33 - 07084416 _____ () C:\Users\Leonid\Downloads\05Y4+a+aFdahirwcbf8TauX5FGDKa38G1TvA+lAJofIcSCvSCRexm60quu24xaTy0KKkTRYW6mMQ96RGkVfcKA==.xtbl
2015-03-03 18:55 - 2013-08-08 19:54 - 229891040 _____ () C:\Users\Leonid\Downloads\veL4mt2DSKruzHyWeagwyNCcx0o2mIuUe7ziiH3OMhISWeh8kMQeWA9cPZLtnpHPhaUwQ0v40171BDzrkC0bPkeT3B7r3cj6+JegjXq0SyX3fUoFAc-3WGr66EOc9aPU.xtbl
2015-03-03 18:55 - 2013-05-04 12:43 - 00000000 ____D () C:\Users\Leonid\Documents\Balabolka
2015-03-03 18:55 - 2013-01-06 19:09 - 00046448 _____ () C:\Users\Leonid\Downloads\d7mOyNR14X31beQiK6qdBhExnvD-dyWP4QWk76cTCc8I3QamdIfumnfG60oVyb10yxWM07OOa+uah-7QnccWiw==.xtbl
2015-03-03 18:54 - 2015-01-06 18:59 - 00007760 _____ () C:\Users\Leonid\Downloads\9yS+dgcAp7FcuNZW0yp00EMi-60GYAGNRRImS421uqqb1K6ZO1O7wXrA-qPT9ARf8IsPzqXhXQj1XMvciNzuxREj5ciKkQttWtsCSxcTkxI=.xtbl
2015-03-03 18:54 - 2014-02-11 12:48 - 00068480 _____ () C:\Users\Leonid\Downloads\kfayGDf2o7Yd3OkN0ztFF0k0BR47NWrBobQ6weHc5qJ-CuHJm+uUyK3ptNUtX03j+CDQ0diEMs0+4EYvM6k4TGs847P5CtJWb0M009XQrhb6SHFF2fLpUNijExEficVI.xtbl
2015-03-03 18:54 - 2013-01-06 19:11 - 00036736 _____ () C:\Users\Leonid\Downloads\uJjRKmvEHFl-vefklJcB+FyPtQBVQ2TzddXt9dPgm0V+FL1oFu5ANDu-DhsFOpGWBVb75x30QdON5MxNOFrI2w==.xtbl
2015-03-03 18:54 - 2011-07-25 13:54 - 00000000 ____D () C:\Users\Leonid\Downloads\Сверхобучение и творчество по методу КЛЮЧ
2015-03-03 18:31 - 2013-08-18 11:43 - 00000000 ___RD () C:\Users\Leonid\YandexDisk-rosi.rosi
2015-03-03 18:16 - 2012-12-17 12:16 - 00000000 ____D () C:\Users\Все пользователи\AMMYY
2015-03-03 18:16 - 2012-12-17 12:16 - 00000000 ____D () C:\ProgramData\AMMYY
2015-03-03 18:16 - 2012-03-12 17:56 - 00003504 _____ () C:\Users\Все пользователи\iSkkNtB+k5qGprzw3TPpQwP2LsNni7IrTaVlOh5+S4U=.xtbl
2015-03-03 18:16 - 2012-03-12 17:56 - 00003504 _____ () C:\ProgramData\iSkkNtB+k5qGprzw3TPpQwP2LsNni7IrTaVlOh5+S4U=.xtbl
2015-03-03 18:16 - 2011-04-22 23:43 - 00000000 ____D () C:\Users\Все пользователи\Active Protection System
2015-03-03 18:16 - 2011-04-22 23:43 - 00000000 ____D () C:\ProgramData\Active Protection System
2015-03-03 18:16 - 2011-04-22 23:21 - 00000000 ____D () C:\Users\Все пользователи\EgisTec IPS
2015-03-03 18:16 - 2011-04-22 23:21 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2015-03-03 18:15 - 2012-04-02 19:17 - 00000000 ____D () C:\VueScan
2015-03-03 16:18 - 2011-04-22 22:47 - 00000000 ____D () C:\Users\Leonid\AppData\Local\VirtualStore
2015-03-02 12:08 - 2014-04-23 10:15 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Amigo
2015-03-01 22:01 - 2011-05-23 10:33 - 00000051 _____ () C:\Users\Leonid\AppData\Roaming\default.pls
2015-03-01 20:09 - 2014-07-26 15:28 - 00002283 _____ () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk
2015-03-01 20:09 - 2014-07-26 15:28 - 00002283 _____ () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk
2015-03-01 20:09 - 2014-07-26 15:28 - 00002258 _____ () C:\Users\Leonid\Desktop\Вконтакте.lnk
2015-03-01 20:09 - 2014-04-23 10:15 - 00002246 _____ () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Амиго.lnk
2015-03-01 20:09 - 2014-04-23 10:15 - 00002221 _____ () C:\Users\Leonid\Desktop\Амиго.lnk
2015-03-01 20:09 - 2013-10-11 14:38 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Mail.Ru
2015-03-01 20:07 - 2010-11-21 07:30 - 00724930 _____ () C:\Windows\system32\perfh019.dat
2015-03-01 20:07 - 2010-11-21 07:30 - 00151214 _____ () C:\Windows\system32\perfc019.dat
2015-03-01 20:07 - 2010-11-21 02:01 - 01649802 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-27 09:32 - 2011-05-05 14:07 - 00005642 ___SH () C:\Users\Все пользователи\KGyGaAvL.sys
2015-02-27 09:32 - 2011-05-05 14:07 - 00005642 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-02-27 09:32 - 2011-05-05 14:07 - 00000168 __RSH () C:\Users\Все пользователи\7013929A08.sys
2015-02-27 09:32 - 2011-05-05 14:07 - 00000168 __RSH () C:\ProgramData\7013929A08.sys
2015-02-22 07:17 - 2013-10-25 14:57 - 00000000 ____D () C:\Users\Все пользователи\Guard.Mail.Ru
2015-02-22 07:17 - 2013-10-25 14:57 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru
2015-02-20 10:13 - 2015-01-28 10:08 - 00000000 ____D () C:\Users\Неуймина\Desktop\Обмен
2015-02-15 14:41 - 2014-04-23 10:15 - 00000000 ____D () C:\Users\Leonid\AppData\Local\MailRu
2015-02-09 17:57 - 2011-06-18 16:28 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Yandex
2015-02-09 15:27 - 2014-12-17 10:08 - 00069048 _____ () C:\Users\Неуймина\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-06 19:16 - 2011-04-22 23:14 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-06 19:04 - 2011-05-10 07:31 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-02-06 19:04 - 2011-05-10 07:31 - 00000000 ____D () C:\Program Files\Common Files\Teleca Shared
2015-02-06 19:00 - 2012-11-14 12:57 - 00000000 ____D () C:\Users\Leonid\AppData\Local\AETP
2015-02-06 09:26 - 2015-01-06 19:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 09:26 - 2011-05-19 10:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-03-03 19:06 - 2015-03-03 19:06 - 3148854 _____ () C:\Users\Leonid\AppData\Roaming\8CD78B8D8CD78B8D.bmp
2011-05-23 10:33 - 2015-03-01 22:01 - 0000051 _____ () C:\Users\Leonid\AppData\Roaming\default.pls
2015-03-05 20:41 - 2015-03-05 20:41 - 0007168 ___SH () C:\Users\Leonid\AppData\Roaming\Thumbs.db
2011-06-17 22:50 - 2011-06-17 22:50 - 0033134 _____ () C:\Users\Leonid\AppData\Roaming\UserTile.png
2011-05-05 14:44 - 2015-03-03 19:03 - 0003968 _____ () C:\Users\Leonid\AppData\Local\D34zm0trtLNSsOt-kmsAHdhzVk5kKYs+Q4TTS+P7NyaTYrTNmgDfq35NlA7KN3Sp5zrt4Ruv2pXOMYYKyEEL75Dn5uSotsp4HVWC21VMGy4=.xtbl
2012-12-17 16:08 - 2015-03-03 19:03 - 4571808 ____H () C:\Users\Leonid\AppData\Local\mFMT3pttuY8bNJLQ+hZ0zdW9vJwQ8zEIxe1Lnz5DlqY=.xtbl
2011-04-22 23:19 - 2015-03-03 19:03 - 0069440 _____ () C:\Users\Leonid\AppData\Local\Y2JWQFTP1sJDnoAB924dXJDPvVGPHj2B4XvtEBrYtAbDncPbgB+3VW55+0i8WS0q.xtbl
2011-05-05 14:07 - 2015-02-27 09:32 - 0000168 __RSH () C:\ProgramData\7013929A08.sys
2012-03-12 17:56 - 2012-05-04 13:56 - 0003114 _____ () C:\ProgramData\hpzinstall.log
2012-03-12 17:56 - 2015-03-03 18:16 - 0003504 _____ () C:\ProgramData\iSkkNtB+k5qGprzw3TPpQwP2LsNni7IrTaVlOh5+S4U=.xtbl
2011-05-05 14:07 - 2015-02-27 09:32 - 0005642 ___SH () C:\ProgramData\KGyGaAvL.sys
2012-03-12 17:56 - 2015-03-03 19:03 - 0003504 _____ () C:\ProgramData\opYbcl0Y5JSGqmJsy4hKzj8BuGuhvtGGWS3tpdyRDo0=.xtbl
 
Some content of TEMP:
====================
C:\Users\Leonid\AppData\Local\Temp\amigo_setup.exe
C:\Users\Leonid\AppData\Local\Temp\haspdinst_x64.exe
C:\Users\Leonid\AppData\Local\Temp\haspds_windows.dll
C:\Users\Leonid\AppData\Local\Temp\hasp_windows.dll
C:\Users\Leonid\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Leonid\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Leonid\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Leonid\AppData\Local\Temp\ose00000.exe
C:\Users\Leonid\AppData\Local\Temp\RUpdate.exe
C:\Users\Leonid\AppData\Local\Temp\sender.exe
C:\Users\Leonid\AppData\Local\Temp\Setup-internet.exe
C:\Users\Leonid\AppData\Local\Temp\Setup-praetorian.exe
C:\Users\Leonid\AppData\Local\Temp\Setup-yabrowser.exe
C:\Users\Leonid\AppData\Local\Temp\utt3EF9.tmp.exe
C:\Users\Leonid\AppData\Local\Temp\utt4937.tmp.exe
C:\Users\Leonid\AppData\Local\Temp\yandex-downloader.exe
C:\Users\Leonid\AppData\Local\Temp\YandexPackSetup.exe
C:\Users\Leonid\AppData\Local\Temp\yupdate-exec-praetorian.exe
C:\Users\Leonid\AppData\Local\Temp\yupdate-exec-yabrowser.exe
C:\Users\Leonid\AppData\Local\Temp\yupdate-executor-internet.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
„ЁбЇҐвзҐа § Јаг§ЄЁ Windows
--------------------
Ё¤Ґ­вЁдЁЄ в®а           {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  ru-RU
inherit                 {globalsettings}
default                 {current}
resumeobject            {433cda2a-2670-11e0-88a7-d106067d3e34}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
‡ Јаг§Є  Windows
-------------------
Ё¤Ґ­вЁдЁЄ в®а           {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  ru-RU
inherit                 {bootloadersettings}
recoverysequence        {433cda2c-2670-11e0-88a7-d106067d3e34}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {433cda2a-2670-11e0-88a7-d106067d3e34}
nx                      OptIn
 
‡ Јаг§Є  Windows
-------------------
Ё¤Ґ­вЁдЁЄ в®а           {433cda2c-2670-11e0-88a7-d106067d3e34}
 
‚л室 Ё§ ०Ё¬  ЈЁЎҐа­ жЁЁ
--------------------------
Ё¤Ґ­вЁдЁЄ в®а           {433cda2a-2670-11e0-88a7-d106067d3e34}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  ru-RU
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Џа®ўҐаЄ  Ї ¬пвЁ Windows
---------------------
Ё¤Ґ­вЁдЁЄ в®а           {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             „Ё Ј­®бвЁЄ  Ї ¬пвЁ
locale                  ru-RU
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Џ а ¬Ґвал EMS
-------------
Ё¤Ґ­вЁдЁЄ в®а           {emssettings}
bootems                 Yes
 
Џ а ¬Ґвал ®в« ¤зЁЄ 
-------------------
Ё¤Ґ­вЁдЁЄ в®а           {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
„ҐдҐЄвл Ћ‡“
-----------
Ё¤Ґ­вЁдЁЄ в®а           {badmemory}
 
ѓ«®Ў «м­лҐ Ї а ¬Ґвал
--------------------
Ё¤Ґ­вЁдЁЄ в®а           {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Џ а ¬Ґвал § Јаг§зЁЄ 
--------------------
Ё¤Ґ­вЁдЁЄ в®а           {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Џ а ¬Ґвал ЈЁЇҐаўЁ§®а 
-------------------
Ё¤Ґ­вЁдЁЄ в®а           {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Џ а ¬Ґвал § Јаг§зЁЄ  ў®ббв ­®ў«Ґ­Ёп
-----------------------------------
Ё¤Ґ­вЁдЁЄ в®а           {resumeloadersettings}
inherit                 {globalsettings}
 
Џ а ¬Ґвал гбва®©бвў
-------------------
Ё¤Ґ­вЁдЁЄ в®а           {433cda2d-2670-11e0-88a7-d106067d3e34}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\433cda2c-2670-11e0-88a7-d106067d3e34\boot.sdi
 
 
 
LastRegBack: 2015-03-05 13:32
 
==================== End Of Log ============================

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Leonid at 2015-03-07 18:28:13
Running from C:\Users\Leonid\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 3.0.0 - )
µTorrent (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
1C:Предприятие 8.2 (8.2.19.83) (HKLM\...\{2300F5DE-9566-42F1-ACFA-F0F74B94CE92}) (Version: 8.2.19.83 - 1C)
2ГИС 3.14.12.0 (HKLM\...\{35BB34B4-7A04-489A-94A4-0CE15607A2E0}) (Version: 3.14.12.0 - ООО "ДубльГИС")
ABBYY FineReader 9.0 Professional Edition (HKLM\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.662.5581 - ABBYY)
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acapela multimedia Russian (255 channels) (HKLM\...\{0ACD6BC8-0568-4286-86A2-D337F371D42B}) (Version: 5.1. - Acapela)
Acronis Disk Director Suite (HKLM\...\{2300EE96-0A41-4FAB-BD03-989EC44577A0}) (Version: 10.0.2161 - Acronis)
Active Protection System (HKLM\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.10 - Lenovo)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Balabolka (HKLM\...\Balabolka) (Version: 2.7.0.545 - Ilya Morozov)
BioExcess (HKLM\...\InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}) (Version: 6.0.48.177 - Egis Technology Inc.)
BioExcess (Version: 6.0.48.177 - Egis Technology Inc.) Hidden
Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
CheckXML (HKLM\...\CheckXML) (Version:  - )
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (Version: 1.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)
DjVu Editor (HKLM\...\{4396BE64-7A77-4A64-8E0A-575B71F849D2}) (Version:  - )
Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 5.3.1.9 - Lenovo)
ESET NOD32 Antivirus (HKLM\...\{FCB6793C-E0BC-46F1-B624-4B141A36DA0B}) (Version: 4.2.71.3 - ESET, spol. s r.o.)
ETDWare PS/2-x86 7.0.4.17_WHQL (HKLM\...\Elantech) (Version: 7.0.4.17 - ELAN Microelectronics Corp.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Guard@Mail.Ru (HKLM\...\Guard.Mail.ru) (Version: 1.0.0.596 - Mail.ru) <==== ATTENTION
Hijack Hunter 1.8.4.1 (HKLM\...\{616A9B24-448B-4DF3-926A-C4141FCD692C}_is1) (Version:  - NoVirusThanks Company Srl)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
hppLaserJetService (Version: 001.003.000145 - Hewlett-Packard) Hidden
hppM1130M1210SeriesLaserJetService (Version: 001.003.00073 - Hewlett-Packard) Hidden
hppusgM1130M1210Series (Version: 1.0.0.2 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Infovox Desktop 2.2 (HKLM\...\{52C32940-C538-40CF-8DE9-B91090F49938}) (Version: 2.20.0003 - Acapela Group)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
K-Lite Mega Codec Pack 7.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.10.0510.01 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
Lenovo Security Suite (HKLM\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.10.0 - Lenovo)
Lenovo Security Suite (Version: 2.0.10.0 - Lenovo) Hidden
Lenovo_Wireless_Driver (HKLM\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MediaGet (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\MediaGet) (Version:  - Media Get LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Обновление (KB963678) (HKLM\...\{90120000-0016-0419-0000-0000000FF1CE}_STANDARD_{420938DB-BF97-4664-BE29-0C68B4802C00}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help Обновление (KB963677) (HKLM\...\{90120000-001A-0419-0000-0000000FF1CE}_STANDARD_{E9D6C0F9-9879-4FC4-8E13-BF0D3953E0E6}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Обновление (KB963669) (HKLM\...\{90120000-0018-0419-0000-0000000FF1CE}_STANDARD_{BD1C2AC7-63F3-4C75-8B44-DE3D700B3BC8}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Обновление (KB963665) (HKLM\...\{90120000-001B-0419-0000-0000000FF1CE}_STANDARD_{D3A002FB-0F62-4840-80AD-2D2C63F83449}) (Version:  - Microsoft)
Microsoft Office Стандартный 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mirror Text (HKLM\...\{100FEC3D-4C55-475D-91A3-662BA193606D}) (Version: 1.04.0000 - Intellect Technology)
Mozilla Firefox 34.0.5 (x86 ru) (HKLM\...\Mozilla Firefox 34.0.5 (x86 ru)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Ultra Edition HD (HKLM\...\{C9FFC925-E27E-436E-A2DF-652324D51049}) (Version: 8.3.630 - Nero AG)
Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
PDF-XChange 4 Pro (HKLM\...\{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1) (Version: 4.193.193.0 - Tracker Software Products Ltd)
Port Locker (HKLM\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.20 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.20 - Egis Technology Inc.) Hidden
PsvRSV (HKLM\...\PsvRSV) (Version:  - )
QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
RtLED (HKLM\...\{601E38D5-2CF0-4566-94D6-BDA9DE092412}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Rutoken Drivers (HKLM\...\{D76407DB-79C5-4FF9-986B-3E58CCD133E4}) (Version: 2.86.00.0460 - Aktiv Co.)
SAPI (HKLM\...\{A2CA2E0F-2DA3-4DA5-AD26-15355FD612A8}) (Version: 1.0.0.0 - Qualilife)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
VueScan (HKLM\...\VueScan) (Version:  - )
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
winpcap-nmap 4.02 (HKLM\...\winpcap-nmap) (Version:  - )
WinRAR 4.00 (32-разрядная) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Yandex (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\YandexBrowser) (Version: 38.0.2125.10034 - YANDEX)
Zona (HKLM\...\Zona) (Version:  - Zona Team)
Zona (HKLM\...\Zona)) (Version:  - )
Амиго (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Amigo) (Version: 32.0.1709.125 - Mail.Ru)
Данные 2ГИС г.Екатеринбург 01.03.2015 (HKLM\...\{B9901280-9C85-4439-9C7A-538A8E510647}) (Version: 111.0.0 - ООО "ДубльГИС")
КриптоПро CSP (HKLM\...\{54A08450-B343-40B0-924E-68F031450996}) (Version: 3.6.7092 - Компания Крипто-Про)
Пакет драйверов Windows - Intel (NETw5s32) net  (01/13/2010 13.1.1.1) (HKLM\...\BF9685FCA47380EEA569663AFC8DB44853DFDF39) (Version: 01/13/2010 13.1.1.1 - Intel)
Пакет драйверов Windows - Intel (NETw5v32) net  (01/13/2010 13.1.1.1) (HKLM\...\ED20E390B66C5BD927E7DAE7FB3AA2A355B96933) (Version: 01/13/2010 13.1.1.1 - Intel)
ПО Intel® PROSet/Wireless WiMAX (HKLM\...\{FAE224AF-B15E-448B-88FA-1839A7570CF8}) (Version: 2.00.0011 - Корпорация Intel)
Служба автоматического обновления программ (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\MailRuUpdater) (Version:  - Mail.Ru)
Спутник@Mail.Ru (HKLM\...\MailRuSputnik) (Version: 2.4.1.288 - Mail.Ru)
Элементы Яндекса 7.2 для Internet Explorer (HKLM\...\{EE24665C-844A-4489-9F11-70E41F4EE476}) (Version: 7.2.5.3111 - Яндекс)
Яндекс.Бар 4.3 для Internet Explorer (uTorrent) (HKLM\...\{093E45A5-8AC4-4FF5-B4A6-A8811F755067}) (Version: 4.3.3.1044 - Яндекс)
Яндекс.Диск (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\YandexDisk) (Version: 1.3.3.4693 - Яндекс)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{1FE40EA0-BCD0-4235-B5F1-72123E3BA724}\localserver32 -> D:\Program Files\2gis\3.0\grym.exe (ООО ДубльГИС)
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\yupdate-executor.exe (Yandex LLC)
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{2D6BD2F0-5F84-4a06-924F-AEE0598B6272}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{31AF8DFB-7F85-4896-9640-1C4FFE14B29E}\InprocServer32 -> D:\Program Files\2gis\3.0\Plugins\DGisLayer.dll (ООО ДубльГИС)
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{33A431BB-FF15-4047-8FEC-F82FD3523A00}\localserver32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe ()
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\yupdate-ctrl.exe (Yandex LLC)
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{60940425-4085-4f11-ab34-b9dacd636f4b}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{680849bc-b86d-4669-9219-ad9ac13e4ddc}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{6a8f8752-e2ec-485d-8e46-b2509f668d26}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Leonid\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{6da75278-e916-4a18-934f-1d90b2cebabd}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{7b7c1f93-8199-4da7-88eb-e25a222c7a15}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{8D8070D2-90D3-11D1-8D6A-000021362840}\InprocServer32 -> C:\Program Files\Elan\ettsengine.dll (Acapela Group)
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{949CDFC6-2A52-4C27-A0A2-F87EF62D5536}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe (Yandex LLC)
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{97C64D6B-4F2E-4eba-8272-21780A562176}\InprocServer32 -> C:\Program Files\Elan\ettsengines5.dll (Acapela Group)
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{9ee0a337-0726-4400-95e8-77e893ec681c}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\Leonid\AppData\Local\Yandex\YandexBrowser\Application\25.0.1364.22194\delegate_execute.exe (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}\localserver32 -> C:\Users\Leonid\AppData\Local\Amigo\Application\32.0.1709.125\delegate_execute.exe (LLC Mail.Ru)
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{a70b6806-f2e5-44a5-abb2-14a63cedf752}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{acad8a98-286a-420b-9fa3-02c0593917c9}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{B678B13A-3480-CBFC-2537-E4C74697808C}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{c127373e-5025-4630-a5be-23c4d86ac559}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\yupdate-executor.exe (Yandex LLC)
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{E36606FE-036A-4dd0-ABA9-A58F409803F0}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{e7727e52-306a-4026-a1f3-0a67008f443d}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:04 - 2009-06-11 02:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00AB1FAE-FC19-4A1E-A615-59B09E85BE00} - System32\Tasks\{DC3E2CDA-B2DB-46BF-ABB0-BF08EE341FB5} => pcalua.exe -a "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ\idwkladr.exe" -d "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ"
Task: {05B1AA42-411F-4652-9128-2C64661A20B6} - System32\Tasks\{981DA40B-0984-4EA7-9A2F-2E8D57F88532} => c:\users\leonid\appdata\local\amigo\application\amigo.exe
Task: {17964070-D37F-4D5D-9740-51E4A9FBF679} - \{B59D6F5B-B091-4338-8828-49966CD6796E} No Task File <==== ATTENTION
Task: {21FD47E2-2423-4F3D-A9E6-5A831DB96921} - System32\Tasks\{4097B275-D432-4E0C-9D1F-457BB90A8A9D} => pcalua.exe -a "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ\idw4281.exe" -d "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ"
Task: {22076E58-EA31-4EE8-88DC-A6E91FC11296} - \{F3D9D83D-8F37-4D1A-8668-DE5B20C38818} No Task File <==== ATTENTION
Task: {349497A4-FA66-49BF-8BA1-F7E8FA6EC0AD} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {4D0FD412-E894-47FE-B881-99150DEC296C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {5768F495-927A-4F49-A2D2-435488EBF490} - System32\Tasks\{59A615CB-C519-456B-AE8A-BDB13FB03692} => C:\Program Files\Opera\Opera.exe [2013-04-07] (Opera Software)
Task: {6B022EF6-B365-4E0F-AF46-3BD68838B7B9} - System32\Tasks\{7A6EC96D-CDCE-40B4-A30C-91D904BD6451} => C:\Program Files\Opera\Opera.exe [2013-04-07] (Opera Software)
Task: {8C5BBF7F-BB20-4C2C-A058-03DA3FB4B8BB} - System32\Tasks\{3F7E3A8D-BCF4-496D-BA75-A6BE41D6BF21} => pcalua.exe -a E:\start.exe -d E:\
Task: {8D72258C-8794-4129-B1C8-9BFBA9FF5922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)
Task: {987C045C-08BF-4CE3-BB39-8660CEED6F54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {C1BC358B-58CE-4ADA-ADDF-5BC03E586A59} - System32\Tasks\{676E9BC4-CBFB-457F-AF76-7A157A3F1199} => c:\users\leonid\appdata\local\amigo\application\amigo.exe
Task: {C76EC6A0-F6BF-4C08-9F33-A47B105045D5} - System32\Tasks\{2CE2FB74-AAB9-4659-B7AD-16FADEA82718} => c:\program files\opera\opera.exe [2013-04-07] (Opera Software)
Task: {D0693F6E-D0F5-477D-8219-6CDE61B29833} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.))
Task: {D69BF2FA-0A11-4789-A766-9AF1521A36B9} - System32\Tasks\{7E1343EF-5FAB-48C9-8946-8D733177BF61} => pcalua.exe -a "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ\idw428.exe" -d "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ"
Task: {E642B6AC-3FE0-45AC-9257-A5917907770D} - \{2AC34700-C24B-4147-8127-BAEED47B8132} No Task File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-02-20 09:32 - 2012-09-29 12:24 - 00167936 ____N () C:\Windows\System32\HPM1210LM.DLL
2013-02-20 09:33 - 2012-09-29 12:24 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HPM1210PP.dll
2013-10-11 14:39 - 2015-02-22 07:17 - 04053736 _____ () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
2009-10-15 10:13 - 2009-10-15 10:13 - 00061440 _____ () C:\Program Files\HP\HPLaserJetService\HPTools.dll
2009-10-15 10:13 - 2009-10-15 10:13 - 00964096 _____ () C:\Program Files\HP\HPLaserJetService\LEDMXMLObjects.dll
2012-12-24 05:53 - 2012-12-24 05:53 - 00081920 _____ () C:\Windows\system32\mvusbews.DLL
2013-06-08 21:48 - 2013-06-04 15:49 - 01276704 _____ () C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
2014-09-11 20:46 - 2014-08-28 01:27 - 00923936 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll
2011-04-23 00:04 - 2011-03-02 11:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2011-04-22 23:21 - 2008-12-20 02:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2011-04-22 23:21 - 2008-12-20 02:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2014-11-28 12:44 - 2015-02-09 22:28 - 17410336 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe
2014-11-28 12:44 - 2015-02-09 22:28 - 00236968 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\libpng14-14.dll
2014-11-28 12:44 - 2015-02-09 22:28 - 00106784 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\zlib1.dll
2014-11-28 12:44 - 2015-02-09 22:28 - 00168224 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe
2013-09-25 20:57 - 2015-02-09 22:28 - 00354592 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskHooks-3998.dll
2010-05-10 15:36 - 2010-05-10 15:36 - 00655360 _____ () C:\Windows\system32\vmprp332.ax
2015-02-20 07:58 - 2015-02-18 03:44 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 07:58 - 2015-02-18 03:44 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 07:58 - 2015-02-18 03:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38955643.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\B46530BE.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38955643.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\B46530BE.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: PLTSR => "C:\Program Files\EgisTec Port Locker\EgisPLTSR.exe"
MSCONFIG\startupreg: SkyMonk => C:\Program Files\SkyMonk\SkyMonk.exe -tray
MSCONFIG\startupreg: VitaKeyTSR => "C:\Program Files\EgisTec BioExcess\EgisTSR.exe"
 
==================== Accounts: =============================
 
HomeGroupUser$ (S-1-5-21-3904404758-3084505066-3444409724-1002 - Limited - Enabled)
Leonid (S-1-5-21-3904404758-3084505066-3444409724-1000 - Administrator - Enabled) => C:\Users\Leonid
Администратор (S-1-5-21-3904404758-3084505066-3444409724-500 - Administrator - Disabled)
Гость (S-1-5-21-3904404758-3084505066-3444409724-501 - Limited - Enabled)
Неуймина (S-1-5-21-3904404758-3084505066-3444409724-1003 - Administrator - Enabled) => C:\Users\Неуймина
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/07/2015 09:43:38 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Описание = Запланированная контрольная точка; HR = 0x80070422).
 
Error: (03/07/2015 09:43:27 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Описание = Запланированная контрольная точка; HR = 0x80070422).
 
Error: (03/07/2015 09:38:37 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"".
Используйте sxstrace.exe для подробной диагностики.
 
Error: (03/07/2015 09:37:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"".
Используйте sxstrace.exe для подробной диагностики.
 
Error: (03/07/2015 09:37:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"".
Используйте sxstrace.exe для подробной диагностики.
 
Error: (03/07/2015 09:13:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/06/2015 06:48:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/05/2015 09:10:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/05/2015 03:45:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Описание = Запланированная контрольная точка; HR = 0x80070422).
 
Error: (03/05/2015 03:40:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"".
Используйте sxstrace.exe для подробной диагностики.
 
 
System errors:
=============
Error: (03/07/2015 09:13:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "DgiVecp" из-за ошибки 
%%20
 
Error: (03/06/2015 07:03:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании ответа транзакции от службы "UxSms".
 
Error: (03/06/2015 07:03:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании ответа транзакции от службы "UmRdpService".
 
Error: (03/06/2015 07:15:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Служба регистрации ошибок Windows".
 
Error: (03/06/2015 07:05:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Служба регистрации ошибок Windows".
 
Error: (03/06/2015 06:48:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "DgiVecp" из-за ошибки 
%%20
 
Error: (03/05/2015 09:10:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "DgiVecp" из-за ошибки 
%%20
 
Error: (03/05/2015 09:07:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (03/05/2015 11:40:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "DgiVecp" из-за ошибки 
%%20
 
Error: (03/04/2015 03:55:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "DgiVecp" из-за ошибки 
%%20
 
 
Microsoft Office Sessions:
=========================
Error: (12/13/2013 05:22:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 32779 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error: (11/27/2012 06:52:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 22229 seconds with 4920 seconds of active time.  This session ended with a crash.
 
Error: (09/06/2012 09:31:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2148 seconds with 1320 seconds of active time.  This session ended with a crash.
 
Error: (07/09/2012 03:32:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29315 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error: (04/24/2012 00:45:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18340 seconds with 10320 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-25 08:42:07.874
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-25 08:42:07.570
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mp3fhg.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-25 08:42:07.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-25 08:42:07.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 18:28:26.024
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 18:28:25.859
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mp3fhg.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 18:28:25.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 18:28:25.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 14:31:31.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-24 14:31:31.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mp3fhg.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 65%
Total physical RAM: 1844.51 MB
Available physical RAM: 644.16 MB
Total Pagefile: 3689.02 MB
Available Pagefile: 1159.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:82.79 GB) (Free:12.42 GB) NTFS
Drive d: () (Fixed) (Total:150 GB) (Free:18.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=82.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=150 GB) - (Type=05)
 
==================== End Of Log ============================

 

 


Что делать дальше? Возможно ли расшифровать файлы, зашифрованные вирусом?  Смогу ли я пользоваться моими файлами?

Ссылка на комментарий
Поделиться на другие сайты
Roman_Five

Roman_Five

Опубликовано
Опубликовано

 

 


Возможно ли расшифровать файлы, зашифрованные вирусом?  

1) восстановить из бекапа
2) заплатить (не факт)

логи под спойлер не надо.
просто прикрепите.
Ссылка на комментарий
Поделиться на другие сайты

Пожалуйста, войдите, чтобы комментировать

Вы сможете оставить комментарий после входа в



Войти
 Поделиться
Перейти к списку тем

  • Похожий контент

    • niktnt
      Зашифрованы BitLocker не системные диски
      Автор niktnt
      Добрый день.
      Шифровальщик загрузился на сервер из ремоут десктоп менеджера и на всем куда смог попасть зашифровал все диски кроме с:\.
      На предположительном компьютере-источнике зашифрован и диск C:\
      Файлы о выкупе продолжают создаваться при старте системы.
      Addition.txt FRST.txt virus_bitlocker.zip
    • Бебра
      Как перенести файлы с одного диска на другой?
      Автор Бебра
      У меня есть несистемный HDD, он почти перестал работать, я попробовал перенести файлы с него на новый SSD при помощи HDD Raw Copy Tool, предварительно введя ПК в безопасный режим, но теперь многие данные на SSD повреждены и выдают «ошибка файловой системы», HDD ещё читается, но очень тормозит.
    • Александр КС
      Зашифровались файлы на компе и на сетевом диске.
      Автор Александр КС
      Здравствуйте. Столкнулись с шифровальщиком. 1 компьютер остался включенным на майские праздники. Судя по дате изменения файлов 4 дня зашифровывались файлы и он перекинулся на сетевой диск. 5 мая утром он начал шифровать файлы и на других компьютерах, после их включения. После отключения 1 компьютера от сети шифрование по сети остановилось. Антивирус увидел, что файл morgan.exe начал менять уже .exe файлы и был удален. Был отформатирован диск С и установлена новая windows. Но тысячи файлов остались зашифрованными. Логи, зараженные файлы и записку от злоумышленника прилагаю.
      Зашифрованные файлы и записка.rar Addition.txt FRST.txt
    • alexchernobylov
      Зашифровали диски на уровне разделов
      Автор alexchernobylov
      Добрый день.
      Windows Server 2019
      Зашифрованы целые раздел с системой. Файловая система RAW. При включении появляется окно ввести пароль. Диски как будто зашифрованы BitLocker-ом.
      Один сервер скорее всего пробили по RDP, а второй сервер был без доступа по RDP и в другом домене (но на нем была виртуальная машина с RDP).
      Написал в телеграмм - просят 5000 долларов за восстановление 2 гипервизоров.
      Они спросили имя домена, серверов или их айпишники.
      Доступа к диску нет и файлы никакие не получить.
      Подскажите, пожалуйста, как справиться с данной заразой.


    • sss28.05.2025
      Зашифрованы BitLocker не системные диски/
      Автор sss28.05.2025
      Добрый день.
      Зловред залетел моментом на многие сервера по спику из ремоут десктоп менеджера и на всем куда смог попасть зашифровал все диски кроме с:\
      вложил файл PLEASE READ.txt PLEASE READ_пароль_1111.7z на рабочий стол пользователя под которым попал на сервер.
      На одном из серверов удалось поймать файл в C:\Users\%username%\Documents\vc.txtvc_пароль_1111.7z
      Пособирал файлики которые менялись на компе в момент атаки - может чем-то поможет для анализа_файлы которые изменились в момент доступа_злодея_пароль_1111.7z
       
       
       
      PLEASE READ_пароль_1111.7z
×
×
  • Создать...