Внимание! Все важные файлы на всех дисках вашего компьютера были зашифрованы

4 марта, 2015

Все текстовые файлы, файлы "Ворд" и "Эксель" на ПК поменяли свое название и расширение. Выполнил первые 3 пункта "Порядка оформления запроса о помощи". Что делать дальше? На ПК большинство файлов связаны с работой. Как открыть зашифрованные файлы?

CollectionLog-2015.03.04-21.11.zip

4 марта, 2015

Выполните скрипт в AVZ

begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
  begin
   SearchRootkit(true, true);
   SetAVZGuardStatus(True);
  end;
TerminateProcessByName('c:\users\leonid\appdata\local\amigo\application\amigo.exe');
DeleteFile('c:\users\leonid\appdata\local\amigo\application\amigo.exe','32');
DeleteFile('C:\Users\Leonid\AppData\Local\Amigo\Application\vk.exe','32');
DeleteFile('C:\Windows\system32\Tasks\{2AC34700-C24B-4147-8127-BAEED47B8132}','32');
DeleteFile('C:\Windows\system32\Tasks\{B59D6F5B-B091-4338-8828-49966CD6796E}','32');
DeleteFile('C:\Windows\system32\Tasks\{F3D9D83D-8F37-4D1A-8668-DE5B20C38818}','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.

Компьютер перезагрузится.

Пофиксите в HiJack

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
O4 - HKCU\..\Run: [26C78E01] C:\Users\Leonid\AppData\Roaming\26C78E01\bin.exe

Сделайте новые логи по правилам

Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.

Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5".
Нажмите кнопку Scan.
После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.
Если программа была запущена в первый раз, будет создан отчет (Addition.txt). Пожалуйста, прикрепите его в следующем сообщении.

7 марта, 2015

Первую пофиксили

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>

Второй не было в HiJack

O4 - HKCU\..\Run: [26C78E01] C:\Users\Leonid\AppData\Roaming\26C78E01\bin.exe

Логи:

hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:05:12, on 07.03.2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17126)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\TeamViewer\Version8\TeamViewer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\USB Camera2\VM332_STI.EXE

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Lenovo\Energy Management\utility.exe

C:\Program Files\Lenovo\Energy Management\Energy Management.exe

C:\Program Files\EgisTec IPS\PmmUpdate.exe

C:\Program Files\Lenovo\YouCam\YouCamTray.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

D:\Program Files\2gis\3.0\2GISTrayNotifier.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\drivers\usb_driver.exe

C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe

C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe

C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe

C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Intel\WiMAX\bin\wimaxcu.exe

C:\Program Files\EgisTec IPS\EgisUpdate.exe

C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe

C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

D:\Skype\Phone\Skype.exe

D:\Install\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?win=130&clid=2153702

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll

O2 - BHO: IEPwdBankBHO - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files\EgisTec BioExcess\EgisIEPwdBank.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Визуальные закладки - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - C:\Program Files\Yandex\FastDial\fastdial.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll

O3 - Toolbar: Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll

O3 - Toolbar: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll

O4 - HKLM\..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE

O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe

O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe

O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe

O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"

O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\Lenovo\YouCam\YouCamTray.exe" /s

O4 - HKLM\..\Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash

O4 - HKLM\..\Run: [TpShocks] C:\Windows\system32\TpShocks.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [2Gis Update Notifier] "D:\Program Files\2gis\3.0\2GISTrayNotifier.exe" -delayed_start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKCU\..\Run: [KabAuth] C:\Users\Leonid\Desktop\kabauth.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [usbDriver] c:\WINDOWS\system32\drivers\usb_driver.exe

O4 - HKCU\..\Run: [Praetorian] C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe

O4 - HKCU\..\Run: [syncManPath] "C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" -autostart

O4 - HKCU\..\Run: [MailRuUpdater] C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe

O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe

O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.bft-tender.ru

O15 - Trusted Zone: http://*.otc-agro.ru

O15 - Trusted Zone: http://*.otc-finance.ru

O15 - Trusted Zone: http://*.otc-region.ru

O15 - Trusted Zone: http://*.otc-tender.ru

O15 - Trusted Zone: http://*.otc.ru

O15 - Trusted Zone: http://*.rts-tender.ru

O15 - Trusted Zone: *.sberbank-ast.ru

O15 - Trusted Zone: http://*.sberbank-ast.ru

O16 - DPF: {2E3F2257-5717-48F6-B923-F83E908E2311} (TSPSigner Class) - https://web-ppo.zakazrf.ru/ICLCrypt-x32.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F7E60974-7F71-4F4A-BC3B-DF67801BD1AC} (Signer Class) - https://supplier-web.rts-tender.ru/RTSCrypto.cab

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O23 - Service: 2GIS UpdateService (2GISUpdateService) - ООО ДубльГИС - D:\Program Files\2gis\3.0\2GISUpdateService.exe

O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe

O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Служба управления устройствами Intel® PROSet/Wireless WiMAX Red Bend (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

O23 - Service: EgisTec Data Security Service - Egis Technology Inc. - C:\Program Files\EgisTec BioExcess\EgisDSService.exe

O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files\EgisTec BioExcess\EgisService.exe

O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files\EgisTec Port Locker\Egishlpsvc.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe

O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe

O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe

O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Skype\Updater\Updater.exe

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: IdeaPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Служба Intel® PROSet/Wireless WiMAX (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

--

End of file - 13322 bytes

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015

Ran by Leonid (administrator) on LEONID-PC on 07-03-2015 18:26:26

Running from C:\Users\Leonid\Downloads

Loaded Profiles: Leonid (Available profiles: Leonid & Неуймина)

Platform: Microsoft Windows 7 Максимальная Service Pack 1 (X86) OS Language: Русский (Россия)

Internet Explorer Version 11 (Default browser path: "C:\Users\Leonid\AppData\Local\Amigo\Application\amigo.exe" -- "%1")

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Egis Technology Inc. ) C:\Program Files\EgisTec BioExcess\EgisService.exe

(Egis Technology Inc. ) C:\Program Files\EgisTec Port Locker\Egishlpsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(ABBYY (BIT Software)) C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Egis Technology Inc. ) C:\Program Files\EgisTec BioExcess\EgisDSService.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

() C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe

(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

(HP) C:\Windows\System32\HPSIsvc.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe

(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe

(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe

(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

(Lenovo.) C:\Windows\System32\TPHDEXLG.exe

(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe

(Vimicro) C:\Program Files\USB Camera2\VM332_STI.EXE

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe

(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe

(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe

(CyberLink Corp.) C:\Program Files\Lenovo\YouCam\YouCamTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(ООО ДубльГИС) D:\Program Files\2gis\3.0\2GISTrayNotifier.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

(Akamai Technologies, Inc.) C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Корпорация Майкрософт) C:\Windows\System32\drivers\usb_driver.exe

(Yandex LLC) C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe

(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

() C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe

(Mail.Ru) C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe

(Akamai Technologies, Inc.) C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe

() C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(КАБiNET) C:\Users\Leonid\Desktop\kabauth.exe

(Skype Technologies S.A.) D:\Skype\Phone\Skype.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [332BigDog] => C:\Program Files\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [1822600 2010-03-29] (ELAN Microelectronics Corp.)

HKLM\...\Run: [iMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2009-09-30] ()

HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4204448 2010-04-12] (Lenovo(beijing) Limited)

HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [6285216 2010-03-18] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EgisTecPMMUpdate] => C:\Program Files\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.)

HKLM\...\Run: [EgisUpdate] => C:\Program Files\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.)

HKLM\...\Run: [uCam_Menu] => C:\Program Files\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM\...\Run: [YouCam Mirror Tray icon] => C:\Program Files\Lenovo\YouCam\YouCamTray.exe [171104 2010-03-02] (CyberLink Corp.)

HKLM\...\Run: [intelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1437696 2009-09-16] (Intel® Corporation)

HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [186272 2010-03-15] (Lenovo.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9222760 2010-06-02] (Realtek Semiconductor)

HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)

HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG)

HKLM\...\Run: [2Gis Update Notifier] => D:\Program Files\2gis\3.0\2GISTrayNotifier.exe [4582936 2014-12-18] (ООО ДубльГИС)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2008-09-06] (Apple Inc.)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2011-01-14] (ESET)

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2009-03-25] (Nero AG)

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [Corel Photo Downloader] => "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [KabAuth] => C:\Users\Leonid\Desktop\kabauth.exe [877568 2011-06-15] (КАБiNET)

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Leonid\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [usbDriver] => c:\WINDOWS\system32\drivers\usb_driver.exe [577536 2011-04-20] (Корпорация Майкрософт)

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [Praetorian] => C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe [1737024 2014-01-09] (Yandex LLC)

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [syncManPath] => C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe [17410336 2015-02-09] ()

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [MailRuUpdater] => C:\Users\Leonid\AppData\Local\Mail.Ru\MailRuUpdater.exe [7241960 2015-02-25] (Mail.Ru)

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Run: [26C78E01] => C:\Users\Leonid\AppData\Roaming\26C78E01\bin.exe [49152 2015-03-07] ()

Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter

ShellIconOverlayIdentifiers: [0YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()

ShellIconOverlayIdentifiers: [0YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()

ShellIconOverlayIdentifiers: [0YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()

ShellIconOverlayIdentifiers: [0YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ru.msn.com/?ocid=iehp

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?win=130&clid=2153702

SearchScopes: HKLM -> DefaultScope Yandex URL = http://yandex.ru/yandsearch?clid=155830&text={searchTerms}

SearchScopes: HKLM -> Yandex URL = http://yandex.ru/yandsearch?clid=155830&text={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg

SearchScopes: HKU\.DEFAULT -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg

SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg

SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> Moikrug URL = http://moikrug.ru/persons/?clid=155830&charset=utf-8&keywords={searchTerms}&submitted=1

SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> Yandex URL =

SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?win=151&clid=2153703&text={searchTerms}

SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> {F76319B5-BE67-4DE4-A3C5-00B656A59C8D} URL = http://nova.rambler.ru/search?query={searchTerms}&utm_source=r33&utm_medium=distribution&utm_content=e09&utm_campaign=4w01

SearchScopes: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg

BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

BHO: PDFXChange 4.0 -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} -> C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)

BHO: IEPwdBankBHO Class -> {56CBB761-DA41-4E31-B270-B13B4B0A61D0} -> C:\Program Files\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. )

BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: MailRuBHO Class -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO: Визуальные закладки -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> C:\Program Files\Yandex\FastDial\fastdial.dll ()

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)

Toolbar: HKLM - Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll (ООО «ЯНДЕКС»)

Toolbar: HKLM - Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)

Toolbar: HKU\.DEFAULT -> Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll (ООО «ЯНДЕКС»)

Toolbar: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> Яндекс.Бар (для uTorrent) - {1208AB5D-4748-49fe-A74A-484AE2FA5D34} - C:\Program Files\Yandex\YandexBarIE\bars\barietorrent\yndbar.dll (ООО «ЯНДЕКС»)

Toolbar: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No File

DPF: {2E3F2257-5717-48F6-B923-F83E908E2311} https://web-ppo.zakazrf.ru/ICLCrypt-x32.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F7E60974-7F71-4F4A-BC3B-DF67801BD1AC} https://supplier-web.rts-tender.ru/RTSCrypto.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:

========

FF ProfilePath: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default

FF NewTab: yafd:tabs

FF DefaultSearchEngine: Поиск@Mail.Ru

FF SearchEngineOrder.3: Bing

FF SelectedSearchEngine: Поиск@Mail.Ru

FF Homepage: hxxp://go.mail.ru/?ffverfix=1&fr=ffverfix_sg

FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF Plugin HKU\S-1-5-21-3904404758-3084505066-3444409724-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF Plugin HKU\S-1-5-21-3904404758-3084505066-3444409724-1000: @rts-tender.ru -> C:\Windows\system32\npRTSCrypto.dll (RTS )

FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\bingp.xml

FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml

FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\rambler.xml

FF SearchPlugin: C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-093331.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mailru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml

FF Extension: Візуальныя закладкі - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\vb@yandex.ru [2014-08-02]

FF Extension: Спутник @Mail.Ru - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2013-12-29]

FF Extension: DownloadHelper - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-06]

FF Extension: Adblock Plus - C:\Users\Leonid\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-19]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video

FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-04-23]

FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-04-23]

FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-02-20]

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-07-27]

Chrome:

=======

CHR HomePage: Profile 1 -> hxxp://www.yandex.ru/?win=75&clid=1936586

CHR StartupUrls: Profile 1 -> "hxxp://www.yandex.ru/?win=75&clid=1936586", "hxxp://ru.msn.com/?pc=UP97&ocid=UP97DHP"

CHR DefaultSearchKeyword: Profile 1 -> yandex.ru

CHR DefaultSearchURL: Profile 1 -> http://yandex.ru/yandsearch?text={searchTerms}

CHR DefaultSuggestURL: Profile 1 -> http://suggest.yandex.net/suggest-ff.cgi?part={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll ()

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

CHR Profile: C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-30]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-30]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-10-30]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcncjpganfocbfoenaemagjjopkkindp [2014-06-27]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaocgokledfmfebefgbeokdodbbdjhdd [2013-10-11]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-10-30]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-30]

CHR Profile: C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-05]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-05]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-11-05]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-10]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nkcpopggjcjkiicpenikeogioednjeac [2013-06-19]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]

CHR Extension: (No Name) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-11-05]

CHR Extension: (Gmail) - C:\Users\Leonid\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-05]

CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM\...\Chrome\Extension: [nkcpopggjcjkiicpenikeogioednjeac] - C:\Users\Leonid\AppData\Local\Temp\nkcpopggjcjkiicpenikeogioednjeac.crx [2013-06-08]

CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]

CHR HKLM\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 2GISUpdateService; D:\Program Files\2gis\3.0\2GISUpdateService.exe [3764760 2014-12-18] (ООО ДубльГИС)

R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [566560 2008-06-18] (ABBYY (BIT Software)) [File not signed]

S3 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2235448 2007-03-26] ()

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 cpcsp1; C:\Program Files\Crypto Pro\CSP\cpcspi.dll [669000 2012-04-20] (Компания Крипто-Про)

S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт)

R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [352256 2009-09-15] (Red Bend Ltd.) [File not signed]

R2 EgisTec Data Security Service; C:\Program Files\EgisTec BioExcess\EgisDSService.exe [314736 2010-11-12] (Egis Technology Inc. )

R2 EgisTec Service; C:\Program Files\EgisTec BioExcess\EgisService.exe [709488 2010-11-12] (Egis Technology Inc. )

R2 EgisTec Service Help; C:\Program Files\EgisTec Port Locker\Egishlpsvc.exe [322416 2010-05-19] (Egis Technology Inc. )

S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2011-01-14] (ESET)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2011-01-14] (ESET)

R2 Guard.Mail.ru; C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [4053736 2015-02-22] ()

R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]

R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)

S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)

S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)

R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)

R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)

R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.) [File not signed]

S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies)

R3 TermService; C:\Windows\System32\termsrv.dll [521216 2011-02-25] (Microsoft Corporation) [File not signed]

R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [1368064 2009-09-15] (Intel® Corporation) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21256 2009-09-03] (Lenovo Corporation)

R0 B46530BE; C:\Windows\System32\drivers\B46530BE.sys [135264 2015-03-05] (Kaspersky Lab ZAO)

R3 bpenum; C:\Windows\System32\DRIVERS\bpenum.sys [56832 2009-09-15] (Intel Corporation)

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)

R1 CProCtrl; C:\Windows\System32\DRIVERS\CProCtrl.sys [66344 2012-04-10] (Компания Крипто-Про)

S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed]

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2009-07-14] (Microsoft Corporation)

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-12-21] (ESET)

R1 EgisTecFF; C:\Windows\System32\DRIVERS\EgisTecFF.sys [44520 2011-04-22] (Egis Technology Inc.)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-12-21] (ESET)

R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [95384 2010-12-21] (ESET)

R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [131072 2010-03-26] (ELAN Microelectronics Corp.)

R2 FPSensor; C:\Windows\System32\Drivers\FPSensor.sys [29232 2011-04-22] (EgisTec)

R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)

R2 haspflt; C:\Windows\system32\drivers\haspflt.sys [29024 2004-12-10] () [File not signed]

R2 Haspnt; C:\Windows\system32\drivers\Haspnt.sys [47616 2014-12-17] (Aladdin Knowledge Systems) [File not signed]

S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [9344 2007-07-06] (Hewlett Packard)

S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation)

R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)

R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-21] (Корпорация Майкрософт)

R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [18992 2011-04-22] (Egis Technology Inc.)

R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2011-04-22] (Egis Technology Inc.)

R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [60976 2011-04-22] (Egis Technology Inc.)

R2 npf; C:\Windows\System32\drivers\npf.sys [34064 2009-03-16] (CACE Technologies)

R3 RTIFDH; C:\Windows\System32\DRIVERS\rtIFDH.sys [13312 2012-02-27] (Компания "Актив")

S3 RTUSB; C:\Windows\System32\DRIVERS\rtUSB.sys [29824 2012-02-27] (Компания "Актив")

S3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [83208 2007-04-03] (MCCI Corporation)

S3 s616mdfl; C:\Windows\System32\DRIVERS\s616mdfl.sys [15112 2007-04-03] (MCCI Corporation)

S3 s616mdm; C:\Windows\System32\DRIVERS\s616mdm.sys [108680 2007-04-03] (MCCI Corporation)

S3 s616mgmt; C:\Windows\System32\DRIVERS\s616mgmt.sys [100360 2007-04-03] (MCCI Corporation)

S3 s616nd5; C:\Windows\System32\DRIVERS\s616nd5.sys [23176 2007-04-03] (MCCI Corporation)

S3 s616obex; C:\Windows\System32\DRIVERS\s616obex.sys [98568 2007-04-03] (MCCI Corporation)

S3 s616unic; C:\Windows\System32\DRIVERS\s616unic.sys [99080 2007-04-03] (MCCI Corporation)

R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed]

S3 uji5njew; C:\Windows\system32\Drivers\uji5njew.sys [10240 2015-03-05] (Zaitsev Oleg, 2006) [File not signed]

S3 uti5njew; C:\Windows\system32\Drivers\uti5njew.sys [7168 2015-03-05] () [File not signed]

R3 vm332avs; C:\Windows\System32\Drivers\vm332avs.sys [198000 2010-05-10] (Vimicro Corporation)

R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт)

R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows ® Codename Longhorn DDK provider)

S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AcpiVpc.sys E4D3DD5A1FC4AEF696D34D4B97049343

C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC

C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\drivers\arc.sys ==> MD5 is legit

C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit

C:\Windows\System32\drivers\B46530BE.sys 6022F174CEB149650DCB5BE445A0E72A

C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bcmwl6.sys CDA161020BF75B12728AE394196AD991

C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bpenum.sys 2B21B3E9ABF067CE0B0878E2517A8971

C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\drivers\WDBridge.sys B35BB97B6DD9913093579F5C83962636

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit

C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1

C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB

C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CProCtrl.sys E6E39505B3F9846172C96CACB3986CD8

C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\csc.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\system32\Drivers\DgiVecp.sys 7F19DBA1A467B838CCB23124A2C55568

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\drivers\disk.sys ==> MD5 is legit

C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E

C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C

C:\Windows\System32\DRIVERS\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF

C:\Windows\System32\DRIVERS\Dot4Scan.sys 9F7DE667C505CE6500BECDD8E11644D7

C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7

C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E

C:\Windows\System32\DRIVERS\eamonm.sys 04CBA07E73F152970FC34D66D3892E2A

C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\EgisTecFF.sys 1209F5F93B199CF9E7E7F58AC7D90641

C:\Windows\System32\DRIVERS\ehdrv.sys FE7824239D132AD9EBD8645FE1199B30

C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\epfwwfpr.sys DDB45F6371714601A43E8BE38145BE18

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ETD.sys D2AD190C9F89B91C0A8CDEB81FDBDCEB

C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\Drivers\FPSensor.sys 041033F5DED5E58F8198CE31CFD09562

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05

C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB

C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit

C:\Windows\system32\drivers\hardlock.sys C1CC0C9742B881C42F1CC628E6F9EBD1

C:\Windows\system32\drivers\haspflt.sys F535EC9C1E5DAB373C0957D06BA22D6B

C:\Windows\system32\drivers\Haspnt.sys 2DD25F060DC9F79B5CDF33D90ED93669

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972

C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\HECI.sys ==> MD5 is legit

C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit

C:\Windows\System32\drivers\hpfxbulk.sys 9E3944A558AB84853EF985988E23A8A4

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\iaStor.sys D483687EACE0C065EE772481A96E05F5

C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E

C:\Windows\System32\DRIVERS\igdkmd32.sys 8266AE06DF974E5BA047B3E9E9E70B3F

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Impcd.sys E3C36AC5AE87EC970AE8EA2A93D59AE1

C:\Windows\System32\drivers\RTKVHDA.sys ACEC5BBEE4AA34D74BE0E2E512CC2026

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9

C:\Windows\System32\DRIVERS\ivusb.sys 994EBB45C4B438E1F6EA0B958AE9B9A3

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E

C:\Windows\System32\Drivers\ksecpkg.sys D3964885F0A11ACF51DA3AAA776973B2

C:\Windows\System32\DRIVERS\L1C62x86.sys B05ADCD03AAED42607371186F359D8A5

C:\Windows\System32\DRIVERS\LhdX86.sys 8FF8B5F04AC4D57F9A965BB4DF07813E

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit

C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F

C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25

C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC

C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E

C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mvusbews.sys 12AAA46852CFD850129881971976F047

C:\Windows\System32\DRIVERS\mwlPSDFilter.sys CB47C414E083CA6E50E634B148F28F64

C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 647B953019559BFF07536F5C6121F333

C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys 5A236A36DB8687D1E64DC81C03EAABE1

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\drivers\npf.sys 6623E51595C0076755C29C00846C4EB2

C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC

C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0

C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\drivers\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B

C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\drivers\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit

C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RtsUStor.sys A633399432491BB173BB3CF3B41B9C55

C:\Windows\System32\DRIVERS\rtIFDH.sys 6C5BAB6BE480D966A3904D8BF12AA3AC

C:\Windows\System32\DRIVERS\rtUSB.sys 022548C5D0DFBA837B535FC9C040238B

C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\s616bus.sys EF4B5A8D53F15CB269469DD4E4BB0109

C:\Windows\System32\DRIVERS\s616mdfl.sys 96187731EEFCF83E844BC1CE6617AAEB

C:\Windows\System32\DRIVERS\s616mdm.sys D2DD87368BFECFA099E50DC120F3F513

C:\Windows\System32\DRIVERS\s616mgmt.sys 5F0BE24E4D4FA134B0B2FEF35D3A9D90

C:\Windows\System32\DRIVERS\s616nd5.sys B9B507FCC67E204EF38E05FFD4176345

C:\Windows\System32\DRIVERS\s616obex.sys F123A1F2A04A0E8DBA80B64F0072475A

C:\Windows\System32\DRIVERS\s616unic.sys E7E55048EBD5C17BFA791B4A6EC3D54B

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\serial.sys ==> MD5 is legit

C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Apsx86.sys A8D80861A96E8964A3C6B5406B3083C4

C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\snapman.sys E78C98378A071CE4D48A7C514FA98FA1

C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46

C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB

C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC

C:\Windows\system32\Drivers\SSPORT.sys EF3458337D7341A05169CEFC73709264

C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit

C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit

C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit

C:\Windows\System32\drivers\synth3dvsc.sys F2AD8960812FD111E20E84659EF19D43

C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B

C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B

C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit

C:\Windows\system32\drivers\terminpt.sys 052306FD76793D5D5AB5D9891FD1ADBB

C:\Windows\System32\DRIVERS\ApsHM86.sys 033C4FEB60ADC2234984DEC816672FED

C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101

C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit

C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282

C:\Windows\System32\drivers\tsusbhub.sys 045ACB987C650D8186C6B4A692223860

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\Drivers\uji5njew.sys 817D8D89FE54E6E207BF50582C1C0E4B

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit

C:\Windows\system32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF

C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46

C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041

C:\Windows\system32\drivers\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6

C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A

C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036

C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A

C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB

C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5

C:\Windows\system32\Drivers\uti5njew.sys 524D8D450622DB4A7875B111C299A76B

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\vm332avs.sys 87E8D95688A8C8DEF43288A0613E6CD4

C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7

C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882

C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\drivers\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645

C:\Windows\System32\DRIVERS\WDMirror.sys EA4E9DD00E69B35F9BD3D39ACB113E3F

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wsvd.sys BAEDC491374DEFD5E76336901D6D397D

C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070

C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 18:26 - 2015-03-07 18:27 - 00052397 _____ () C:\Users\Leonid\Downloads\FRST.txt

2015-03-07 18:26 - 2015-03-07 18:26 - 00000000 ____D () C:\FRST

2015-03-07 11:04 - 2015-03-07 11:04 - 00000866 _____ () C:\Users\Leonid\Desktop\HijackThis.exe - Ярлык.lnk

2015-03-05 22:49 - 2015-03-05 22:49 - 00079917 _____ () C:\Users\Leonid\Desktop\logs_05.03.2015_22_36_46.log

2015-03-05 21:07 - 2015-03-05 21:07 - 00010240 _____ (Zaitsev Oleg, 2006) C:\Windows\system32\Drivers\uji5njew.sys

2015-03-05 21:00 - 2015-03-05 23:03 - 00000000 ____D () C:\Program Files\NoVirusThanks

2015-03-05 21:00 - 2015-03-05 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks

2015-03-05 20:59 - 2015-03-05 20:59 - 00931678 _____ (NoVirusThanks Company Srl ) C:\Users\Leonid\Downloads\hijackhunter_setup.exe

2015-03-05 20:47 - 2015-03-05 20:47 - 00135264 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\B46530BE.sys

2015-03-05 20:43 - 2015-03-05 20:43 - 01132544 _____ (Farbar) C:\Users\Leonid\Downloads\FRST.exe

2015-03-05 20:41 - 2015-03-05 20:41 - 00007168 ___SH () C:\Users\Leonid\AppData\Roaming\Thumbs.db

2015-03-04 20:13 - 2015-03-05 21:07 - 00007168 _____ () C:\Windows\system32\Drivers\uti5njew.sys

2015-03-04 15:41 - 2015-03-04 15:47 - 00000000 ____D () C:\KVRT_Data

2015-03-04 15:23 - 2015-03-04 15:25 - 193295694 _____ () C:\Users\Leonid\Downloads\Не подтвержден 931626.crdownload

2015-03-04 13:17 - 2015-03-07 09:17 - 00000000 ___RD () C:\Users\Leonid\YandexDisk-slv196

2015-03-03 20:51 - 2015-03-03 20:53 - 00000000 ____D () C:\Users\Leonid\Desktop\Новая папка

2015-03-03 20:44 - 2015-03-03 20:55 - 00069624 _____ () C:\Users\Leonid\AppData\Local\GDIPFONTCACHEV1.DAT

2015-03-03 20:44 - 2015-03-03 20:44 - 00000020 ___SH () C:\Users\Leonid\ntuser.ini

2015-03-03 19:06 - 2015-03-03 19:06 - 03148854 _____ () C:\Users\Leonid\AppData\Roaming\8CD78B8D8CD78B8D.bmp

2015-03-03 16:17 - 2015-03-04 15:55 - 00000000 __SHD () C:\Users\Все пользователи\Windows

2015-03-03 16:17 - 2015-03-04 15:55 - 00000000 __SHD () C:\ProgramData\Windows

2015-03-03 16:17 - 2015-03-03 16:17 - 00000000 ___HD () C:\Users\Leonid\AppData\Roaming\26C78E01

2015-02-24 17:33 - 2015-02-24 17:33 - 00000000 ____D () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс.Диск

2015-02-24 15:14 - 2015-02-24 15:14 - 00000000 ____D () C:\Users\Неуймина\AppData\Roaming\Opera

2015-02-24 15:14 - 2015-02-24 15:14 - 00000000 ____D () C:\Users\Неуймина\AppData\Local\Opera

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 18:26 - 2015-01-06 19:35 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-07 18:13 - 2011-04-23 00:07 - 00000000 ____D () C:\Users\Leonid\AppData\Roaming\Skype

2015-03-07 17:52 - 2012-10-30 17:11 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-07 09:52 - 2012-10-30 17:11 - 00000954 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-07 09:20 - 2009-07-14 09:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-07 09:20 - 2009-07-14 09:34 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-07 09:15 - 2011-01-23 02:44 - 01103193 _____ () C:\Windows\WindowsUpdate.log

2015-03-07 09:13 - 2014-12-10 15:40 - 08405015 _____ () C:\Windows\TempFile

2015-03-07 09:13 - 2011-04-22 23:33 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log

2015-03-07 09:13 - 2009-07-14 09:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-07 09:13 - 2009-07-14 09:39 - 00194169 _____ () C:\Windows\setupact.log

2015-03-05 21:10 - 2010-11-21 02:48 - 00071076 _____ () C:\Windows\PFRO.log

2015-03-04 15:55 - 2013-07-27 18:42 - 00000000 ____D () C:\Users\Leonid\AppData\Local\MediaGet2

2015-03-04 13:17 - 2014-04-02 11:58 - 00000000 ___RD () C:\Users\Leonid\YandexDisk-l.sokolsky

2015-03-04 13:17 - 2011-04-22 22:47 - 00000000 ____D () C:\Users\Leonid

2015-03-04 13:14 - 2009-07-14 09:33 - 00318576 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-03 20:53 - 2011-04-22 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

2015-03-03 20:53 - 2011-04-22 23:52 - 00000000 ____D () C:\Users\Все пользователи\Microsoft Help

2015-03-03 20:53 - 2011-04-22 23:52 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-03 20:45 - 2011-11-11 11:46 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Akamai

2015-03-03 19:05 - 2011-04-23 11:52 - 00000000 ____D () C:\ConsUserData

2015-03-03 19:04 - 2012-03-12 17:55 - 00000000 ____D () C:\hp_LJ3050-3052-3055-3390-3392_Full_Solution

2015-03-03 19:03 - 2014-10-27 10:28 - 01168256 _____ () C:\Users\Leonid\syEt1cYZM2eUGB8fHDvpglHs38J1keN5M5k0ij6OHUlcRS4Mp9GTxioqMQSdIBWNzeWUKSG39TtvXlj8UDiYD0gIKr0DJ3NCayLxCVKc-YA=.xtbl

2015-03-03 19:03 - 2013-04-28 08:09 - 00033152 ___SH () C:\Users\Leonid\RbhdyifbefqrLKZTVxV0kp8FN6HqK7NmIDOOj06LdLQ=.xtbl

2015-03-03 19:03 - 2012-12-17 16:08 - 04571808 ____H () C:\Users\Leonid\AppData\Local\mFMT3pttuY8bNJLQ+hZ0zdW9vJwQ8zEIxe1Lnz5DlqY=.xtbl

2015-03-03 19:03 - 2012-03-12 17:56 - 00003504 _____ () C:\Users\Все пользователи\opYbcl0Y5JSGqmJsy4hKzj8BuGuhvtGGWS3tpdyRDo0=.xtbl

2015-03-03 19:03 - 2012-03-12 17:56 - 00003504 _____ () C:\ProgramData\opYbcl0Y5JSGqmJsy4hKzj8BuGuhvtGGWS3tpdyRDo0=.xtbl

2015-03-03 19:03 - 2011-05-05 14:44 - 00003968 _____ () C:\Users\Leonid\AppData\Local\D34zm0trtLNSsOt-kmsAHdhzVk5kKYs+Q4TTS+P7NyaTYrTNmgDfq35NlA7KN3Sp5zrt4Ruv2pXOMYYKyEEL75Dn5uSotsp4HVWC21VMGy4=.xtbl

2015-03-03 19:03 - 2011-04-22 23:43 - 00000000 ____D () C:\Users\Все пользователи\OneKey Recovery

2015-03-03 19:03 - 2011-04-22 23:43 - 00000000 ____D () C:\ProgramData\OneKey Recovery

2015-03-03 19:03 - 2011-04-22 23:24 - 00000000 ____D () C:\Users\Все пользователи\Port Locker

2015-03-03 19:03 - 2011-04-22 23:24 - 00000000 ____D () C:\ProgramData\Port Locker

2015-03-03 19:03 - 2011-04-22 23:19 - 00069440 _____ () C:\Users\Leonid\AppData\Local\Y2JWQFTP1sJDnoAB924dXJDPvVGPHj2B4XvtEBrYtAbDncPbgB+3VW55+0i8WS0q.xtbl

2015-03-03 19:03 - 2011-04-22 23:16 - 00000000 ____D () C:\Users\Leonid\AppData\Local\BioExcess

2015-03-03 19:03 - 2011-04-22 22:47 - 00000416 ___SH () C:\Users\Leonid\wRyHHhJN2C0BY3w56ZgKvqRL7i23Jksv-cER1UCmlCs=.xtbl

2015-03-03 19:02 - 2011-04-25 13:52 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Lenovo Security Suite

2015-03-03 18:56 - 2014-04-19 21:59 - 00000000 ____D () C:\Users\Leonid\Desktop\Венера

2015-03-03 18:56 - 2013-08-14 14:36 - 00000000 ____D () C:\Users\Leonid\Desktop\катя

2015-03-03 18:56 - 2012-12-17 12:48 - 00000560 ____H () C:\Users\Leonid\Desktop\da9+9tNKyE2mxZhWgM1bqJfSqVJCmhWrq4zYEUy1dlA=.xtbl

2015-03-03 18:56 - 2012-10-05 16:26 - 00000560 ____H () C:\Users\Leonid\Desktop\k3tEVOzAMEzoyvhTIQObB8hXjoogtvJjRJowE7Z8jTr60fe3-NvZzziH6vtGfc2i.xtbl

2015-03-03 18:55 - 2015-02-03 15:48 - 00270352 _____ () C:\Users\Leonid\Downloads\fiso108Co0Pv5U+ao6E6sL3E16NUpzAO1M0Lj4NnX+A=.xtbl

2015-03-03 18:55 - 2015-02-03 14:11 - 00383232 _____ () C:\Users\Leonid\Downloads\u4Da4-pQ26vWRBOOVs8ih8nhbFLVhN1nbio6--kjv2GiBfctxJBX+jxcP08dEfDn2T4VoC-eCJkWjWHUbbcAONHeiEO7jvcvDLXzvS-s+RL7+f96o+42xZos36z9nou+Y-gNvrw0B-tuQdXLtdfx2mAJb6whxE0yEWgEHUsDlrpsBYRkRk3tsDdTUXCXV740.xtbl

2015-03-03 18:55 - 2015-02-02 07:55 - 00002128 _____ () C:\Users\Leonid\Downloads\8-CtMeoVeHS2Ebt0k4cr8sCSE-fnLc7nUtWb-+NQhLE=.xtbl

2015-03-03 18:55 - 2015-01-23 21:50 - 00056704 _____ () C:\Users\Leonid\Downloads\TnkzXCrlsIW-t9ci187PhYfUkT6MplDryLEYq+JOX2+jNMXGgql8Y3jxA+WmwMF6eKk0XxkplgK94htyAcb+XQ==.xtbl

2015-03-03 18:55 - 2015-01-12 10:09 - 00253952 _____ () C:\Users\Leonid\Downloads\9oD0JvLzNeK+p6F1S-XOxzH2eXBZRbxBIF2jVa7JoMpMFmdIA7f24SZuhhICzvC8hNjhcHrUDXbL03ARQ-v-h5kIojyfN25GzZQPxZt5c88=.xtbl

2015-03-03 18:55 - 2014-11-12 10:45 - 00084352 _____ () C:\Users\Leonid\Downloads\ysxmeWBzgPi3zmst-gpPEHu-to4vYUK18kwN4ZlJ-Lg=.xtbl

2015-03-03 18:55 - 2014-09-27 18:56 - 10083280 _____ () C:\Users\Leonid\Downloads\UgMaX5DQgt9q0c6-B04EVDyjnQHrWqFC8665f1ldyUI=.xtbl

2015-03-03 18:55 - 2014-09-27 18:55 - 09482048 _____ () C:\Users\Leonid\Downloads\atQ1AZRRq2nE+ksN0j-ugcK8+XJBAwPvk-qOSlLJJSs=.xtbl

2015-03-03 18:55 - 2014-09-17 18:49 - 20967200 _____ () C:\Users\Leonid\Downloads\Mihail_Kazinik_Taynye_znaki_kul_tury_23_01_11_radio_Serebryanyy_dozhd__-_dlya_skripki_s_orkestrom_sol__minor_Maksa_Bruha_Gost__Boris_Kazinik_syn_s_rasskazom_o_shvedskom_genii_ogane_Hel_mishe_Ro_mane_Johan_Helmich_Ro_ma.mp3.ytbl

2015-03-03 18:55 - 2014-04-01 13:52 - 00133424 _____ () C:\Users\Leonid\Downloads\rOqWHM3f54SUaSu4k+dPpMS92e9nrl3PkgFzt0N+rWZKKhiNZEH5c01T5V01CrXmmyORmWryWlb8QxWwtqX9RKmAz7BbDNihtWpfxrcDC9Q=.xtbl

2015-03-03 18:55 - 2014-02-26 11:05 - 00427392 _____ () C:\Users\Leonid\Downloads\FDfgpxdV4SUfBnnpd5QaaUn9VNJ9r8rhKkgfmqXdI1E=.xtbl

2015-03-03 18:55 - 2013-12-20 10:33 - 07084416 _____ () C:\Users\Leonid\Downloads\05Y4+a+aFdahirwcbf8TauX5FGDKa38G1TvA+lAJofIcSCvSCRexm60quu24xaTy0KKkTRYW6mMQ96RGkVfcKA==.xtbl

2015-03-03 18:55 - 2013-08-08 19:54 - 229891040 _____ () C:\Users\Leonid\Downloads\veL4mt2DSKruzHyWeagwyNCcx0o2mIuUe7ziiH3OMhISWeh8kMQeWA9cPZLtnpHPhaUwQ0v40171BDzrkC0bPkeT3B7r3cj6+JegjXq0SyX3fUoFAc-3WGr66EOc9aPU.xtbl

2015-03-03 18:55 - 2013-05-04 12:43 - 00000000 ____D () C:\Users\Leonid\Documents\Balabolka

2015-03-03 18:55 - 2013-01-06 19:09 - 00046448 _____ () C:\Users\Leonid\Downloads\d7mOyNR14X31beQiK6qdBhExnvD-dyWP4QWk76cTCc8I3QamdIfumnfG60oVyb10yxWM07OOa+uah-7QnccWiw==.xtbl

2015-03-03 18:54 - 2015-01-06 18:59 - 00007760 _____ () C:\Users\Leonid\Downloads\9yS+dgcAp7FcuNZW0yp00EMi-60GYAGNRRImS421uqqb1K6ZO1O7wXrA-qPT9ARf8IsPzqXhXQj1XMvciNzuxREj5ciKkQttWtsCSxcTkxI=.xtbl

2015-03-03 18:54 - 2014-02-11 12:48 - 00068480 _____ () C:\Users\Leonid\Downloads\kfayGDf2o7Yd3OkN0ztFF0k0BR47NWrBobQ6weHc5qJ-CuHJm+uUyK3ptNUtX03j+CDQ0diEMs0+4EYvM6k4TGs847P5CtJWb0M009XQrhb6SHFF2fLpUNijExEficVI.xtbl

2015-03-03 18:54 - 2013-01-06 19:11 - 00036736 _____ () C:\Users\Leonid\Downloads\uJjRKmvEHFl-vefklJcB+FyPtQBVQ2TzddXt9dPgm0V+FL1oFu5ANDu-DhsFOpGWBVb75x30QdON5MxNOFrI2w==.xtbl

2015-03-03 18:54 - 2011-07-25 13:54 - 00000000 ____D () C:\Users\Leonid\Downloads\Сверхобучение и творчество по методу КЛЮЧ

2015-03-03 18:31 - 2013-08-18 11:43 - 00000000 ___RD () C:\Users\Leonid\YandexDisk-rosi.rosi

2015-03-03 18:16 - 2012-12-17 12:16 - 00000000 ____D () C:\Users\Все пользователи\AMMYY

2015-03-03 18:16 - 2012-12-17 12:16 - 00000000 ____D () C:\ProgramData\AMMYY

2015-03-03 18:16 - 2012-03-12 17:56 - 00003504 _____ () C:\Users\Все пользователи\iSkkNtB+k5qGprzw3TPpQwP2LsNni7IrTaVlOh5+S4U=.xtbl

2015-03-03 18:16 - 2012-03-12 17:56 - 00003504 _____ () C:\ProgramData\iSkkNtB+k5qGprzw3TPpQwP2LsNni7IrTaVlOh5+S4U=.xtbl

2015-03-03 18:16 - 2011-04-22 23:43 - 00000000 ____D () C:\Users\Все пользователи\Active Protection System

2015-03-03 18:16 - 2011-04-22 23:43 - 00000000 ____D () C:\ProgramData\Active Protection System

2015-03-03 18:16 - 2011-04-22 23:21 - 00000000 ____D () C:\Users\Все пользователи\EgisTec IPS

2015-03-03 18:16 - 2011-04-22 23:21 - 00000000 ____D () C:\ProgramData\EgisTec IPS

2015-03-03 18:15 - 2012-04-02 19:17 - 00000000 ____D () C:\VueScan

2015-03-03 16:18 - 2011-04-22 22:47 - 00000000 ____D () C:\Users\Leonid\AppData\Local\VirtualStore

2015-03-02 12:08 - 2014-04-23 10:15 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Amigo

2015-03-01 22:01 - 2011-05-23 10:33 - 00000051 _____ () C:\Users\Leonid\AppData\Roaming\default.pls

2015-03-01 20:09 - 2014-07-26 15:28 - 00002283 _____ () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk

2015-03-01 20:09 - 2014-07-26 15:28 - 00002283 _____ () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Вконтакте.lnk

2015-03-01 20:09 - 2014-07-26 15:28 - 00002258 _____ () C:\Users\Leonid\Desktop\Вконтакте.lnk

2015-03-01 20:09 - 2014-04-23 10:15 - 00002246 _____ () C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Амиго.lnk

2015-03-01 20:09 - 2014-04-23 10:15 - 00002221 _____ () C:\Users\Leonid\Desktop\Амиго.lnk

2015-03-01 20:09 - 2013-10-11 14:38 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Mail.Ru

2015-03-01 20:07 - 2010-11-21 07:30 - 00724930 _____ () C:\Windows\system32\perfh019.dat

2015-03-01 20:07 - 2010-11-21 07:30 - 00151214 _____ () C:\Windows\system32\perfc019.dat

2015-03-01 20:07 - 2010-11-21 02:01 - 01649802 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-27 09:32 - 2011-05-05 14:07 - 00005642 ___SH () C:\Users\Все пользователи\KGyGaAvL.sys

2015-02-27 09:32 - 2011-05-05 14:07 - 00005642 ___SH () C:\ProgramData\KGyGaAvL.sys

2015-02-27 09:32 - 2011-05-05 14:07 - 00000168 __RSH () C:\Users\Все пользователи\7013929A08.sys

2015-02-27 09:32 - 2011-05-05 14:07 - 00000168 __RSH () C:\ProgramData\7013929A08.sys

2015-02-22 07:17 - 2013-10-25 14:57 - 00000000 ____D () C:\Users\Все пользователи\Guard.Mail.Ru

2015-02-22 07:17 - 2013-10-25 14:57 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru

2015-02-20 10:13 - 2015-01-28 10:08 - 00000000 ____D () C:\Users\Неуймина\Desktop\Обмен

2015-02-15 14:41 - 2014-04-23 10:15 - 00000000 ____D () C:\Users\Leonid\AppData\Local\MailRu

2015-02-09 17:57 - 2011-06-18 16:28 - 00000000 ____D () C:\Users\Leonid\AppData\Local\Yandex

2015-02-09 15:27 - 2014-12-17 10:08 - 00069048 _____ () C:\Users\Неуймина\AppData\Local\GDIPFONTCACHEV1.DAT

2015-02-06 19:16 - 2011-04-22 23:14 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2015-02-06 19:04 - 2011-05-10 07:31 - 00000000 ____D () C:\Windows\Downloaded Installations

2015-02-06 19:04 - 2011-05-10 07:31 - 00000000 ____D () C:\Program Files\Common Files\Teleca Shared

2015-02-06 19:00 - 2012-11-14 12:57 - 00000000 ____D () C:\Users\Leonid\AppData\Local\AETP

2015-02-06 09:26 - 2015-01-06 19:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-02-06 09:26 - 2011-05-19 10:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-03-03 19:06 - 2015-03-03 19:06 - 3148854 _____ () C:\Users\Leonid\AppData\Roaming\8CD78B8D8CD78B8D.bmp

2011-05-23 10:33 - 2015-03-01 22:01 - 0000051 _____ () C:\Users\Leonid\AppData\Roaming\default.pls

2015-03-05 20:41 - 2015-03-05 20:41 - 0007168 ___SH () C:\Users\Leonid\AppData\Roaming\Thumbs.db

2011-06-17 22:50 - 2011-06-17 22:50 - 0033134 _____ () C:\Users\Leonid\AppData\Roaming\UserTile.png

2011-05-05 14:44 - 2015-03-03 19:03 - 0003968 _____ () C:\Users\Leonid\AppData\Local\D34zm0trtLNSsOt-kmsAHdhzVk5kKYs+Q4TTS+P7NyaTYrTNmgDfq35NlA7KN3Sp5zrt4Ruv2pXOMYYKyEEL75Dn5uSotsp4HVWC21VMGy4=.xtbl

2012-12-17 16:08 - 2015-03-03 19:03 - 4571808 ____H () C:\Users\Leonid\AppData\Local\mFMT3pttuY8bNJLQ+hZ0zdW9vJwQ8zEIxe1Lnz5DlqY=.xtbl

2011-04-22 23:19 - 2015-03-03 19:03 - 0069440 _____ () C:\Users\Leonid\AppData\Local\Y2JWQFTP1sJDnoAB924dXJDPvVGPHj2B4XvtEBrYtAbDncPbgB+3VW55+0i8WS0q.xtbl

2011-05-05 14:07 - 2015-02-27 09:32 - 0000168 __RSH () C:\ProgramData\7013929A08.sys

2012-03-12 17:56 - 2012-05-04 13:56 - 0003114 _____ () C:\ProgramData\hpzinstall.log

2012-03-12 17:56 - 2015-03-03 18:16 - 0003504 _____ () C:\ProgramData\iSkkNtB+k5qGprzw3TPpQwP2LsNni7IrTaVlOh5+S4U=.xtbl

2011-05-05 14:07 - 2015-02-27 09:32 - 0005642 ___SH () C:\ProgramData\KGyGaAvL.sys

2012-03-12 17:56 - 2015-03-03 19:03 - 0003504 _____ () C:\ProgramData\opYbcl0Y5JSGqmJsy4hKzj8BuGuhvtGGWS3tpdyRDo0=.xtbl

Some content of TEMP:

====================

C:\Users\Leonid\AppData\Local\Temp\amigo_setup.exe

C:\Users\Leonid\AppData\Local\Temp\haspdinst_x64.exe

C:\Users\Leonid\AppData\Local\Temp\haspds_windows.dll

C:\Users\Leonid\AppData\Local\Temp\hasp_windows.dll

C:\Users\Leonid\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Leonid\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Leonid\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Leonid\AppData\Local\Temp\ose00000.exe

C:\Users\Leonid\AppData\Local\Temp\RUpdate.exe

C:\Users\Leonid\AppData\Local\Temp\sender.exe

C:\Users\Leonid\AppData\Local\Temp\Setup-internet.exe

C:\Users\Leonid\AppData\Local\Temp\Setup-praetorian.exe

C:\Users\Leonid\AppData\Local\Temp\Setup-yabrowser.exe

C:\Users\Leonid\AppData\Local\Temp\utt3EF9.tmp.exe

C:\Users\Leonid\AppData\Local\Temp\utt4937.tmp.exe

C:\Users\Leonid\AppData\Local\Temp\yandex-downloader.exe

C:\Users\Leonid\AppData\Local\Temp\YandexPackSetup.exe

C:\Users\Leonid\AppData\Local\Temp\yupdate-exec-praetorian.exe

C:\Users\Leonid\AppData\Local\Temp\yupdate-exec-yabrowser.exe

C:\Users\Leonid\AppData\Local\Temp\yupdate-executor-internet.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

„ЁбЇҐвзҐа § Јаг§ЄЁ Windows

--------------------

Ё¤ҐвЁдЁЄ в®а {bootmgr}

device partition=\Device\HarddiskVolume1

description Windows Boot Manager

locale ru-RU

inherit {globalsettings}

default {current}

resumeobject {433cda2a-2670-11e0-88a7-d106067d3e34}

displayorder {current}

toolsdisplayorder {memdiag}

timeout 30

‡ Јаг§Є Windows

-------------------

Ё¤ҐвЁдЁЄ в®а {current}

device partition=C:

path \Windows\system32\winload.exe

description Windows 7

locale ru-RU

inherit {bootloadersettings}

recoverysequence {433cda2c-2670-11e0-88a7-d106067d3e34}

recoveryenabled Yes

osdevice partition=C:

systemroot \Windows

resumeobject {433cda2a-2670-11e0-88a7-d106067d3e34}

nx OptIn

‡ Јаг§Є Windows

-------------------

Ё¤ҐвЁдЁЄ в®а {433cda2c-2670-11e0-88a7-d106067d3e34}

‚ле®¤ Ё§ аҐ¦Ё¬ ЈЁЎҐа жЁЁ

--------------------------

Ё¤ҐвЁдЁЄ в®а {433cda2a-2670-11e0-88a7-d106067d3e34}

device partition=C:

path \Windows\system32\winresume.exe

description Windows Resume Application

locale ru-RU

inherit {resumeloadersettings}

filedevice partition=C:

filepath \hiberfil.sys

pae Yes

debugoptionenabled No

Џа®ўҐаЄ Ї ¬пвЁ Windows

---------------------

Ё¤ҐвЁдЁЄ в®а {memdiag}

device partition=\Device\HarddiskVolume1

path \boot\memtest.exe

description „Ё Ј®бвЁЄ Ї ¬пвЁ

locale ru-RU

inherit {globalsettings}

badmemoryaccess Yes

Џ а ¬Ґвал EMS

-------------

Ё¤ҐвЁдЁЄ в®а {emssettings}

bootems Yes

Џ а ¬Ґвал ®в« ¤зЁЄ

-------------------

Ё¤ҐвЁдЁЄ в®а {dbgsettings}

debugtype Serial

debugport 1

baudrate 115200

„ҐдҐЄвл Ћ‡“

-----------

Ё¤ҐвЁдЁЄ в®а {badmemory}

ѓ«®Ў «млҐ Ї а ¬Ґвал

--------------------

Ё¤ҐвЁдЁЄ в®а {globalsettings}

inherit {dbgsettings}

{emssettings}

{badmemory}

Џ а ¬Ґвал § Јаг§зЁЄ

--------------------

Ё¤ҐвЁдЁЄ в®а {bootloadersettings}

inherit {globalsettings}

{hypervisorsettings}

Џ а ¬Ґвал ЈЁЇҐаўЁ§®а

-------------------

Ё¤ҐвЁдЁЄ в®а {hypervisorsettings}

hypervisordebugtype Serial

hypervisordebugport 1

hypervisorbaudrate 115200

Џ а ¬Ґвал § Јаг§зЁЄ ў®ббв ®ў«ҐЁп

-----------------------------------

Ё¤ҐвЁдЁЄ в®а {resumeloadersettings}

inherit {globalsettings}

-------------------

Ё¤ҐвЁдЁЄ в®а {433cda2d-2670-11e0-88a7-d106067d3e34}

description Ramdisk Options

ramdisksdidevice unknown

ramdisksdipath \Recovery\433cda2c-2670-11e0-88a7-d106067d3e34\boot.sdi

LastRegBack: 2015-03-05 13:32

==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015

Ran by Leonid at 2015-03-07 18:28:13

Running from C:\Users\Leonid\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}

AS: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.0.0 - )

µTorrent (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)

1C:Предприятие 8.2 (8.2.19.83) (HKLM\...\{2300F5DE-9566-42F1-ACFA-F0F74B94CE92}) (Version: 8.2.19.83 - 1C)

2ГИС 3.14.12.0 (HKLM\...\{35BB34B4-7A04-489A-94A4-0CE15607A2E0}) (Version: 3.14.12.0 - ООО "ДубльГИС")

ABBYY FineReader 9.0 Professional Edition (HKLM\...\{F9000000-0001-0000-0000-074957833700}) (Version: 9.00.662.5581 - ABBYY)

AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)

Acapela multimedia Russian (255 channels) (HKLM\...\{0ACD6BC8-0568-4286-86A2-D337F371D42B}) (Version: 5.1. - Acapela)

Acronis Disk Director Suite (HKLM\...\{2300EE96-0A41-4FAB-BD03-989EC44577A0}) (Version: 10.0.2161 - Acronis)

Active Protection System (HKLM\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.10 - Lenovo)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Akamai) (Version: - Akamai Technologies, Inc)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)

Balabolka (HKLM\...\Balabolka) (Version: 2.7.0.545 - Ilya Morozov)

BioExcess (HKLM\...\InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}) (Version: 6.0.48.177 - Egis Technology Inc.)

BioExcess (Version: 6.0.48.177 - Egis Technology Inc.) Hidden

Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )

CheckXML (HKLM\...\CheckXML) (Version: - )

CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden

CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden

CorelDRAW® Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version: - Corel Corporation)

CorelDRAW® Graphics Suite X4 - Windows Shell Extension (Version: 1.0 - Corel Corporation) Hidden

CorelDRAW® Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version: - Corel Corporation)

CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)

DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)

DjVu Editor (HKLM\...\{4396BE64-7A77-4A64-8E0A-575B71F849D2}) (Version: - )

Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 5.3.1.9 - Lenovo)

ESET NOD32 Antivirus (HKLM\...\{FCB6793C-E0BC-46F1-B624-4B141A36DA0B}) (Version: 4.2.71.3 - ESET, spol. s r.o.)

ETDWare PS/2-x86 7.0.4.17_WHQL (HKLM\...\Elantech) (Version: 7.0.4.17 - ELAN Microelectronics Corp.)

Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden

Guard@Mail.Ru (HKLM\...\Guard.Mail.ru) (Version: 1.0.0.596 - Mail.ru) <==== ATTENTION

Hijack Hunter 1.8.4.1 (HKLM\...\{616A9B24-448B-4DF3-926A-C4141FCD692C}_is1) (Version: - NoVirusThanks Company Srl)

HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )

hppLaserJetService (Version: 001.003.000145 - Hewlett-Packard) Hidden

hppM1130M1210SeriesLaserJetService (Version: 001.003.00073 - Hewlett-Packard) Hidden

hppusgM1130M1210Series (Version: 1.0.0.2 - Hewlett-Packard) Hidden

HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)

Infovox Desktop 2.2 (HKLM\...\{52C32940-C538-40CF-8DE9-B91090F49938}) (Version: 2.20.0003 - Acapela Group)

Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)

Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)

Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)

K-Lite Mega Codec Pack 7.1.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.0 - )

Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.10.0510.01 - Lenovo EasyCamera)

Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden

Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)

Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)

Lenovo Security Suite (HKLM\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.10.0 - Lenovo)

Lenovo Security Suite (Version: 2.0.10.0 - Lenovo) Hidden

Lenovo_Wireless_Driver (HKLM\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)

MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden

MediaGet (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\MediaGet) (Version: - Media Get LLC)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Excel 2007 Help Обновление (KB963678) (HKLM\...\{90120000-0016-0419-0000-0000000FF1CE}_STANDARD_{420938DB-BF97-4664-BE29-0C68B4802C00}) (Version: - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Outlook 2007 Help Обновление (KB963677) (HKLM\...\{90120000-001A-0419-0000-0000000FF1CE}_STANDARD_{E9D6C0F9-9879-4FC4-8E13-BF0D3953E0E6}) (Version: - Microsoft)

Microsoft Office Powerpoint 2007 Help Обновление (KB963669) (HKLM\...\{90120000-0018-0419-0000-0000000FF1CE}_STANDARD_{BD1C2AC7-63F3-4C75-8B44-DE3D700B3BC8}) (Version: - Microsoft)

Microsoft Office Word 2007 Help Обновление (KB963665) (HKLM\...\{90120000-001B-0419-0000-0000000FF1CE}_STANDARD_{D3A002FB-0F62-4840-80AD-2D2C63F83449}) (Version: - Microsoft)

Microsoft Office Стандартный 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mirror Text (HKLM\...\{100FEC3D-4C55-475D-91A3-662BA193606D}) (Version: 1.04.0000 - Intellect Technology)

Mozilla Firefox 34.0.5 (x86 ru) (HKLM\...\Mozilla Firefox 34.0.5 (x86 ru)) (Version: 34.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nero 8 Ultra Edition HD (HKLM\...\{C9FFC925-E27E-436E-A2DF-652324D51049}) (Version: 8.3.630 - Nero AG)

Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)

PDF-XChange 4 Pro (HKLM\...\{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1) (Version: 4.193.193.0 - Tracker Software Products Ltd)

Port Locker (HKLM\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.20 - Egis Technology Inc.)

Port Locker (Version: 1.0.5.20 - Egis Technology Inc.) Hidden

PsvRSV (HKLM\...\PsvRSV) (Version: - )

QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)

RtLED (HKLM\...\{601E38D5-2CF0-4566-94D6-BDA9DE092412}) (Version: 1.0.2 - Realtek Semiconductor Corp.)

Rutoken Drivers (HKLM\...\{D76407DB-79C5-4FF9-986B-3E58CCD133E4}) (Version: 2.86.00.0460 - Aktiv Co.)

SAPI (HKLM\...\{A2CA2E0F-2DA3-4DA5-AD26-15355FD612A8}) (Version: 1.0.0.0 - Qualilife)

Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)

Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden

VueScan (HKLM\...\VueScan) (Version: - )

Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

winpcap-nmap 4.02 (HKLM\...\winpcap-nmap) (Version: - )

WinRAR 4.00 (32-разрядная) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

Yandex (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\YandexBrowser) (Version: 38.0.2125.10034 - YANDEX)

Zona (HKLM\...\Zona) (Version: - Zona Team)

Zona (HKLM\...\Zona)) (Version: - )

Амиго (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\Amigo) (Version: 32.0.1709.125 - Mail.Ru)

Данные 2ГИС г.Екатеринбург 01.03.2015 (HKLM\...\{B9901280-9C85-4439-9C7A-538A8E510647}) (Version: 111.0.0 - ООО "ДубльГИС")

КриптоПро CSP (HKLM\...\{54A08450-B343-40B0-924E-68F031450996}) (Version: 3.6.7092 - Компания Крипто-Про)

Пакет драйверов Windows - Intel (NETw5s32) net (01/13/2010 13.1.1.1) (HKLM\...\BF9685FCA47380EEA569663AFC8DB44853DFDF39) (Version: 01/13/2010 13.1.1.1 - Intel)

Пакет драйверов Windows - Intel (NETw5v32) net (01/13/2010 13.1.1.1) (HKLM\...\ED20E390B66C5BD927E7DAE7FB3AA2A355B96933) (Version: 01/13/2010 13.1.1.1 - Intel)

ПО Intel® PROSet/Wireless WiMAX (HKLM\...\{FAE224AF-B15E-448B-88FA-1839A7570CF8}) (Version: 2.00.0011 - Корпорация Intel)

Служба автоматического обновления программ (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\MailRuUpdater) (Version: - Mail.Ru)

Спутник@Mail.Ru (HKLM\...\MailRuSputnik) (Version: 2.4.1.288 - Mail.Ru)

Элементы Яндекса 7.2 для Internet Explorer (HKLM\...\{EE24665C-844A-4489-9F11-70E41F4EE476}) (Version: 7.2.5.3111 - Яндекс)

Яндекс.Бар 4.3 для Internet Explorer (uTorrent) (HKLM\...\{093E45A5-8AC4-4FF5-B4A6-A8811F755067}) (Version: 4.3.3.1044 - Яндекс)

Яндекс.Диск (HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\...\YandexDisk) (Version: 1.3.3.4693 - Яндекс)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{1FE40EA0-BCD0-4235-B5F1-72123E3BA724}\localserver32 -> D:\Program Files\2gis\3.0\grym.exe (ООО ДубльГИС)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\yupdate-executor.exe (Yandex LLC)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{2D6BD2F0-5F84-4a06-924F-AEE0598B6272}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{31AF8DFB-7F85-4896-9640-1C4FFE14B29E}\InprocServer32 -> D:\Program Files\2gis\3.0\Plugins\DGisLayer.dll (ООО ДубльГИС)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{33A431BB-FF15-4047-8FEC-F82FD3523A00}\localserver32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe ()

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\yupdate-ctrl.exe (Yandex LLC)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{60940425-4085-4f11-ab34-b9dacd636f4b}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{680849bc-b86d-4669-9219-ad9ac13e4ddc}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{6a8f8752-e2ec-485d-8e46-b2509f668d26}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Leonid\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{6da75278-e916-4a18-934f-1d90b2cebabd}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{7b7c1f93-8199-4da7-88eb-e25a222c7a15}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{8D8070D2-90D3-11D1-8D6A-000021362840}\InprocServer32 -> C:\Program Files\Elan\ettsengine.dll (Acapela Group)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{949CDFC6-2A52-4C27-A0A2-F87EF62D5536}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\praetorian.exe (Yandex LLC)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{97C64D6B-4F2E-4eba-8272-21780A562176}\InprocServer32 -> C:\Program Files\Elan\ettsengines5.dll (Acapela Group)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{9ee0a337-0726-4400-95e8-77e893ec681c}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\Leonid\AppData\Local\Yandex\YandexBrowser\Application\25.0.1364.22194\delegate_execute.exe (the data entry has 9 more characters).

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}\localserver32 -> C:\Users\Leonid\AppData\Local\Amigo\Application\32.0.1709.125\delegate_execute.exe (LLC Mail.Ru)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{a70b6806-f2e5-44a5-abb2-14a63cedf752}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{acad8a98-286a-420b-9fa3-02c0593917c9}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{B678B13A-3480-CBFC-2537-E4C74697808C}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{c127373e-5025-4630-a5be-23c4d86ac559}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D0EE_78.tmp No File

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> C:\Users\Leonid\AppData\Local\Yandex\Updater\yupdate-executor.exe (Yandex LLC)

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{E36606FE-036A-4dd0-ABA9-A58F409803F0}\InprocServer32 -> C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()

CustomCLSID: HKU\S-1-5-21-3904404758-3084505066-3444409724-1000_Classes\CLSID\{e7727e52-306a-4026-a1f3-0a67008f443d}\InprocServer32 -> C:\Users\Leonid\AppData\Local\Temp\v8_D86F_86.tmp No File

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:04 - 2009-06-11 02:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00AB1FAE-FC19-4A1E-A615-59B09E85BE00} - System32\Tasks\{DC3E2CDA-B2DB-46BF-ABB0-BF08EE341FB5} => pcalua.exe -a "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ\idwkladr.exe" -d "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ"

Task: {05B1AA42-411F-4652-9128-2C64661A20B6} - System32\Tasks\{981DA40B-0984-4EA7-9A2F-2E8D57F88532} => c:\users\leonid\appdata\local\amigo\application\amigo.exe

Task: {17964070-D37F-4D5D-9740-51E4A9FBF679} - \{B59D6F5B-B091-4338-8828-49966CD6796E} No Task File <==== ATTENTION

Task: {21FD47E2-2423-4F3D-A9E6-5A831DB96921} - System32\Tasks\{4097B275-D432-4E0C-9D1F-457BB90A8A9D} => pcalua.exe -a "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ\idw4281.exe" -d "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ"

Task: {22076E58-EA31-4EE8-88DC-A6E91FC11296} - \{F3D9D83D-8F37-4D1A-8668-DE5B20C38818} No Task File <==== ATTENTION

Task: {349497A4-FA66-49BF-8BA1-F7E8FA6EC0AD} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION

Task: {4D0FD412-E894-47FE-B881-99150DEC296C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)

Task: {5768F495-927A-4F49-A2D2-435488EBF490} - System32\Tasks\{59A615CB-C519-456B-AE8A-BDB13FB03692} => C:\Program Files\Opera\Opera.exe [2013-04-07] (Opera Software)

Task: {6B022EF6-B365-4E0F-AF46-3BD68838B7B9} - System32\Tasks\{7A6EC96D-CDCE-40B4-A30C-91D904BD6451} => C:\Program Files\Opera\Opera.exe [2013-04-07] (Opera Software)

Task: {8C5BBF7F-BB20-4C2C-A058-03DA3FB4B8BB} - System32\Tasks\{3F7E3A8D-BCF4-496D-BA75-A6BE41D6BF21} => pcalua.exe -a E:\start.exe -d E:\

Task: {8D72258C-8794-4129-B1C8-9BFBA9FF5922} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-30] (Google Inc.)

Task: {987C045C-08BF-4CE3-BB39-8660CEED6F54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)

Task: {C1BC358B-58CE-4ADA-ADDF-5BC03E586A59} - System32\Tasks\{676E9BC4-CBFB-457F-AF76-7A157A3F1199} => c:\users\leonid\appdata\local\amigo\application\amigo.exe

Task: {C76EC6A0-F6BF-4C08-9F33-A47B105045D5} - System32\Tasks\{2CE2FB74-AAB9-4659-B7AD-16FADEA82718} => c:\program files\opera\opera.exe [2013-04-07] (Opera Software)

Task: {D0693F6E-D0F5-477D-8219-6CDE61B29833} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION

Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.))

Task: {D69BF2FA-0A11-4789-A766-9AF1521A36B9} - System32\Tasks\{7E1343EF-5FAB-48C9-8946-8D733177BF61} => pcalua.exe -a "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ\idw428.exe" -d "G:\МоиДокF\АТС-Групп\Налогоплательщик ЮЛ"

Task: {E642B6AC-3FE0-45AC-9257-A5917907770D} - \{2AC34700-C24B-4147-8127-BAEED47B8132} No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-02-20 09:32 - 2012-09-29 12:24 - 00167936 ____N () C:\Windows\System32\HPM1210LM.DLL

2013-02-20 09:33 - 2012-09-29 12:24 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HPM1210PP.dll

2013-10-11 14:39 - 2015-02-22 07:17 - 04053736 _____ () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe

2009-10-15 10:13 - 2009-10-15 10:13 - 00061440 _____ () C:\Program Files\HP\HPLaserJetService\HPTools.dll

2009-10-15 10:13 - 2009-10-15 10:13 - 00964096 _____ () C:\Program Files\HP\HPLaserJetService\LEDMXMLObjects.dll

2012-12-24 05:53 - 2012-12-24 05:53 - 00081920 _____ () C:\Windows\system32\mvusbews.DLL

2013-06-08 21:48 - 2013-06-04 15:49 - 01276704 _____ () C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll

2014-09-11 20:46 - 2014-08-28 01:27 - 00923936 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll

2011-04-23 00:04 - 2011-03-02 11:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll

2011-04-22 23:21 - 2008-12-20 02:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll

2011-04-22 23:21 - 2008-12-20 02:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll

2014-11-28 12:44 - 2015-02-09 22:28 - 17410336 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe

2014-11-28 12:44 - 2015-02-09 22:28 - 00236968 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\libpng14-14.dll

2014-11-28 12:44 - 2015-02-09 22:28 - 00106784 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\zlib1.dll

2014-11-28 12:44 - 2015-02-09 22:28 - 00168224 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe

2013-09-25 20:57 - 2015-02-09 22:28 - 00354592 _____ () C:\Users\Leonid\AppData\Roaming\Yandex\YandexDisk\YandexDiskHooks-3998.dll

2010-05-10 15:36 - 2010-05-10 15:36 - 00655360 _____ () C:\Windows\system32\vmprp332.ax

2015-02-20 07:58 - 2015-02-18 03:44 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libglesv2.dll

2015-02-20 07:58 - 2015-02-18 03:44 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\libegl.dll

2015-02-20 07:58 - 2015-02-18 03:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38955643.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\B46530BE.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38955643.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\B46530BE.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3904404758-3084505066-3444409724-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leonid\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: PLTSR => "C:\Program Files\EgisTec Port Locker\EgisPLTSR.exe"

MSCONFIG\startupreg: SkyMonk => C:\Program Files\SkyMonk\SkyMonk.exe -tray

MSCONFIG\startupreg: VitaKeyTSR => "C:\Program Files\EgisTec BioExcess\EgisTSR.exe"

==================== Accounts: =============================

HomeGroupUser$ (S-1-5-21-3904404758-3084505066-3444409724-1002 - Limited - Enabled)

Leonid (S-1-5-21-3904404758-3084505066-3444409724-1000 - Administrator - Enabled) => C:\Users\Leonid

Администратор (S-1-5-21-3904404758-3084505066-3444409724-500 - Administrator - Disabled)

Гость (S-1-5-21-3904404758-3084505066-3444409724-501 - Limited - Enabled)

Неуймина (S-1-5-21-3904404758-3084505066-3444409724-1003 - Administrator - Enabled) => C:\Users\Неуймина

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (03/07/2015 09:43:38 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Описание = Запланированная контрольная точка; HR = 0x80070422).

Error: (03/07/2015 09:43:27 AM) (Source: System Restore) (EventID: 8193) (User: )

Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Описание = Запланированная контрольная точка; HR = 0x80070422).

Error: (03/07/2015 09:38:37 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"".

Используйте sxstrace.exe для подробной диагностики.

Error: (03/07/2015 09:37:34 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"".

Используйте sxstrace.exe для подробной диагностики.

Error: (03/07/2015 09:37:32 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"".

Используйте sxstrace.exe для подробной диагностики.

Error: (03/07/2015 09:13:50 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/06/2015 06:48:41 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 09:10:54 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2015 03:45:07 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Описание = Запланированная контрольная точка; HR = 0x80070422).

Error: (03/05/2015 03:40:31 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Ошибка при создании контекста активации для "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Не найдена зависимая сборка "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"".

Используйте sxstrace.exe для подробной диагностики.

System errors:

=============

Error: (03/07/2015 09:13:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Сбой при запуске службы "DgiVecp" из-за ошибки

%%20

Error: (03/06/2015 07:03:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Превышение времени ожидания (30000 мс) при ожидании ответа транзакции от службы "UxSms".

Error: (03/06/2015 07:03:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Превышение времени ожидания (30000 мс) при ожидании ответа транзакции от службы "UmRdpService".

Error: (03/06/2015 07:15:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Служба регистрации ошибок Windows".

Error: (03/06/2015 07:05:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Служба регистрации ошибок Windows".

Error: (03/06/2015 06:48:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Сбой при запуске службы "DgiVecp" из-за ошибки

%%20

Error: (03/05/2015 09:10:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Сбой при запуске службы "DgiVecp" из-за ошибки

%%20

Error: (03/05/2015 09:07:47 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (03/05/2015 11:40:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Сбой при запуске службы "DgiVecp" из-за ошибки

%%20

Error: (03/04/2015 03:55:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Сбой при запуске службы "DgiVecp" из-за ошибки

%%20

Microsoft Office Sessions:

=========================

Error: (12/13/2013 05:22:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 32779 seconds with 840 seconds of active time. This session ended with a crash.

Error: (11/27/2012 06:52:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 22229 seconds with 4920 seconds of active time. This session ended with a crash.

Error: (09/06/2012 09:31:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2148 seconds with 1320 seconds of active time. This session ended with a crash.

Error: (07/09/2012 03:32:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29315 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (04/24/2012 00:45:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18340 seconds with 10320 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:

===================================

Date: 2015-02-25 08:42:07.874

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 08:42:07.570

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mp3fhg.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 08:42:07.284

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 08:42:07.031

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-24 18:28:26.024

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-24 18:28:25.859

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mp3fhg.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-24 18:28:25.697

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-24 18:28:25.548

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-24 14:31:31.879

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ac3acm.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-24 14:31:31.612

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mp3fhg.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz

Percentage of memory in use: 65%

Total physical RAM: 1844.51 MB

Available physical RAM: 644.16 MB

Total Pagefile: 3689.02 MB

Available Pagefile: 1159.84 MB

Total Virtual: 2047.88 MB

Available Virtual: 1886.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:82.79 GB) (Free:12.42 GB) NTFS

Drive d: () (Fixed) (Total:150 GB) (Free:18.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C3FFC3FF)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=82.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=150 GB) - (Type=05)

==================== End Of Log ============================

Что делать дальше? Возможно ли расшифровать файлы, зашифрованные вирусом? Смогу ли я пользоваться моими файлами?

7 марта, 2015

Возможно ли расшифровать файлы, зашифрованные вирусом?

1) восстановить из бекапа
2) заплатить (не факт)

логи под спойлер не надо.
просто прикрепите.

Внимание! Все важные файлы на всех дисках вашего компьютера были зашифрованы

Рекомендуемые сообщения

Леонид Сокольский

Ссылка на комментарий

Поделиться на другие сайты

thyrex

Ссылка на комментарий

Поделиться на другие сайты

Леонид Сокольский

Ссылка на комментарий

Поделиться на другие сайты

Roman_Five

Ссылка на комментарий

Поделиться на другие сайты

Пожалуйста, войдите, чтобы комментировать

Сайт

Активность

Магазин

Поддержка

Kaspersky Support Forum