Леонид Сокольский 0 Опубликовано 4 марта, 2015 Share Опубликовано 4 марта, 2015 Все текстовые файлы, файлы "Ворд" и "Эксель" на ПК поменяли свое название и расширение. Выполнил первые 3 пункта "Порядка оформления запроса о помощи". Что делать дальше? На ПК большинство файлов связаны с работой. Как открыть зашифрованные файлы? CollectionLog-2015.03.04-21.11.zip Цитата Ссылка на сообщение Поделиться на другие сайты
thyrex 1 462 Опубликовано 4 марта, 2015 Share Опубликовано 4 марта, 2015 Выполните скрипт в AVZ begin ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.'); ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); if not IsWOW64 then begin SearchRootkit(true, true); SetAVZGuardStatus(True); end; TerminateProcessByName('c:\users\leonid\appdata\local\amigo\application\amigo.exe'); DeleteFile('c:\users\leonid\appdata\local\amigo\application\amigo.exe','32'); DeleteFile('C:\Users\Leonid\AppData\Local\Amigo\Application\vk.exe','32'); DeleteFile('C:\Windows\system32\Tasks\{2AC34700-C24B-4147-8127-BAEED47B8132}','32'); DeleteFile('C:\Windows\system32\Tasks\{B59D6F5B-B091-4338-8828-49966CD6796E}','32'); DeleteFile('C:\Windows\system32\Tasks\{F3D9D83D-8F37-4D1A-8668-DE5B20C38818}','32'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(false); end.Компьютер перезагрузится. Пофиксите в HiJack R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> O4 - HKCU\..\Run: [26C78E01] C:\Users\Leonid\AppData\Roaming\26C78E01\bin.exe Сделайте новые логи по правилам Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе. Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе. Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением. Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5". Нажмите кнопку Scan. После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении. Если программа была запущена в первый раз, будет создан отчет (Addition.txt). Пожалуйста, прикрепите его в следующем сообщении. Цитата Ссылка на сообщение Поделиться на другие сайты
Леонид Сокольский 0 Опубликовано 7 марта, 2015 Автор Share Опубликовано 7 марта, 2015 Первую пофиксили R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> Второй не было в HiJack O4 - HKCU\..\Run: [26C78E01] C:\Users\Leonid\AppData\Roaming\26C78E01\bin.exe Логи: hijackthis.log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:05:12, on 07.03.2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17126) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\TeamViewer\Version8\TeamViewer.exe C:\Windows\system32\taskhost.exe C:\Program Files\USB Camera2\VM332_STI.EXE C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Lenovo\Energy Management\utility.exe C:\Program Files\Lenovo\Energy Management\Energy Management.exe C:\Program Files\EgisTec IPS\PmmUpdate.exe C:\Program Files\Lenovo\YouCam\YouCamTray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe D:\Program Files\2gis\3.0\2GISTrayNotifier.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\drivers\usb_driver.exe C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Intel\WiMAX\bin\wimaxcu.exe C:\Program Files\EgisTec IPS\EgisUpdate.exe C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe D:\Skype\Phone\Skype.exe D:\Install\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?win=130&clid=2153702 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll O2 - BHO: IEPwdBankBHO - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files\EgisTec BioExcess\EgisIEPwdBank.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Визуальные закладки - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - C:\Program Files\Yandex\FastDial\fastdial.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll O3 - Toolbar: Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll O3 - Toolbar: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll O4 - HKLM\..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe" O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\Lenovo\YouCam\YouCamTray.exe" /s O4 - HKLM\..\Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash O4 - HKLM\..\Run: [TpShocks] C:\Windows\system32\TpShocks.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [2Gis Update Notifier] "D:\Program Files\2gis\3.0\2GISTrayNotifier.exe" -delayed_start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup O4 - HKCU\..\Run: [KabAuth] C:\Users\Leonid\Desktop\kabauth.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [usbDriver] c:\WINDOWS\system32\drivers\usb_driver.exe O4 - HKCU\..\Run: [Praetorian] C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe O4 - HKCU\..\Run: [syncManPath] "C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" -autostart O4 - HKCU\..\Run: [MailRuUpdater] C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.bft-tender.ru O15 - Trusted Zone: http://*.otc-agro.ru O15 - Trusted Zone: http://*.otc-finance.ru O15 - Trusted Zone: http://*.otc-region.ru O15 - Trusted Zone: http://*.otc-tender.ru O15 - Trusted Zone: http://*.otc.ru O15 - Trusted Zone: http://*.rts-tender.ru O15 - Trusted Zone: *.sberbank-ast.ru O15 - Trusted Zone: http://*.sberbank-ast.ru O16 - DPF: {2E3F2257-5717-48F6-B923-F83E908E2311} (TSPSigner Class) - https://web-ppo.zakazrf.ru/ICLCrypt-x32.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F7E60974-7F71-4F4A-BC3B-DF67801BD1AC} (Signer Class) - https://supplier-web.rts-tender.ru/RTSCrypto.cab O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O23 - Service: 2GIS UpdateService (2GISUpdateService) - ООО ДубльГИС - D:\Program Files\2gis\3.0\2GISUpdateService.exe O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Служба управления устройствами Intel® PROSet/Wireless WiMAX Red Bend (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe O23 - Service: EgisTec Data Security Service - Egis Technology Inc. - C:\Program Files\EgisTec BioExcess\EgisDSService.exe O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files\EgisTec BioExcess\EgisService.exe O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files\EgisTec Port Locker\Egishlpsvc.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Skype\Updater\Updater.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: IdeaPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Служба Intel® PROSet/Wireless WiMAX (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- End of file - 13322 bytes FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015 Ran by Leonid (administrator) on LEONID-PC on 07-03-2015 18:26:26 Running from C:\Users\Leonid\Downloads Loaded Profiles: Leonid (Available profiles: Leonid & Неуймина) Platform: Microsoft Windows 7 Максимальная Service Pack 1 (X86) OS Language: Русский (Россия) Internet Explorer Version 11 (Default browser path: "C:\Users\Leonid\AppData\Local\Amigo\Application\amigo.exe" -- "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Egis Technology Inc. ) C:\Program Files\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. ) C:\Program Files\EgisTec Port Locker\Egishlpsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ABBYY (BIT Software)) C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Egis Technology Inc. ) C:\Program Files\EgisTec BioExcess\EgisDSService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe (HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP) C:\Windows\System32\HPSIsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Lenovo.) C:\Windows\System32\TPHDEXLG.exe (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe (Vimicro) C:\Program Files\USB Camera2\VM332_STI.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (CyberLink Corp.) C:\Program Files\Lenovo\YouCam\YouCamTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (ООО ДубльГИС) D:\Program Files\2gis\3.0\2GISTrayNotifier.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Akamai Technologies, Inc.) C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Корпорация Майкрософт) C:\Windows\System32\drivers\usb_driver.exe (Yandex LLC) C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe (Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe (Mail.Ru) C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe (Akamai Technologies, Inc.) C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (КАБiNET) C:\Users\Leonid\Desktop\kabauth.exe (Skype Technologies S.A.) D:\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [332BigDog] => C:\Program Files\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [1822600 2010-03-29] (ELAN Microelectronics Corp.) HKLM\...\Run: [iMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-09-30] () HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4204448 2010-04-12] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [6285216 2010-03-18] (Lenovo (Beijing) Limited) HKLM\...\Run: [EgisTecPMMUpdate] => C:\Program Files\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.) HKLM\...\Run: [EgisUpdate] => C:\Program Files\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.) HKLM\...\Run: [uCam_Menu] => C:\Program Files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [YouCam Mirror Tray icon] => C:\Program Files\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.) HKLM\...\Run: [intelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1437696 2009-09-16] (Intel® Corporation) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [186272 2010-03-15] (Lenovo.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor) HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG) HKLM\...\Run: [2Gis Update Notifier] => D:\Program Files\2gis\3.0\2GISTrayNotifier.exe [4582936 2014-12-18] (ООО ДубльГИС) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.) HKLM\...\Run: [] => [X] HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-14] (ESET) HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2009-03-25] (Nero AG) HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [Corel Photo Downloader] => "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [KabAuth] => C:\Users\Leonid\Desktop\kabauth.exe [877568 2011-06-15] (КАБiNET) HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [usbDriver] => c:\WINDOWS\system32\drivers\usb_driver.exe [577536 2011-04-20] (Корпорация Майкрософт) HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [Praetorian] => C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe [1737024 2014-01-09] (Yandex LLC) HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [syncManPath] => C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe [17410336 2015-02-09] () HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [MailRuUpdater] => C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe [7241960 2015-02-25] (Mail.Ru) HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [26C78E01] => C:\Users\Leonid\AppData\Roaming\26C78E01\bin.exe [49152 2015-03-07] () Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter ShellIconOverlayIdentifiers: [0YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll () ShellIconOverlayIdentifiers: [0YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll () ShellIconOverlayIdentifiers: [0YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll () ShellIconOverlayIdentifiers: [0YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ru.msn.com/?ocid=iehp HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?win=130&clid=2153702 SearchScopes: HKLM -> DefaultScope Yandex URL = http://yandex.ru/yandsearch?clid=155830&text={searchTerms} SearchScopes: HKLM -> Yandex URL = http://yandex.ru/yandsearch?clid=155830&text={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg SearchScopes: HKU\.DEFAULT -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> Moikrug URL = http://moikrug.ru/persons/?clid=155830&charset=utf-8&keywords={searchTerms}&submitted=1 SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> Yandex URL = SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?win=151&clid=2153703&text={searchTerms} SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> {F76319B5-BE67-4DE4-A3C5-00B656A59C8D} URL = http://nova.rambler.ru/search?query={searchTerms}&utm_source=r33&utm_medium=distribution&utm_content=e09&utm_campaign=4w01 SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware) BHO: IEPwdBankBHO Class -> {56CBB761-DA41-4E31-B270-B13B4B0A61D0} -> C:\Program Files\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. ) BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: MailRuBHO Class -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> C:\Program Files\Yandex\FastDial\fastdial.dll () BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware) Toolbar: HKLM - Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll (ООО «ЯНДЕКС») Toolbar: HKLM - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) Toolbar: HKU\.DEFAULT -> Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll (ООО «ЯНДЕКС») Toolbar: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll (ООО «ЯНДЕКС») Toolbar: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File DPF: {2E3F2257-5717-48F6-B923-F83E908E2311} https://web-ppo.zakazrf.ru/ICLCrypt-x32.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F7E60974-7F71-4F4A-BC3B-DF67801BD1AC} https://supplier-web.rts-tender.ru/RTSCrypto.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default FF NewTab: yafd:tabs FF DefaultSearchEngine: Поиск@Mail.Ru FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Поиск@Mail.Ru FF Homepage: hxxp://go.mail.ru/?ffverfix=1&fr=ffverfix_sg FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin HKU\S-1-5-21-3904404758-3084505066-3444409724-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin HKU\S-1-5-21-3904404758-3084505066-3444409724-1000: @rts-tender.ru -> C:\Windows\system32\npRTSCrypto.dll (RTS ) FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\bingp.xml FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\rambler.xml FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-093331.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mailru.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml FF Extension: Візуальныя закладкі - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\vb@yandex.ru [2014-08-02] FF Extension: Спутник @Mail.Ru - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2013-12-29] FF Extension: DownloadHelper - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-06] FF Extension: Adblock Plus - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-19] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-04-23] FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-04-23] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-02-20] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-07-27] Chrome: ======= CHR HomePage: Profile 1 -> hxxp://www.yandex.ru/?win=75&clid=1936586 CHR StartupUrls: Profile 1 -> "hxxp://www.yandex.ru/?win=75&clid=1936586", "hxxp://ru.msn.com/?pc=UP97&ocid=UP97DHP" CHR DefaultSearchKeyword: Profile 1 -> yandex.ru CHR DefaultSearchURL: Profile 1 -> http://yandex.ru/yandsearch?text={searchTerms} CHR DefaultSuggestURL: Profile 1 -> http://suggest.yandex.net/suggest-ff.cgi?part={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) CHR Profile: C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-30] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-30] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-10-30] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcncjpganfocbfoenaemagjjopkkindp [2014-06-27] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaocgokledfmfebefgbeokdodbbdjhdd [2013-10-11] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-10-30] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-30] CHR Profile: C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-05] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-05] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-11-05] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-10] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nkcpopggjcjkiicpenikeogioednjeac [2013-06-19] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27] CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-11-05] CHR Extension: (Gmail) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-05] CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\Leonid\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx [2013-06-08] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08] CHR HKLM\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 2GISUpdateService; D:\Program Files\2gis\3.0\2GISUpdateService.exe [3764760 2014-12-18] (ООО ДубльГИС) R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [566560 2008-06-18] (ABBYY (BIT Software)) [File not signed] S3 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2235448 2007-03-26] () R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 cpcsp1; C:\Program Files\Crypto Pro\CSP\cpcspi.dll [669000 2012-04-20] (Компания Крипто-Про) S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт) R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [352256 2009-09-15] (Red Bend Ltd.) [File not signed] R2 EgisTec Data Security Service; C:\Program Files\EgisTec BioExcess\EgisDSService.exe [314736 2010-11-12] (Egis Technology Inc. ) R2 EgisTec Service; C:\Program Files\EgisTec BioExcess\EgisService.exe [709488 2010-11-12] (Egis Technology Inc. ) R2 EgisTec Service Help; C:\Program Files\EgisTec Port Locker\Egishlpsvc.exe [322416 2010-05-19] (Egis Technology Inc. ) S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-14] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-14] (ESET) R2 Guard.Mail.ru; C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [4053736 2015-02-22] () R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed] R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited) S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited) S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited) R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited) R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited) R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.) [File not signed] S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies) R3 TermService; C:\Windows\System32\termsrv.dll [521216 2011-02-25] (Microsoft Corporation) [File not signed] R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [1368064 2009-09-15] (Intel® Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21256 2009-09-03] (Lenovo Corporation) R0 B46530BE; C:\Windows\System32\drivers\B46530BE.sys [135264 2015-03-05] (Kaspersky Lab ZAO) R3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [56832 2009-09-15] (Intel Corporation) S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo) R1 CProCtrl; C:\Windows\System32\DRIVERS\CProCtrl.sys [66344 2012-04-10] (Компания Крипто-Про) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed] S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation) R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET) R1 EgisTecFF; C:\Windows\System32\DRIVERS\EgisTecFF.sys [44520 2011-04-22] (Egis Technology Inc.) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [131072 2010-03-26] (ELAN Microelectronics Corp.) R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29232 2011-04-22] (EgisTec) R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.) R2 haspflt; C:\Windows\system32\drivers\haspflt.sys [29024 2004-12-10] () [File not signed] R2 Haspnt; C:\Windows\system32\drivers\Haspnt.sys [47616 2014-12-17] (Aladdin Knowledge Systems) [File not signed] S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [9344 2007-07-06] (Hewlett Packard) S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation) R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-21] (Корпорация Майкрософт) R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2011-04-22] (Egis Technology Inc.) R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2011-04-22] (Egis Technology Inc.) R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2011-04-22] (Egis Technology Inc.) R2 npf; C:\Windows\System32\drivers\npf.sys [34064 2009-03-16] (CACE Technologies) R3 RTIFDH; C:\Windows\System32\DRIVERS\rtIFDH.sys [13312 2012-02-27] (Компания "Актив") S3 RTUSB; C:\Windows\System32\DRIVERS\rtUSB.sys [29824 2012-02-27] (Компания "Актив") S3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [83208 2007-04-03] (MCCI Corporation) S3 s616mdfl; C:\Windows\System32\DRIVERS\s616mdfl.sys [15112 2007-04-03] (MCCI Corporation) S3 s616mdm; C:\Windows\System32\DRIVERS\s616mdm.sys [108680 2007-04-03] (MCCI Corporation) S3 s616mgmt; C:\Windows\System32\DRIVERS\s616mgmt.sys [100360 2007-04-03] (MCCI Corporation) S3 s616nd5; C:\Windows\System32\DRIVERS\s616nd5.sys [23176 2007-04-03] (MCCI Corporation) S3 s616obex; C:\Windows\System32\DRIVERS\s616obex.sys [98568 2007-04-03] (MCCI Corporation) S3 s616unic; C:\Windows\System32\DRIVERS\s616unic.sys [99080 2007-04-03] (MCCI Corporation) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed] S3 uji5njew; C:\Windows\system32\Drivers\uji5njew.sys [10240 2015-03-05] (Zaitsev Oleg, 2006) [File not signed] S3 uti5njew; C:\Windows\system32\Drivers\uti5njew.sys [7168 2015-03-05] () [File not signed] R3 vm332avs; C:\Windows\System32\Drivers\vm332avs.sys [198000 2010-05-10] (Vimicro Corporation) R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт) R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows ® Codename Longhorn DDK provider) S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AcpiVpc.sys E4D3DD5A1FC4AEF696D34D4B97049343 C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit C:\Windows\System32\drivers\B46530BE.sys 6022F174CEB149650DCB5BE445A0E72A C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bcmwl6.sys CDA161020BF75B12728AE394196AD991 C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bpenum.sys 2B21B3E9ABF067CE0B0878E2517A8971 C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\drivers\WDBridge.sys B35BB97B6DD9913093579F5C83962636 C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit C:\Windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1 C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CProCtrl.sys E6E39505B3F9846172C96CACB3986CD8 C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\system32\Drivers\DgiVecp.sys 7F19DBA1A467B838CCB23124A2C55568 C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C C:\Windows\System32\DRIVERS\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF C:\Windows\System32\DRIVERS\Dot4Scan.sys 9F7DE667C505CE6500BECDD8E11644D7 C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7 C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E C:\Windows\System32\DRIVERS\eamonm.sys 04CBA07E73F152970FC34D66D3892E2A C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\EgisTecFF.sys 1209F5F93B199CF9E7E7F58AC7D90641 C:\Windows\System32\DRIVERS\ehdrv.sys FE7824239D132AD9EBD8645FE1199B30 C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\epfwwfpr.sys DDB45F6371714601A43E8BE38145BE18 C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ETD.sys D2AD190C9F89B91C0A8CDEB81FDBDCEB C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\Drivers\FPSensor.sys 041033F5DED5E58F8198CE31CFD09562 C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05 C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hardlock.sys C1CC0C9742B881C42F1CC628E6F9EBD1 C:\Windows\system32\drivers\haspflt.sys F535EC9C1E5DAB373C0957D06BA22D6B C:\Windows\system32\drivers\Haspnt.sys 2DD25F060DC9F79B5CDF33D90ED93669 C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972 C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECI.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit C:\Windows\System32\drivers\hpfxbulk.sys 9E3944A558AB84853EF985988E23A8A4 C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5 C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E C:\Windows\System32\DRIVERS\igdkmd32.sys 8266AE06DF974E5BA047B3E9E9E70B3F C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Impcd.sys E3C36AC5AE87EC970AE8EA2A93D59AE1 C:\Windows\System32\drivers\RTKVHDA.sys ACEC5BBEE4AA34D74BE0E2E512CC2026 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9 C:\Windows\System32\DRIVERS\ivusb.sys 994EBB45C4B438E1F6EA0B958AE9B9A3 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E C:\Windows\System32\Drivers\ksecpkg.sys D3964885F0A11ACF51DA3AAA776973B2 C:\Windows\System32\DRIVERS\L1C62x86.sys B05ADCD03AAED42607371186F359D8A5 C:\Windows\System32\DRIVERS\LhdX86.sys 8FF8B5F04AC4D57F9A965BB4DF07813E C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25 C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\Drivers\mvusbews.sys 12AAA46852CFD850129881971976F047 C:\Windows\System32\DRIVERS\mwlPSDFilter.sys CB47C414E083CA6E50E634B148F28F64 C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 647B953019559BFF07536F5C6121F333 C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys 5A236A36DB8687D1E64DC81C03EAABE1 C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\drivers\npf.sys 6623E51595C0076755C29C00846C4EB2 C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0 C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4 C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RtsUStor.sys A633399432491BB173BB3CF3B41B9C55 C:\Windows\System32\DRIVERS\rtIFDH.sys 6C5BAB6BE480D966A3904D8BF12AA3AC C:\Windows\System32\DRIVERS\rtUSB.sys 022548C5D0DFBA837B535FC9C040238B C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\s616bus.sys EF4B5A8D53F15CB269469DD4E4BB0109 C:\Windows\System32\DRIVERS\s616mdfl.sys 96187731EEFCF83E844BC1CE6617AAEB C:\Windows\System32\DRIVERS\s616mdm.sys D2DD87368BFECFA099E50DC120F3F513 C:\Windows\System32\DRIVERS\s616mgmt.sys 5F0BE24E4D4FA134B0B2FEF35D3A9D90 C:\Windows\System32\DRIVERS\s616nd5.sys B9B507FCC67E204EF38E05FFD4176345 C:\Windows\System32\DRIVERS\s616obex.sys F123A1F2A04A0E8DBA80B64F0072475A C:\Windows\System32\DRIVERS\s616unic.sys E7E55048EBD5C17BFA791B4A6EC3D54B C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Apsx86.sys A8D80861A96E8964A3C6B5406B3083C4 C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\snapman.sys E78C98378A071CE4D48A7C514FA98FA1 C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46 C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC C:\Windows\system32\Drivers\SSPORT.sys EF3458337D7341A05169CEFC73709264 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\synth3dvsc.sys F2AD8960812FD111E20E84659EF19D43 C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\system32\drivers\terminpt.sys 052306FD76793D5D5AB5D9891FD1ADBB C:\Windows\System32\DRIVERS\ApsHM86.sys 033C4FEB60ADC2234984DEC816672FED C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282 C:\Windows\System32\drivers\tsusbhub.sys 045ACB987C650D8186C6B4A692223860 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\Drivers\uji5njew.sys 817D8D89FE54E6E207BF50582C1C0E4B C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\system32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46 C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041 C:\Windows\system32\drivers\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6 C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036 C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5 C:\Windows\system32\Drivers\uti5njew.sys 524D8D450622DB4A7875B111C299A76B C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\Drivers\vm332avs.sys 87E8D95688A8C8DEF43288A0613E6CD4 C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7 C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882 C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\WDMirror.sys EA4E9DD00E69B35F9BD3D39ACB113E3F C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wsvd.sys BAEDC491374DEFD5E76336901D6D397D C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-07 18:26 - 2015-03-07 18:27 - 00052397 _____ () C:\Users\Leonid\Downloads\FRST.txt 2015-03-07 18:26 - 2015-03-07 18:26 - 00000000 ____D () C:\FRST 2015-03-07 11:04 - 2015-03-07 11:04 - 00000866 _____ () C:\Users\Leonid\Desktop\HijackThis.exe - Ярлык.lnk 2015-03-05 22:49 - 2015-03-05 22:49 - 00079917 _____ () C:\Users\Leonid\Desktop\logs_05.03.2015_22_36_46.log 2015-03-05 21:07 - 2015-03-05 21:07 - 00010240 _____ (Zaitsev Oleg, 2006) C:\Windows\system32\Drivers\uji5njew.sys 2015-03-05 21:00 - 2015-03-05 23:03 - 00000000 ____D () C:\Program Files\NoVirusThanks 2015-03-05 21:00 - 2015-03-05 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks 2015-03-05 20:59 - 2015-03-05 20:59 - 00931678 _____ (NoVirusThanks Company Srl ) C:\Users\Leonid\Downloads\hijackhunter_setup.exe 2015-03-05 20:47 - 2015-03-05 20:47 - 00135264 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\B46530BE.sys 2015-03-05 20:43 - 2015-03-05 20:43 - 01132544 _____ (Farbar) C:\Users\Leonid\Downloads\FRST.exe 2015-03-05 20:41 - 2015-03-05 20:41 - 00007168 ___SH () C:\Users\Leonid\AppData\Roaming\Thumbs.db 2015-03-04 20:13 - 2015-03-05 21:07 - 00007168 _____ () C:\Windows\system32\Drivers\uti5njew.sys 2015-03-04 15:41 - 2015-03-04 15:47 - 00000000 ____D () C:\KVRT_Data 2015-03-04 15:23 - 2015-03-04 15:25 - 193295694 _____ () C:\Users\Leonid\Downloads\Не подтвержден 931626.crdownload 2015-03-04 13:17 - 2015-03-07 09:17 - 00000000 ___RD () C:\Users\Leonid\YandexDisk-slv196 2015-03-03 20:51 - 2015-03-03 20:53 - 00000000 ____D () C:\Users\Leonid\Desktop\Новая папка 2015-03-03 20:44 - 2015-03-03 20:55 - 00069624 _____ () C:\Users\Leonid\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-03 20:44 - 2015-03-03 20:44 - 00000020 ___SH () C:\Users\Leonid\ntuser.ini 2015-03-03 19:06 - 2015-03-03 19:06 - 03148854 _____ () C:\Users\Leonid\AppData\Roaming\8CD78B8D8CD78B8D.bmp 2015-03-03 16:17 - 2015-03-04 15:55 - 00000000 __SHD () C:\Users\Все пользователи\Windows 2015-03-03 16:17 - 2015-03-04 15:55 - 00000000 __SHD () C:\ProgramData\Windows 2015-03-03 16:17 - 2015-03-03 16:17 - 00000000 ___HD () C:\Users\Leonid\AppData\Roaming\26C78E01 2015-02-24 17:33 - 2015-02-24 17:33 - 00000000 ____D () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс.Диск 2015-02-24 15:14 - 2015-02-24 15:14 - 00000000 ____D () C:\Users\Неуймина\AppData\Roaming\Opera 2015-02-24 15:14 - 2015-02-24 15:14 - 00000000 ____D () C:\Users\Неуймина\AppData\Local\Opera ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-07 18:26 - 2015-01-06 19:35 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-07 18:13 - 2011-04-23 00:07 - 00000000 ____D () C:\Users\Leonid\AppData\Roaming\Skype 2015-03-07 17:52 - 2012-10-30 17:11 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-07 09:52 - 2012-10-30 17:11 - 00000954 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-07 09:20 - 2009-07-14 09:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-07 09:20 - 2009-07-14 09:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-07 09:15 - 2011-01-23 02:44 - 01103193 _____ () C:\Windows\WindowsUpdate.log 2015-03-07 09:13 - 2014-12-10 15:40 - 08405015 _____ () C:\Windows\TempFile 2015-03-07 09:13 - 2011-04-22 23:33 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log 2015-03-07 09:13 - 2009-07-14 09:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-07 09:13 - 2009-07-14 09:39 - 00194169 _____ () C:\Windows\setupact.log 2015-03-05 21:10 - 2010-11-21 02:48 - 00071076 _____ () C:\Windows\PFRO.log 2015-03-04 15:55 - 2013-07-27 18:42 - 00000000 ____D () C:\Users\Leonid\AppData\Local\MediaGet2 2015-03-04 13:17 - 2014-04-02 11:58 - 00000000 ___RD () C:\Users\Leonid\YandexDisk-l.sokolsky 2015-03-04 13:17 - 2011-04-22 22:47 - 00000000 ____D () C:\Users\Leonid 2015-03-04 13:14 - 2009-07-14 09:33 - 00318576 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-03 20:53 - 2011-04-22 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-03-03 20:53 - 2011-04-22 23:52 - 00000000 ____D () C:\Users\Все пользователи\Microsoft Help 2015-03-03 20:53 - 2011-04-22 23:52 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-03 20:45 - 2011-11-11 11:46 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Akamai 2015-03-03 19:05 - 2011-04-23 11:52 - 00000000 ____D () C:\ConsUserData 2015-03-03 19:04 - 2012-03-12 17:55 - 00000000 ____D () C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution 2015-03-03 19:03 - 2014-10-27 10:28 - 01168256 _____ () C:\Users\Leonid\syEt1cYZM2eUGB8fHDvpglHs38J1keN5M5k0ij6OHUlcRS4Mp9GTxioqMQSdIBWNzeWUKSG39TtvXlj8UDiYD0gIKr0DJ3NCayLxCVKc-YA=.xtbl 2015-03-03 19:03 - 2013-04-28 08:09 - 00033152 ___SH () C:\Users\Leonid\RbhdyifbefqrLKZTVxV0kp8FN6HqK7NmIDOOj06LdLQ=.xtbl 2015-03-03 19:03 - 2012-12-17 16:08 - 04571808 ____H () C:\Users\Leonid\AppData\Local\mFMT3pttuY8bNJLQ+hZ0zdW9vJwQ8zEIxe1Lnz5DlqY=.xtbl 2015-03-03 19:03 - 2012-03-12 17:56 - 00003504 _____ () C:\Users\Все пользователи\opYbcl0Y5JSGqmJsy4hKzj8BuGuhvtGGWS3tpdyRDo0=.xtbl 2015-03-03 19:03 - 2012-03-12 17:56 - 00003504 _____ () C:\ProgramData\opYbcl0Y5JSGqmJsy4hKzj8BuGuhvtGGWS3tpdyRDo0=.xtbl 2015-03-03 19:03 - 2011-05-05 14:44 - 00003968 _____ () C:\Users\Leonid\AppData\Local\D34zm0trtLNSsOt-kmsAHdhzVk5kKYs+Q4TTS+P7NyaTYrTNmgDfq35NlA7KN3Sp5zrt4Ruv2pXOMYYKyEEL75Dn5uSotsp4HVWC21VMGy4=.xtbl 2015-03-03 19:03 - 2011-04-22 23:43 - 00000000 ____D () C:\Users\Все пользователи\OneKey Recovery 2015-03-03 19:03 - 2011-04-22 23:43 - 00000000 ____D () C:\ProgramData\OneKey Recovery 2015-03-03 19:03 - 2011-04-22 23:24 - 00000000 ____D () C:\Users\Все пользователи\Port Locker 2015-03-03 19:03 - 2011-04-22 23:24 - 00000000 ____D () C:\ProgramData\Port Locker 2015-03-03 19:03 - 2011-04-22 23:19 - 00069440 _____ () C:\Users\Leonid\AppData\Local\Y2JWQFTP1sJDnoAB924dXJDPvVGPHj2B4XvtEBrYtAbDncPbgB+3VW55+0i8WS0q.xtbl 2015-03-03 19:03 - 2011-04-22 23:16 - 00000000 ____D () C:\Users\Leonid\AppData\Local\BioExcess 2015-03-03 19:03 - 2011-04-22 22:47 - 00000416 ___SH () C:\Users\Leonid\wRyHHhJN2C0BY3w56ZgKvqRL7i23Jksv-cER1UCmlCs=.xtbl 2015-03-03 19:02 - 2011-04-25 13:52 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Lenovo Security Suite 2015-03-03 18:56 - 2014-04-19 21:59 - 00000000 ____D () C:\Users\Leonid\Desktop\Венера 2015-03-03 18:56 - 2013-08-14 14:36 - 00000000 ____D () C:\Users\Leonid\Desktop\катя 2015-03-03 18:56 - 2012-12-17 12:48 - 00000560 ____H () C:\Users\Leonid\Desktop\da9+9tNKyE2mxZhWgM1bqJfSqVJCmhWrq4zYEUy1dlA=.xtbl 2015-03-03 18:56 - 2012-10-05 16:26 - 00000560 ____H () C:\Users\Leonid\Desktop\k3tEVOzAMEzoyvhTIQObB8hXjoogtvJjRJowE7Z8jTr60fe3-NvZzziH6vtGfc2i.xtbl 2015-03-03 18:55 - 2015-02-03 15:48 - 00270352 _____ () C:\Users\Leonid\Downloads\fiso108Co0Pv5U+ao6E6sL3E16NUpzAO1M0Lj4NnX+A=.xtbl 2015-03-03 18:55 - 2015-02-03 14:11 - 00383232 _____ () C:\Users\Leonid\Downloads\u4Da4-pQ26vWRBOOVs8ih8nhbFLVhN1nbio6--kjv2GiBfctxJBX+jxcP08dEfDn2T4VoC-eCJkWjWHUbbcAONHeiEO7jvcvDLXzvS-s+RL7+f96o+42xZos36z9nou+Y-gNvrw0B-tuQdXLtdfx2mAJb6whxE0yEWgEHUsDlrpsBYRkRk3tsDdTUXCXV740.xtbl 2015-03-03 18:55 - 2015-02-02 07:55 - 00002128 _____ () C:\Users\Leonid\Downloads\8-CtMeoVeHS2Ebt0k4cr8sCSE-fnLc7nUtWb-+NQhLE=.xtbl 2015-03-03 18:55 - 2015-01-23 21:50 - 00056704 _____ () C:\Users\Leonid\Downloads\TnkzXCrlsIW-t9ci187PhYfUkT6MplDryLEYq+JOX2+jNMXGgql8Y3jxA+WmwMF6eKk0XxkplgK94htyAcb+XQ==.xtbl 2015-03-03 18:55 - 2015-01-12 10:09 - 00253952 _____ () C:\Users\Leonid\Downloads\9oD0JvLzNeK+p6F1S-XOxzH2eXBZRbxBIF2jVa7JoMpMFmdIA7f24SZuhhICzvC8hNjhcHrUDXbL03ARQ-v-h5kIojyfN25GzZQPxZt5c88=.xtbl 2015-03-03 18:55 - 2014-11-12 10:45 - 00084352 _____ () C:\Users\Leonid\Downloads\ysxmeWBzgPi3zmst-gpPEHu-to4vYUK18kwN4ZlJ-Lg=.xtbl 2015-03-03 18:55 - 2014-09-27 18:56 - 10083280 _____ () C:\Users\Leonid\Downloads\UgMaX5DQgt9q0c6-B04EVDyjnQHrWqFC8665f1ldyUI=.xtbl 2015-03-03 18:55 - 2014-09-27 18:55 - 09482048 _____ () C:\Users\Leonid\Downloads\atQ1AZRRq2nE+ksN0j-ugcK8+XJBAwPvk-qOSlLJJSs=.xtbl 2015-03-03 18:55 - 2014-09-17 18:49 - 20967200 _____ () C:\Users\Leonid\Downloads\Mihail_Kazinik_Taynye_znaki_kul_tury_23_01_11_radio_Serebryanyy_dozhd__-_dlya_skripki_s_orkestrom_sol__minor_Maksa_Bruha_Gost__Boris_Kazinik_syn_s_rasskazom_o_shvedskom_genii_ogane_Hel_mishe_Ro_mane_Johan_Helmich_Ro_ma.mp3.ytbl 2015-03-03 18:55 - 2014-04-01 13:52 - 00133424 _____ () C:\Users\Leonid\Downloads\rOqWHM3f54SUaSu4k+dPpMS92e9nrl3PkgFzt0N+rWZKKhiNZEH5c01T5V01CrXmmyORmWryWlb8QxWwtqX9RKmAz7BbDNihtWpfxrcDC9Q=.xtbl 2015-03-03 18:55 - 2014-02-26 11:05 - 00427392 _____ () C:\Users\Leonid\Downloads\FDfgpxdV4SUfBnnpd5QaaUn9VNJ9r8rhKkgfmqXdI1E=.xtbl 2015-03-03 18:55 - 2013-12-20 10:33 - 07084416 _____ () C:\Users\Leonid\Downloads\05Y4+a+aFdahirwcbf8TauX5FGDKa38G1TvA+lAJofIcSCvSCRexm60quu24xaTy0KKkTRYW6mMQ96RGkVfcKA==.xtbl 2015-03-03 18:55 - 2013-08-08 19:54 - 229891040 _____ () C:\Users\Leonid\Downloads\veL4mt2DSKruzHyWeagwyNCcx0o2mIuUe7ziiH3OMhISWeh8kMQeWA9cPZLtnpHPhaUwQ0v40171BDzrkC0bPkeT3B7r3cj6+JegjXq0SyX3fUoFAc-3WGr66EOc9aPU.xtbl 2015-03-03 18:55 - 2013-05-04 12:43 - 00000000 ____D () C:\Users\Leonid\Documents\Balabolka 2015-03-03 18:55 - 2013-01-06 19:09 - 00046448 _____ () C:\Users\Leonid\Downloads\d7mOyNR14X31beQiK6qdBhExnvD-dyWP4QWk76cTCc8I3QamdIfumnfG60oVyb10yxWM07OOa+uah-7QnccWiw==.xtbl 2015-03-03 18:54 - 2015-01-06 18:59 - 00007760 _____ () C:\Users\Leonid\Downloads\9yS+dgcAp7FcuNZW0yp00EMi-60GYAGNRRImS421uqqb1K6ZO1O7wXrA-qPT9ARf8IsPzqXhXQj1XMvciNzuxREj5ciKkQttWtsCSxcTkxI=.xtbl 2015-03-03 18:54 - 2014-02-11 12:48 - 00068480 _____ () C:\Users\Leonid\Downloads\kfayGDf2o7Yd3OkN0ztFF0k0BR47NWrBobQ6weHc5qJ-CuHJm+uUyK3ptNUtX03j+CDQ0diEMs0+4EYvM6k4TGs847P5CtJWb0M009XQrhb6SHFF2fLpUNijExEficVI.xtbl 2015-03-03 18:54 - 2013-01-06 19:11 - 00036736 _____ () C:\Users\Leonid\Downloads\uJjRKmvEHFl-vefklJcB+FyPtQBVQ2TzddXt9dPgm0V+FL1oFu5ANDu-DhsFOpGWBVb75x30QdON5MxNOFrI2w==.xtbl 2015-03-03 18:54 - 2011-07-25 13:54 - 00000000 ____D () C:\Users\Leonid\Downloads\Сверхобучение и творчество по методу КЛЮЧ 2015-03-03 18:31 - 2013-08-18 11:43 - 00000000 ___RD () C:\Users\Leonid\YandexDisk-rosi.rosi 2015-03-03 18:16 - 2012-12-17 12:16 - 00000000 ____D () C:\Users\Все пользователи\AMMYY 2015-03-03 18:16 - 2012-12-17 12:16 - 00000000 ____D () C:\ProgramData\AMMYY 2015-03-03 18:16 - 2012-03-12 17:56 - 00003504 _____ () C:\Users\Все пользователи\iSkkNtB+k5qGprzw3TPpQwP2LsNni7IrTaVlOh5+S4U=.xtbl 2015-03-03 18:16 - 2012-03-12 17:56 - 00003504 _____ () C:\ProgramData\iSkkNtB+k5qGprzw3TPpQwP2LsNni7IrTaVlOh5+S4U=.xtbl 2015-03-03 18:16 - 2011-04-22 23:43 - 00000000 ____D () C:\Users\Все пользователи\Active Protection System 2015-03-03 18:16 - 2011-04-22 23:43 - 00000000 ____D () C:\ProgramData\Active Protection System 2015-03-03 18:16 - 2011-04-22 23:21 - 00000000 ____D () C:\Users\Все пользователи\EgisTec IPS 2015-03-03 18:16 - 2011-04-22 23:21 - 00000000 ____D () C:\ProgramData\EgisTec IPS 2015-03-03 18:15 - 2012-04-02 19:17 - 00000000 ____D () C:\VueScan 2015-03-03 16:18 - 2011-04-22 22:47 - 00000000 ____D () C:\Users\Leonid\AppData\Local\VirtualStore 2015-03-02 12:08 - 2014-04-23 10:15 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Amigo 2015-03-01 22:01 - 2011-05-23 10:33 - 00000051 _____ () C:\Users\Leonid\AppData\Roaming\default.pls 2015-03-01 20:09 - 2014-07-26 15:28 - 00002283 _____ () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk 2015-03-01 20:09 - 2014-07-26 15:28 - 00002283 _____ () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk 2015-03-01 20:09 - 2014-07-26 15:28 - 00002258 _____ () C:\Users\Leonid\Desktop\Вконтакте.lnk 2015-03-01 20:09 - 2014-04-23 10:15 - 00002246 _____ () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Амиго.lnk 2015-03-01 20:09 - 2014-04-23 10:15 - 00002221 _____ () C:\Users\Leonid\Desktop\Амиго.lnk 2015-03-01 20:09 - 2013-10-11 14:38 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Mail.Ru 2015-03-01 20:07 - 2010-11-21 07:30 - 00724930 _____ () C:\Windows\system32\perfh019.dat 2015-03-01 20:07 - 2010-11-21 07:30 - 00151214 _____ () C:\Windows\system32\perfc019.dat 2015-03-01 20:07 - 2010-11-21 02:01 - 01649802 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-27 09:32 - 2011-05-05 14:07 - 00005642 ___SH () C:\Users\Все пользователи\KGyGaAvL.sys 2015-02-27 09:32 - 2011-05-05 14:07 - 00005642 ___SH () C:\ProgramData\KGyGaAvL.sys 2015-02-27 09:32 - 2011-05-05 14:07 - 00000168 __RSH () C:\Users\Все пользователи\7013929A08.sys 2015-02-27 09:32 - 2011-05-05 14:07 - 00000168 __RSH () C:\ProgramData\7013929A08.sys 2015-02-22 07:17 - 2013-10-25 14:57 - 00000000 ____D () C:\Users\Все пользователи\Guard.Mail.Ru 2015-02-22 07:17 - 2013-10-25 14:57 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru 2015-02-20 10:13 - 2015-01-28 10:08 - 00000000 ____D () C:\Users\Неуймина\Desktop\Обмен 2015-02-15 14:41 - 2014-04-23 10:15 - 00000000 ____D () C:\Users\Leonid\AppData\Local\MailRu 2015-02-09 17:57 - 2011-06-18 16:28 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Yandex 2015-02-09 15:27 - 2014-12-17 10:08 - 00069048 _____ () C:\Users\Неуймина\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-06 19:16 - 2011-04-22 23:14 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-02-06 19:04 - 2011-05-10 07:31 - 00000000 ____D () C:\Windows\Downloaded Installations 2015-02-06 19:04 - 2011-05-10 07:31 - 00000000 ____D () C:\Program Files\Common Files\Teleca Shared 2015-02-06 19:00 - 2012-11-14 12:57 - 00000000 ____D () C:\Users\Leonid\AppData\Local\AETP 2015-02-06 09:26 - 2015-01-06 19:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-06 09:26 - 2011-05-19 10:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2015-03-03 19:06 - 2015-03-03 19:06 - 3148854 _____ () C:\Users\Leonid\AppData\Roaming\8CD78B8D8CD78B8D.bmp 2011-05-23 10:33 - 2015-03-01 22:01 - 0000051 _____ () C:\Users\Leonid\AppData\Roaming\default.pls 2015-03-05 20:41 - 2015-03-05 20:41 - 0007168 ___SH () C:\Users\Leonid\AppData\Roaming\Thumbs.db 2011-06-17 22:50 - 2011-06-17 22:50 - 0033134 _____ () C:\Users\Leonid\AppData\Roaming\UserTile.png 2011-05-05 14:44 - 2015-03-03 19:03 - 0003968 _____ () C:\Users\Leonid\AppData\Local\D34zm0trtLNSsOt-kmsAHdhzVk5kKYs+Q4TTS+P7NyaTYrTNmgDfq35NlA7KN3Sp5zrt4Ruv2pXOMYYKyEEL75Dn5uSotsp4HVWC21VMGy4=.xtbl 2012-12-17 16:08 - 2015-03-03 19:03 - 4571808 ____H () C:\Users\Leonid\AppData\Local\mFMT3pttuY8bNJLQ+hZ0zdW9vJwQ8zEIxe1Lnz5DlqY=.xtbl 2011-04-22 23:19 - 2015-03-03 19:03 - 0069440 _____ () C:\Users\Leonid\AppData\Local\Y2JWQFTP1sJDnoAB924dXJDPvVGPHj2B4XvtEBrYtAbDncPbgB+3VW55+0i8WS0q.xtbl 2011-05-05 14:07 - 2015-02-27 09:32 - 0000168 __RSH () C:\ProgramData\7013929A08.sys 2012-03-12 17:56 - 2012-05-04 13:56 - 0003114 _____ () C:\ProgramData\hpzinstall.log 2012-03-12 17:56 - 2015-03-03 18:16 - 0003504 _____ () C:\ProgramData\iSkkNtB+k5qGprzw3TPpQwP2LsNni7IrTaVlOh5+S4U=.xtbl 2011-05-05 14:07 - 2015-02-27 09:32 - 0005642 ___SH () C:\ProgramData\KGyGaAvL.sys 2012-03-12 17:56 - 2015-03-03 19:03 - 0003504 _____ () C:\ProgramData\opYbcl0Y5JSGqmJsy4hKzj8BuGuhvtGGWS3tpdyRDo0=.xtbl Some content of TEMP: ==================== C:\Users\Leonid\AppData\Local\Temp\amigo_setup.exe C:\Users\Leonid\AppData\Local\Temp\haspdinst_x64.exe C:\Users\Leonid\AppData\Local\Temp\haspds_windows.dll C:\Users\Leonid\AppData\Local\Temp\hasp_windows.dll C:\Users\Leonid\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Leonid\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe C:\Users\Leonid\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Leonid\AppData\Local\Temp\ose00000.exe C:\Users\Leonid\AppData\Local\Temp\RUpdate.exe C:\Users\Leonid\AppData\Local\Temp\sender.exe C:\Users\Leonid\AppData\Local\Temp\Setup-internet.exe C:\Users\Leonid\AppData\Local\Temp\Setup-praetorian.exe C:\Users\Leonid\AppData\Local\Temp\Setup-yabrowser.exe C:\Users\Leonid\AppData\Local\Temp\utt3EF9.tmp.exe C:\Users\Leonid\AppData\Local\Temp\utt4937.tmp.exe C:\Users\Leonid\AppData\Local\Temp\yandex-downloader.exe C:\Users\Leonid\AppData\Local\Temp\YandexPackSetup.exe C:\Users\Leonid\AppData\Local\Temp\yupdate-exec-praetorian.exe C:\Users\Leonid\AppData\Local\Temp\yupdate-exec-yabrowser.exe C:\Users\Leonid\AppData\Local\Temp\yupdate-executor-internet.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ „ЁбЇҐвзҐа § Јаг§ЄЁ Windows -------------------- Ё¤ҐвЁдЁЄ в®а {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale ru-RU inherit {globalsettings} default {current} resumeobject {433cda2a-2670-11e0-88a7-d106067d3e34} displayorder {current} toolsdisplayorder {memdiag} timeout 30 ‡ Јаг§Є Windows ------------------- Ё¤ҐвЁдЁЄ в®а {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale ru-RU inherit {bootloadersettings} recoverysequence {433cda2c-2670-11e0-88a7-d106067d3e34} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {433cda2a-2670-11e0-88a7-d106067d3e34} nx OptIn ‡ Јаг§Є Windows ------------------- Ё¤ҐвЁдЁЄ в®а {433cda2c-2670-11e0-88a7-d106067d3e34} ‚л室 Ё§ ०Ё¬ ЈЁЎҐа жЁЁ -------------------------- Ё¤ҐвЁдЁЄ в®а {433cda2a-2670-11e0-88a7-d106067d3e34} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Џа®ўҐаЄ Ї ¬пвЁ Windows --------------------- Ё¤ҐвЁдЁЄ в®а {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description „Ё Ј®бвЁЄ Ї ¬пвЁ locale ru-RU inherit {globalsettings} badmemoryaccess Yes Џ а ¬Ґвал EMS ------------- Ё¤ҐвЁдЁЄ в®а {emssettings} bootems Yes Џ а ¬Ґвал ®в« ¤зЁЄ ------------------- Ё¤ҐвЁдЁЄ в®а {dbgsettings} debugtype Serial debugport 1 baudrate 115200 „ҐдҐЄвл Ћ‡“ ----------- Ё¤ҐвЁдЁЄ в®а {badmemory} ѓ«®Ў «млҐ Ї а ¬Ґвал -------------------- Ё¤ҐвЁдЁЄ в®а {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Џ а ¬Ґвал § Јаг§зЁЄ -------------------- Ё¤ҐвЁдЁЄ в®а {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Џ а ¬Ґвал ЈЁЇҐаўЁ§®а ------------------- Ё¤ҐвЁдЁЄ в®а {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Џ а ¬Ґвал § Јаг§зЁЄ ў®ббв ®ў«ҐЁп ----------------------------------- Ё¤ҐвЁдЁЄ в®а {resumeloadersettings} inherit {globalsettings} Џ а ¬Ґвал гбва®©бвў ------------------- Ё¤ҐвЁдЁЄ в®а {433cda2d-2670-11e0-88a7-d106067d3e34} description Ramdisk Options ramdisksdidevice unknown ramdisksdipath \Recovery\433cda2c-2670-11e0-88a7-d106067d3e34\boot.sdi LastRegBack: 2015-03-05 13:32 ==================== End Of Log ============================ Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015 Ran by Leonid at 2015-03-07 18:28:13 Running from C:\Users\Leonid\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1} AS: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM\...\uTorrent) (Version: 3.0.0 - ) µTorrent (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.) 1C:Предприятие 8.2 (8.2.19.83) (HKLM\...\{2300F5DE-9566-42F1-ACFA-F0F74B94CE92}) (Version: 8.2.19.83 - 1C) 2ГИС 3.14.12.0 (HKLM\...\{35BB34B4-7A04-489A-94A4-0CE15607A2E0}) (Version: 3.14.12.0 - ООО "ДубльГИС") ABBYY FineReader 9.0 Professional Edition (HKLM\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.662.5581 - ABBYY) AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky) Acapela multimedia Russian (255 channels) (HKLM\...\{0ACD6BC8-0568-4286-86A2-D337F371D42B}) (Version: 5.1. - Acapela) Acronis Disk Director Suite (HKLM\...\{2300EE96-0A41-4FAB-BD03-989EC44577A0}) (Version: 10.0.2161 - Acronis) Active Protection System (HKLM\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.10 - Lenovo) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.) Balabolka (HKLM\...\Balabolka) (Version: 2.7.0.545 - Ilya Morozov) BioExcess (HKLM\...\InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}) (Version: 6.0.48.177 - Egis Technology Inc.) BioExcess (Version: 6.0.48.177 - Egis Technology Inc.) Hidden Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - ) CheckXML (HKLM\...\CheckXML) (Version: - ) CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden CorelDRAW® Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version: - Corel Corporation) CorelDRAW® Graphics Suite X4 - Windows Shell Extension (Version: 1.0 - Corel Corporation) Hidden CorelDRAW® Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version: - Corel Corporation) CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.) DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC) DjVu Editor (HKLM\...\{4396BE64-7A77-4A64-8E0A-575B71F849D2}) (Version: - ) Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 5.3.1.9 - Lenovo) ESET NOD32 Antivirus (HKLM\...\{FCB6793C-E0BC-46F1-B624-4B141A36DA0B}) (Version: 4.2.71.3 - ESET, spol. s r.o.) ETDWare PS/2-x86 7.0.4.17_WHQL (HKLM\...\Elantech) (Version: 7.0.4.17 - ELAN Microelectronics Corp.) Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden Guard@Mail.Ru (HKLM\...\Guard.Mail.ru) (Version: 1.0.0.596 - Mail.ru) <==== ATTENTION Hijack Hunter 1.8.4.1 (HKLM\...\{616A9B24-448B-4DF3-926A-C4141FCD692C}_is1) (Version: - NoVirusThanks Company Srl) HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - ) hppLaserJetService (Version: 001.003.000145 - Hewlett-Packard) Hidden hppM1130M1210SeriesLaserJetService (Version: 001.003.00073 - Hewlett-Packard) Hidden hppusgM1130M1210Series (Version: 1.0.0.2 - Hewlett-Packard) Hidden HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Infovox Desktop 2.2 (HKLM\...\{52C32940-C538-40CF-8DE9-B91090F49938}) (Version: 2.20.0003 - Acapela Group) Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation) Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle) K-Lite Mega Codec Pack 7.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.0 - ) Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.10.0510.01 - Lenovo EasyCamera) Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo) Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited) Lenovo Security Suite (HKLM\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.10.0 - Lenovo) Lenovo Security Suite (Version: 2.0.10.0 - Lenovo) Hidden Lenovo_Wireless_Driver (HKLM\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo) MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden MediaGet (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\MediaGet) (Version: - Media Get LLC) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Excel 2007 Help Обновление (KB963678) (HKLM\...\{90120000-0016-0419-0000-0000000FF1CE}_STANDARD_{420938DB-BF97-4664-BE29-0C68B4802C00}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook 2007 Help Обновление (KB963677) (HKLM\...\{90120000-001A-0419-0000-0000000FF1CE}_STANDARD_{E9D6C0F9-9879-4FC4-8E13-BF0D3953E0E6}) (Version: - Microsoft) Microsoft Office Powerpoint 2007 Help Обновление (KB963669) (HKLM\...\{90120000-0018-0419-0000-0000000FF1CE}_STANDARD_{BD1C2AC7-63F3-4C75-8B44-DE3D700B3BC8}) (Version: - Microsoft) Microsoft Office Word 2007 Help Обновление (KB963665) (HKLM\...\{90120000-001B-0419-0000-0000000FF1CE}_STANDARD_{D3A002FB-0F62-4840-80AD-2D2C63F83449}) (Version: - Microsoft) Microsoft Office Стандартный 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mirror Text (HKLM\...\{100FEC3D-4C55-475D-91A3-662BA193606D}) (Version: 1.04.0000 - Intellect Technology) Mozilla Firefox 34.0.5 (x86 ru) (HKLM\...\Mozilla Firefox 34.0.5 (x86 ru)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 8 Ultra Edition HD (HKLM\...\{C9FFC925-E27E-436E-A2DF-652324D51049}) (Version: 8.3.630 - Nero AG) Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA) PDF-XChange 4 Pro (HKLM\...\{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1) (Version: 4.193.193.0 - Tracker Software Products Ltd) Port Locker (HKLM\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.20 - Egis Technology Inc.) Port Locker (Version: 1.0.5.20 - Egis Technology Inc.) Hidden PsvRSV (HKLM\...\PsvRSV) (Version: - ) QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.) RtLED (HKLM\...\{601E38D5-2CF0-4566-94D6-BDA9DE092412}) (Version: 1.0.2 - Realtek Semiconductor Corp.) Rutoken Drivers (HKLM\...\{D76407DB-79C5-4FF9-986B-3E58CCD133E4}) (Version: 2.86.00.0460 - Aktiv Co.) SAPI (HKLM\...\{A2CA2E0F-2DA3-4DA5-AD26-15355FD612A8}) (Version: 1.0.0.0 - Qualilife) Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden VueScan (HKLM\...\VueScan) (Version: - ) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom) winpcap-nmap 4.02 (HKLM\...\winpcap-nmap) (Version: - ) WinRAR 4.00 (32-разрядная) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) Yandex (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\YandexBrowser) (Version: 38.0.2125.10034 - YANDEX) Zona (HKLM\...\Zona) (Version: - Zona Team) Zona (HKLM\...\Zona)) (Version: - ) Амиго (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Amigo) (Version: 32.0.1709.125 - Mail.Ru) Данные 2ГИС г.Екатеринбург 01.03.2015 (HKLM\...\{B9901280-9C85-4439-9C7A-538A8E510647}) (Version: 111.0.0 - ООО "ДубльГИС") КриптоПро CSP (HKLM\...\{54A08450-B343-40B0-924E-68F031450996}) (Version: 3.6.7092 - Компания Крипто-Про) Пакет драйверов Windows - Intel (NETw5s32) net (01/13/2010 13.1.1.1) (HKLM\...\BF9685FCA47380EEA569663AFC8DB44853DFDF39) (Version: 01/13/2010 13.1.1.1 - Intel) Пакет драйверов Windows - Intel (NETw5v32) net (01/13/2010 13.1.1.1) (HKLM\...\ED20E390B66C5BD927E7DAE7FB3AA2A355B96933) (Version: 01/13/2010 13.1.1.1 - Intel) ПО Intel® PROSet/Wireless WiMAX (HKLM\...\{FAE224AF-B15E-448B-88FA-1839A7570CF8}) (Version: 2.00.0011 - Корпорация Intel) Служба автоматического обновления программ (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\MailRuUpdater) (Version: - Mail.Ru) Спутник@Mail.Ru (HKLM\...\MailRuSputnik) (Version: 2.4.1.288 - Mail.Ru) Элементы Яндекса 7.2 для Internet Explorer (HKLM\...\{EE24665C-844A-4489-9F11-70E41F4EE476}) (Version: 7.2.5.3111 - Яндекс) Яндекс.Бар 4.3 для Internet Explorer (uTorrent) (HKLM\...\{093E45A5-8AC4-4FF5-B4A6-A8811F755067}) (Version: 4.3.3.1044 - Яндекс) Яндекс.Диск (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\YandexDisk) (Version: 1.3.3.4693 - Яндекс) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll () CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{1FE40EA0-BCD0-4235-B5F1-72123E3BA724}\localserver32 -> D:\Program Files\2gis\3.0\grym.exe (ООО ДубльГИС) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\yupdate-executor.exe (Yandex LLC) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{2D6BD2F0-5F84-4a06-924F-AEE0598B6272}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll () CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{31AF8DFB-7F85-4896-9640-1C4FFE14B29E}\InprocServer32 -> D:\Program Files\2gis\3.0\Plugins\DGisLayer.dll (ООО ДубльГИС) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{33A431BB-FF15-4047-8FEC-F82FD3523A00}\localserver32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe () CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\yupdate-ctrl.exe (Yandex LLC) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{60940425-4085-4f11-ab34-b9dacd636f4b}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{680849bc-b86d-4669-9219-ad9ac13e4ddc}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{6a8f8752-e2ec-485d-8e46-b2509f668d26}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Leonid\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{6da75278-e916-4a18-934f-1d90b2cebabd}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{7b7c1f93-8199-4da7-88eb-e25a222c7a15}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{8D8070D2-90D3-11D1-8D6A-000021362840}\InprocServer32 -> C:\Program Files\Elan\ettsengine.dll (Acapela Group) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{949CDFC6-2A52-4C27-A0A2-F87EF62D5536}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe (Yandex LLC) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll () CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{97C64D6B-4F2E-4eba-8272-21780A562176}\InprocServer32 -> C:\Program Files\Elan\ettsengines5.dll (Acapela Group) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{9ee0a337-0726-4400-95e8-77e893ec681c}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\Leonid\AppData\Local\Yandex\YandexBrowser\Application\25.0.1364.22194\delegate_execute.exe (the data entry has 9 more characters). CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}\localserver32 -> C:\Users\Leonid\AppData\Local\Amigo\Application\32.0.1709.125\delegate_execute.exe (LLC Mail.Ru) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{a70b6806-f2e5-44a5-abb2-14a63cedf752}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{acad8a98-286a-420b-9fa3-02c0593917c9}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{B678B13A-3480-CBFC-2537-E4C74697808C}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{c127373e-5025-4630-a5be-23c4d86ac559}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\yupdate-executor.exe (Yandex LLC) CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{E36606FE-036A-4dd0-ABA9-A58F409803F0}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll () CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{e7727e52-306a-4026-a1f3-0a67008f443d}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 07:04 - 2009-06-11 02:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00AB1FAE-FC19-4A1E-A615-59B09E85BE00} - System32\Tasks\{DC3E2CDA-B2DB-46BF-ABB0-BF08EE341FB5} => pcalua.exe -a "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ\idwkladr.exe" -d "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ" Task: {05B1AA42-411F-4652-9128-2C64661A20B6} - System32\Tasks\{981DA40B-0984-4EA7-9A2F-2E8D57F88532} => c:\users\leonid\appdata\local\amigo\application\amigo.exe Task: {17964070-D37F-4D5D-9740-51E4A9FBF679} - \{B59D6F5B-B091-4338-8828-49966CD6796E} No Task File <==== ATTENTION Task: {21FD47E2-2423-4F3D-A9E6-5A831DB96921} - System32\Tasks\{4097B275-D432-4E0C-9D1F-457BB90A8A9D} => pcalua.exe -a "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ\idw4281.exe" -d "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ" Task: {22076E58-EA31-4EE8-88DC-A6E91FC11296} - \{F3D9D83D-8F37-4D1A-8668-DE5B20C38818} No Task File <==== ATTENTION Task: {349497A4-FA66-49BF-8BA1-F7E8FA6EC0AD} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION Task: {4D0FD412-E894-47FE-B881-99150DEC296C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.) Task: {5768F495-927A-4F49-A2D2-435488EBF490} - System32\Tasks\{59A615CB-C519-456B-AE8A-BDB13FB03692} => C:\Program Files\Opera\Opera.exe [2013-04-07] (Opera Software) Task: {6B022EF6-B365-4E0F-AF46-3BD68838B7B9} - System32\Tasks\{7A6EC96D-CDCE-40B4-A30C-91D904BD6451} => C:\Program Files\Opera\Opera.exe [2013-04-07] (Opera Software) Task: {8C5BBF7F-BB20-4C2C-A058-03DA3FB4B8BB} - System32\Tasks\{3F7E3A8D-BCF4-496D-BA75-A6BE41D6BF21} => pcalua.exe -a E:\start.exe -d E:\ Task: {8D72258C-8794-4129-B1C8-9BFBA9FF5922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.) Task: {987C045C-08BF-4CE3-BB39-8660CEED6F54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated) Task: {C1BC358B-58CE-4ADA-ADDF-5BC03E586A59} - System32\Tasks\{676E9BC4-CBFB-457F-AF76-7A157A3F1199} => c:\users\leonid\appdata\local\amigo\application\amigo.exe Task: {C76EC6A0-F6BF-4C08-9F33-A47B105045D5} - System32\Tasks\{2CE2FB74-AAB9-4659-B7AD-16FADEA82718} => c:\program files\opera\opera.exe [2013-04-07] (Opera Software) Task: {D0693F6E-D0F5-477D-8219-6CDE61B29833} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.)) Task: {D69BF2FA-0A11-4789-A766-9AF1521A36B9} - System32\Tasks\{7E1343EF-5FAB-48C9-8946-8D733177BF61} => pcalua.exe -a "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ\idw428.exe" -d "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ" Task: {E642B6AC-3FE0-45AC-9257-A5917907770D} - \{2AC34700-C24B-4147-8127-BAEED47B8132} No Task File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2013-02-20 09:32 - 2012-09-29 12:24 - 00167936 ____N () C:\Windows\System32\HPM1210LM.DLL 2013-02-20 09:33 - 2012-09-29 12:24 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HPM1210PP.dll 2013-10-11 14:39 - 2015-02-22 07:17 - 04053736 _____ () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe 2009-10-15 10:13 - 2009-10-15 10:13 - 00061440 _____ () C:\Program Files\HP\HPLaserJetService\HPTools.dll 2009-10-15 10:13 - 2009-10-15 10:13 - 00964096 _____ () C:\Program Files\HP\HPLaserJetService\LEDMXMLObjects.dll 2012-12-24 05:53 - 2012-12-24 05:53 - 00081920 _____ () C:\Windows\system32\mvusbews.DLL 2013-06-08 21:48 - 2013-06-04 15:49 - 01276704 _____ () C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll 2014-09-11 20:46 - 2014-08-28 01:27 - 00923936 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll 2011-04-23 00:04 - 2011-03-02 11:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll 2011-04-22 23:21 - 2008-12-20 02:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll 2011-04-22 23:21 - 2008-12-20 02:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll 2014-11-28 12:44 - 2015-02-09 22:28 - 17410336 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe 2014-11-28 12:44 - 2015-02-09 22:28 - 00236968 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\libpng14-14.dll 2014-11-28 12:44 - 2015-02-09 22:28 - 00106784 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\zlib1.dll 2014-11-28 12:44 - 2015-02-09 22:28 - 00168224 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe 2013-09-25 20:57 - 2015-02-09 22:28 - 00354592 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskHooks-3998.dll 2010-05-10 15:36 - 2010-05-10 15:36 - 00655360 _____ () C:\Windows\system32\vmprp332.ax 2015-02-20 07:58 - 2015-02-18 03:44 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libglesv2.dll 2015-02-20 07:58 - 2015-02-18 03:44 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libegl.dll 2015-02-20 07:58 - 2015-02-18 03:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38955643.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\B46530BE.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38955643.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\B46530BE.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: PLTSR => "C:\Program Files\EgisTec Port Locker\EgisPLTSR.exe" MSCONFIG\startupreg: SkyMonk => C:\Program Files\SkyMonk\SkyMonk.exe -tray MSCONFIG\startupreg: VitaKeyTSR => "C:\Program Files\EgisTec BioExcess\EgisTSR.exe" ==================== Accounts: ============================= HomeGroupUser$ (S-1-5-21-3904404758-3084505066-3444409724-1002 - Limited - Enabled) Leonid (S-1-5-21-3904404758-3084505066-3444409724-1000 - Administrator - Enabled) => C:\Users\Leonid Администратор (S-1-5-21-3904404758-3084505066-3444409724-500 - Administrator - Disabled) Гость (S-1-5-21-3904404758-3084505066-3444409724-501 - Limited - Enabled) Неуймина (S-1-5-21-3904404758-3084505066-3444409724-1003 - Administrator - Enabled) => C:\Users\Неуймина ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/07/2015 09:43:38 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Описание = Запланированная контрольная точка; HR = 0x80070422). Error: (03/07/2015 09:43:27 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Описание = Запланированная контрольная точка; HR = 0x80070422). Error: (03/07/2015 09:38:37 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"". Используйте sxstrace.exe для подробной диагностики. Error: (03/07/2015 09:37:34 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"". Используйте sxstrace.exe для подробной диагностики. Error: (03/07/2015 09:37:32 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"". Используйте sxstrace.exe для подробной диагностики. Error: (03/07/2015 09:13:50 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/06/2015 06:48:41 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/05/2015 09:10:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/05/2015 03:45:07 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Описание = Запланированная контрольная точка; HR = 0x80070422). Error: (03/05/2015 03:40:31 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"". Используйте sxstrace.exe для подробной диагностики. System errors: ============= Error: (03/07/2015 09:13:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "DgiVecp" из-за ошибки %%20 Error: (03/06/2015 07:03:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании ответа транзакции от службы "UxSms". Error: (03/06/2015 07:03:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании ответа транзакции от службы "UmRdpService". Error: (03/06/2015 07:15:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Служба регистрации ошибок Windows". Error: (03/06/2015 07:05:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Служба регистрации ошибок Windows". Error: (03/06/2015 06:48:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "DgiVecp" из-за ошибки %%20 Error: (03/05/2015 09:10:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "DgiVecp" из-за ошибки %%20 Error: (03/05/2015 09:07:47 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (03/05/2015 11:40:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "DgiVecp" из-за ошибки %%20 Error: (03/04/2015 03:55:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "DgiVecp" из-за ошибки %%20 Microsoft Office Sessions: ========================= Error: (12/13/2013 05:22:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 32779 seconds with 840 seconds of active time. This session ended with a crash. Error: (11/27/2012 06:52:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 22229 seconds with 4920 seconds of active time. This session ended with a crash. Error: (09/06/2012 09:31:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2148 seconds with 1320 seconds of active time. This session ended with a crash. Error: (07/09/2012 03:32:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29315 seconds with 1260 seconds of active time. This session ended with a crash. Error: (04/24/2012 00:45:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18340 seconds with 10320 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2015-02-25 08:42:07.874 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system. Date: 2015-02-25 08:42:07.570 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mp3fhg.acm because the set of per-page image hashes could not be found on the system. Date: 2015-02-25 08:42:07.284 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system. Date: 2015-02-25 08:42:07.031 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 18:28:26.024 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 18:28:25.859 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mp3fhg.acm because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 18:28:25.697 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 18:28:25.548 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 14:31:31.879 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system. Date: 2015-02-24 14:31:31.612 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mp3fhg.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Pentium® CPU P6100 @ 2.00GHz Percentage of memory in use: 65% Total physical RAM: 1844.51 MB Available physical RAM: 644.16 MB Total Pagefile: 3689.02 MB Available Pagefile: 1159.84 MB Total Virtual: 2047.88 MB Available Virtual: 1886.7 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:82.79 GB) (Free:12.42 GB) NTFS Drive d: () (Fixed) (Total:150 GB) (Free:18.31 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C3FFC3FF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=82.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=150 GB) - (Type=05) ==================== End Of Log ============================ Что делать дальше? Возможно ли расшифровать файлы, зашифрованные вирусом? Смогу ли я пользоваться моими файлами? Цитата Ссылка на сообщение Поделиться на другие сайты
Roman_Five 598 Опубликовано 7 марта, 2015 Share Опубликовано 7 марта, 2015 Возможно ли расшифровать файлы, зашифрованные вирусом? 1) восстановить из бекапа2) заплатить (не факт)логи под спойлер не надо.просто прикрепите. Цитата Ссылка на сообщение Поделиться на другие сайты
Рекомендуемые сообщения
Присоединяйтесь к обсуждению
Вы можете написать сейчас и зарегистрироваться позже. Если у вас есть аккаунт, авторизуйтесь, чтобы опубликовать от имени своего аккаунта.