shtaf1987 0 Опубликовано 8 сентября, 2015 Share Опубликовано 8 сентября, 2015 При нажатии на ссылки во всех браузерах открываются новые окна с рекламой добрый вечер)) CollectionLog-2015.09.08-21.39.zip Цитата Ссылка на сообщение Поделиться на другие сайты
thyrex 1 473 Опубликовано 8 сентября, 2015 Share Опубликовано 8 сентября, 2015 CiPlus-4.5vV29.08 globalupdate Helper SavePass 1.1 удалите через Установку программ Выполните скрипт в AVZ begin ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.'); ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); if not IsWOW64 then begin SearchRootkit(true, true); SetAVZGuardStatus(True); end; QuarantineFile('C:\Users\Лида\appdata\local\kometa\kometaup.exe',''); QuarantineFile('C:\Program Files\globalUpdate\Update\globalupdate.exe',''); QuarantineFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-6.exe',''); QuarantineFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-5.exe',''); QuarantineFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-3.exe',''); QuarantineFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-11.exe',''); QuarantineFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-10.exe',''); QuarantineFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-1-7.exe',''); QuarantineFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-1-6.exe',''); QuarantineFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-7.exe',''); QuarantineFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-6.exe',''); QuarantineFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-5.exe',''); QuarantineFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-4.exe',''); QuarantineFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-3.exe',''); QuarantineFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-11.exe',''); QuarantineFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-10.exe',''); QuarantineFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-1-7.exe',''); QuarantineFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-7.exe',''); QuarantineFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-6.exe',''); QuarantineFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-5.exe',''); QuarantineFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-4.exe',''); QuarantineFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-3.exe',''); QuarantineFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-11.exe',''); QuarantineFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-10.exe',''); QuarantineFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-1-7.exe',''); QuarantineFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-1-6.exe',''); QuarantineFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-5.exe',''); QuarantineFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-6.exe',''); QuarantineFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-7.exe',''); QuarantineFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-3.exe',''); QuarantineFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-11.exe',''); QuarantineFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-10.exe',''); QuarantineFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-1-7.exe',''); QuarantineFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-1-6.exe',''); DelBHO('{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}'); QuarantineFile('C:\IQIYI Video\Common\Accelerator\IEHelper.dll',''); QuarantineFile('C:\Users\Лида\AppData\Roaming\Browsers\exe.resworb.bat',''); QuarantineFile('C:\IQIYI Video\Common\QyKernel.exe',''); QuarantineFile('C:\Users\Лида\AppData\Roaming\cpuminer\sgminer\start.cmd',''); DeleteService('TS888'); DeleteService('TSSK'); DeleteService('wsafd_1_10_0_19'); QuarantineFile('C:\Windows\system32\drivers\wsafd_1_10_0_19.sys',''); DeleteService('QMUdisk'); SetServiceStart('{b19f07e6-f598-4b61-9775-5d535cb052e6}Gw', 4); DeleteService('{b19f07e6-f598-4b61-9775-5d535cb052e6}Gw'); SetServiceStart('{2fab96a3-39d5-4530-8bc9-84483821c603}Gw', 4); DeleteService('{2fab96a3-39d5-4530-8bc9-84483821c603}Gw'); SetServiceStart('{000205b0-769c-48e1-93c8-341db6a347b4}Gw', 4); DeleteService('{000205b0-769c-48e1-93c8-341db6a347b4}Gw'); DeleteService('Update Checked List'); DeleteService('Update Any Angle'); QuarantineFile('C:\Program Files\Any Angle\updateAnyAngle.exe',''); QuarantineFile('C:\Program Files\Checked List\updateCheckedList.exe',''); QuarantineFile('C:\Program Files\MiniLite\ProtectService.exe',''); DeleteService('IHProtect Service'); DeleteService('gopibeko'); SetServiceStart('WdsManPro', 4); DeleteService('WdsManPro'); SetServiceStart('ricofumy', 4); DeleteService('ricofumy'); QuarantineFile('C:\Windows\system32\drivers\{b19f07e6-f598-4b61-9775-5d535cb052e6}Gw.sys',''); QuarantineFile('C:\Windows\system32\drivers\{2fab96a3-39d5-4530-8bc9-84483821c603}Gw.sys',''); QuarantineFile('C:\Windows\system32\drivers\{000205b0-769c-48e1-93c8-341db6a347b4}Gw.sys',''); QuarantineFile('C:\Program Files\CiPlus-4.5vV29.08\48f97237-00d6-4192-90f5-f78b56fe084a.dll',''); TerminateProcessByName('c:\programdata\7wdsmanpro7\wdsmanpro.exe'); QuarantineFile('c:\programdata\7wdsmanpro7\wdsmanpro.exe',''); TerminateProcessByName('c:\program files\03000200-1440435310-0500-0006-000700080009\knsb9bfc.tmpfs'); QuarantineFile('c:\program files\03000200-1440435310-0500-0006-000700080009\knsb9bfc.tmpfs',''); TerminateProcessByName('c:\program files\ciplus-4.5vv29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-6.exe'); QuarantineFile('c:\program files\ciplus-4.5vv29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-6.exe',''); TerminateProcessByName('c:\program files\ciplus-4.5vv29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-1-6.exe'); QuarantineFile('c:\program files\ciplus-4.5vv29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-1-6.exe',''); DeleteFile('c:\program files\ciplus-4.5vv29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-1-6.exe','32'); DeleteFile('c:\program files\ciplus-4.5vv29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-6.exe','32'); DeleteFile('c:\program files\03000200-1440435310-0500-0006-000700080009\knsb9bfc.tmpfs','32'); DeleteFile('c:\programdata\7wdsmanpro7\wdsmanpro.exe','32'); DeleteFile('C:\Program Files\CiPlus-4.5vV29.08\48f97237-00d6-4192-90f5-f78b56fe084a.dll','32'); DeleteFile('C:\Windows\system32\drivers\{000205b0-769c-48e1-93c8-341db6a347b4}Gw.sys','32'); DeleteFile('C:\Windows\system32\drivers\{2fab96a3-39d5-4530-8bc9-84483821c603}Gw.sys','32'); DeleteFile('C:\Windows\system32\drivers\{b19f07e6-f598-4b61-9775-5d535cb052e6}Gw.sys','32'); DeleteFile('C:\Program Files\MiniLite\ProtectService.exe','32'); DeleteFile('C:\Program Files\Checked List\updateCheckedList.exe','32'); DeleteFile('C:\Program Files\Any Angle\updateAnyAngle.exe','32'); DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.10.16443.223\QMUdisk.sys','32'); DeleteFile('C:\Program Files\Tencent\QQPCMgr\10.10.16443.223\TS888.sys','32'); DeleteFile('C:\Windows\system32\tssk.sys','32'); DeleteFile('C:\Windows\system32\drivers\wsafd_1_10_0_19.sys','32'); DeleteFile('C:\Users\Лида\AppData\Roaming\cpuminer\sgminer\start.cmd','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','gpuminer'); DeleteFile('C:\IQIYI Video\Common\QyKernel.exe','32'); DeleteFile('C:\Program Files\baidu\pps.exe','32'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\apphide','command'); RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HCDNClient','command'); DeleteFile('C:\Users\Лида\AppData\Roaming\Browsers\exe.resworb.bat','32'); DeleteFile('C:\IQIYI Video\Common\Accelerator\IEHelper.dll','32'); DeleteFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-1-6.exe','32'); DeleteFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-1-7.exe','32'); DeleteFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-10.exe','32'); DeleteFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-11.exe','32'); DeleteFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-3.exe','32'); DeleteFile('C:\Windows\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-3.job','32'); DeleteFile('C:\Windows\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-11.job','32'); DeleteFile('C:\Windows\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-10_user.job','32'); DeleteFile('C:\Windows\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-1-7.job','32'); DeleteFile('C:\Windows\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-1-6.job','32'); DeleteFile('C:\Windows\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-5.job','32'); DeleteFile('C:\Windows\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-5_user.job','32'); DeleteFile('C:\Windows\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-6.job','32'); DeleteFile('C:\Windows\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-7.job','32'); DeleteFile('C:\Windows\Tasks\4Ue9NpUtuGc.job','32'); DeleteFile('C:\Windows\Tasks\4zcDGkUqCZDGA75Rm.job','32'); DeleteFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-7.exe','32'); DeleteFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-6.exe','32'); DeleteFile('C:\Program Files\Cinema_Plus1.2V27.08\014ceaad-1269-4c76-b114-52c06aeddd4d-5.exe','32'); DeleteFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-1-6.exe','32'); DeleteFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-1-7.exe','32'); DeleteFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-10.exe','32'); DeleteFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-11.exe','32'); DeleteFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-3.exe','32'); DeleteFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-4.exe','32'); DeleteFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-5.exe','32'); DeleteFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-6.exe','32'); DeleteFile('C:\Windows\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-1-6.job','32'); DeleteFile('C:\Windows\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-1-7.job','32'); DeleteFile('C:\Windows\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-10_user.job','32'); DeleteFile('C:\Windows\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-11.job','32'); DeleteFile('C:\Windows\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-3.job','32'); DeleteFile('C:\Windows\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-4.job','32'); DeleteFile('C:\Windows\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-5.job','32'); DeleteFile('C:\Windows\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-6.job','32'); DeleteFile('C:\Windows\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-7.job','32'); DeleteFile('C:\Program Files\CiPlus-4.5vV29.08\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-7.exe','32'); DeleteFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-1-6.exe','32'); DeleteFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-1-7.exe','32'); DeleteFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-10.exe','32'); DeleteFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-11.exe','32'); DeleteFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-3.exe','32'); DeleteFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-4.exe','32'); DeleteFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-5.exe','32'); DeleteFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-6.exe','32'); DeleteFile('C:\Program Files\Shop and Save Up\6bd2e937-b18c-4ec9-804b-75327aa28446-7.exe','32'); DeleteFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-1-6.exe','32'); DeleteFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-1-7.exe','32'); DeleteFile('C:\Windows\Tasks\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-1-7.job','32'); DeleteFile('C:\Windows\Tasks\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-1-6.job','32'); DeleteFile('C:\Windows\Tasks\6bd2e937-b18c-4ec9-804b-75327aa28446-7.job','32'); DeleteFile('C:\Windows\Tasks\6bd2e937-b18c-4ec9-804b-75327aa28446-6.job','32'); DeleteFile('C:\Windows\Tasks\6bd2e937-b18c-4ec9-804b-75327aa28446-5_user.job','32'); DeleteFile('C:\Windows\Tasks\6bd2e937-b18c-4ec9-804b-75327aa28446-5.job','32'); DeleteFile('C:\Windows\Tasks\6bd2e937-b18c-4ec9-804b-75327aa28446-4.job','32'); DeleteFile('C:\Windows\Tasks\6bd2e937-b18c-4ec9-804b-75327aa28446-3.job','32'); DeleteFile('C:\Windows\Tasks\6bd2e937-b18c-4ec9-804b-75327aa28446-11.job','32'); DeleteFile('C:\Windows\Tasks\6bd2e937-b18c-4ec9-804b-75327aa28446-10_user.job','32'); DeleteFile('C:\Windows\Tasks\6bd2e937-b18c-4ec9-804b-75327aa28446-1-7.job','32'); DeleteFile('C:\Windows\Tasks\6bd2e937-b18c-4ec9-804b-75327aa28446-1-6.job','32'); DeleteFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-10.exe','32'); DeleteFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-11.exe','32'); DeleteFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-3.exe','32'); DeleteFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-5.exe','32'); DeleteFile('C:\Program Files\SavePass 1.1\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-6.exe','32'); DeleteFile('C:\Windows\Tasks\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-6.job','32'); DeleteFile('C:\Windows\Tasks\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-5_user.job','32'); DeleteFile('C:\Windows\Tasks\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-5.job','32'); DeleteFile('C:\Windows\Tasks\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-3.job','32'); DeleteFile('C:\Windows\Tasks\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-11.job','32'); DeleteFile('C:\Windows\Tasks\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-10_user.job','32'); DeleteFile('C:\Windows\Tasks\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-7.job','32'); DeleteFile('C:\Windows\Tasks\APSnotifierPP1.job','32'); DeleteFile('C:\Windows\Tasks\APSnotifierPP2.job','32'); DeleteFile('C:\Windows\Tasks\APSnotifierPP3.job','32'); DeleteFile('C:\Windows\Tasks\D30TxpaFpHSQ.job','32'); DeleteFile('C:\Windows\Tasks\dL4ZbPEmSL97xm4b0FiJ.job','32'); DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32'); DeleteFile('C:\Program Files\globalUpdate\Update\globalupdate.exe','32'); DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore1d0e2677886db70.job','32'); DeleteFile('C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA1d0e26778a1b6d5.job','32'); DeleteFile('C:\Windows\Tasks\KlFj3QUlEHIo0SE7SIjPc.job','32'); DeleteFile('C:\Windows\Tasks\NZxWIFkKud4Z7x.job','32'); DeleteFile('C:\Windows\Tasks\uPcPs8Mb2URpsEmYz8351Z6DGu.job','32'); DeleteFile('C:\Windows\system32\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-1-6','32'); DeleteFile('C:\Windows\system32\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-1-7','32'); DeleteFile('C:\Windows\system32\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-11','32'); DeleteFile('C:\Windows\system32\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-3','32'); DeleteFile('C:\Windows\system32\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-5','32'); DeleteFile('C:\Windows\system32\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-6','32'); DeleteFile('C:\Windows\system32\Tasks\014ceaad-1269-4c76-b114-52c06aeddd4d-7','32'); DeleteFile('C:\Windows\system32\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-1-6','32'); DeleteFile('C:\Windows\system32\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-1-7','32'); DeleteFile('C:\Windows\system32\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-11','32'); DeleteFile('C:\Windows\system32\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-3','32'); DeleteFile('C:\Windows\system32\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-4','32'); DeleteFile('C:\Windows\system32\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-5','32'); DeleteFile('C:\Windows\system32\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-6','32'); DeleteFile('C:\Windows\system32\Tasks\55b46ad1-ce0d-4fc0-a7b5-375183d1e532-7','32'); DeleteFile('C:\Windows\system32\Tasks\a7caa0ca-c889-42ef-aa4a-8ecb31e08ce0-1-6','32'); DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineCore1d0e2677886db70','32'); DeleteFile('C:\Windows\system32\Tasks\globalUpdateUpdateTaskMachineUA1d0e26778a1b6d5','32'); DeleteFile('C:\Users\Лида\AppData\Roaming\mystartsearch\UninstallManager.exe','32'); DeleteFile('C:\Windows\system32\Tasks\{684D7167-8847-4641-8788-69D20DAC0FFC}','32'); DeleteFile('C:\Users\Лида\appdata\local\kometa\kometaup.exe','32'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(false); end.Будет выполнена перезагрузка компьютера. Выполните скрипт в AVZ begin CreateQurantineArchive('c:\quarantine.zip'); end. c:\quarantine.zip отправьте по адресу newvirus@kaspersky.comПолученный ответ сообщите здесь (с указанием номера KLAN) Скачайте ClearLNK и сохраните архив с утилитой на Рабочем столе. Распакуйте архив с утилитой в отдельную папку. Перенесите Check_Browsers_LNK.log на ClearLNK как показано на рисунке Отчет о работе ClearLNK-<Дата>.log будет сохранен в папке LOG. Прикрепите этот отчет к своему следующему сообщению. Выполните правила ЕЩЕ РАЗ и предоставьте НОВЫЕ логи 1 Цитата Ссылка на сообщение Поделиться на другие сайты
shtaf1987 0 Опубликовано 9 сентября, 2015 Автор Share Опубликовано 9 сентября, 2015 Добрый вечер. Отправляю отчет Сообщение от модератора Mark D. Pearlstone Темы объединены KLAN-3122499245Это сообщение сформировано автоматической системой приёма писем. Сообщение содержит информацию о том, какие вердикты на файлы (если таковые есть в письме) выносит Антивирус с последними обновлениями. blowfish.dll,blowfish_0.dll Вредоносный код в файлах не обнаружен. С уважением, Лаборатория Касперского "125212, Россия, Москва, Ленинградское шоссе, д.39А, стр.3 Тел./факс: + 7 (495) 797 8700 http://www.kaspersky.ruhttp://www.viruslist.ru" Hello, This message has been generated by an automatic message response system. The message contains details about verdicts that have been returned by Anti-Virus in response to the files (if any are included in the message) with the latest updates installed. blowfish.dll,blowfish_0.dll No malicious code has been found in these files. Best Regards, Kaspersky Lab "39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.comhttp://www.viruslist.com" ClearLNK by Alex Dragokas ver. 2.8.0.10 OS: x32 Windows 7 Ultimate, 6.1.7601, Service Pack: 1Time: 09.09.2015 - 19:42Language: OS: RU (0x419). Display: RU (0x419). Non-Unicode: RU (0x419)Elevated: YesUser: Лида (group: Administrator) _____________________________ Начало лога ______________________________ [ OK ] 1 "C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk" -> [ "C:\Program Files\Google\Chrome\Application\chrome.exe" ] (Метод R5-A2) (ОК)[ OK ] 2 "c:\users\лида\appdata\roaming\microsoft\internet explorer\quick launch\Yandex.LNK" -> [ "C:\Users\Лида\AppData\Local\Yandex\yapin\Yandex.exe" ] (Метод R5-A2) (ОК)[ OK ] 3 "c:\users\лида\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\Yandex.LNK" -> [ "C:\Users\Лида\AppData\Local\Yandex\yapin\Yandex.exe" ] (Метод R5-A2) (ОК)[ OK ] 4 "c:\users\лида\desktop\юбилей мамы\Opera.LNK" -> [ "C:\Program Files\Opera\launcher.exe" ] (Метод R5-A2) (ОК)[ OK ] 5 "C:\Users\Лида\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk" -> [ "C:\Users\Лида\AppData\Local\Amigo\Application\vk.exe" ] (Метод R5-A2) (ОК)[ OK ] 6 "C:\Users\Лида\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk" -> [ "C:\Users\Лида\AppData\Local\Amigo\Application\ok.exe" ] (Метод R5-A2) (ОК) _________________________ Расположение иконок ________________________ [ OK ] "C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk" -> [ ".", index=1 ] <- "C:\Program Files\Google\Chrome\Application\chrome.exe", index=0 (Метод: 6)[ OK ] "c:\users\лида\appdata\roaming\microsoft\internet explorer\quick launch\Yandex.LNK" -> [ ".", index=1 ] <- "%APPDATA%\SPI\ya.ico", index=0 (Метод: 3)[ OK ] "c:\users\лида\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\Yandex.LNK" -> [ ".", index=1 ] <- "%APPDATA%\SPI\ya.ico", index=0 (Метод: 3)[ OK ] "c:\users\лида\desktop\юбилей мамы\Opera.LNK" -> [ ".", index=1 ] <- "%APPDATA%\SPI\op.ico", index=0 (Метод: 3) ______________________________ Статистика ______________________________Лечение запущено: 1 раз за сегодня. Всего обработано: 6 Исправлено: 6Переименовано: 3____________________________ Конец отчета ____________________________CRC32: A3B9B42C ClearLNK-09.09.2015_19-42.log Цитата Ссылка на сообщение Поделиться на другие сайты
thyrex 1 473 Опубликовано 9 сентября, 2015 Share Опубликовано 9 сентября, 2015 Новые логи по правилам где? + Сделайте лог полного сканирования МВАМ Цитата Ссылка на сообщение Поделиться на другие сайты
shtaf1987 0 Опубликовано 11 сентября, 2015 Автор Share Опубликовано 11 сентября, 2015 В продолжение своей проблемы CollectionLog-2015.09.11-21.38.zip лог.txt Цитата Ссылка на сообщение Поделиться на другие сайты
thyrex 1 473 Опубликовано 11 сентября, 2015 Share Опубликовано 11 сентября, 2015 Лог МВАМ прислали неверный. Переделывайте Цитата Ссылка на сообщение Поделиться на другие сайты
shtaf1987 0 Опубликовано 13 сентября, 2015 Автор Share Опубликовано 13 сентября, 2015 Вот что получилось!!! я так понял, все удалилось?))) лог.txt Цитата Ссылка на сообщение Поделиться на другие сайты
thyrex 1 473 Опубликовано 13 сентября, 2015 Share Опубликовано 13 сентября, 2015 Инфо Не нужно каждый новый ответ писать в новой теме Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе. Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе. 1. Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением. 2. Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5". 3. Нажмите кнопку Scan. 4. После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите этот отчет в следующем сообщении. 5. Если программа была запущена в первый раз, также будет создан отчет (Addition.txt). Пожалуйста, и его тоже прикрепите в следующем сообщении. Цитата Ссылка на сообщение Поделиться на другие сайты
shtaf1987 0 Опубликовано 14 сентября, 2015 Автор Share Опубликовано 14 сентября, 2015 Отчёты: Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-09-2015 02Ran by Лида (2015-09-14 19:11:38)Running from C:\Users\Лида\DesktopMicrosoft Windows 7 Максимальная Service Pack 1 (X86) (2014-11-22 14:35:52)Boot Mode: Normal========================================================== ==================== Accounts: ============================= HomeGroupUser$ (S-1-5-21-3133911900-3193841993-3875661804-1003 - Limited - Enabled)Администратор (S-1-5-21-3133911900-3193841993-3875661804-500 - Administrator - Disabled)Гость (S-1-5-21-3133911900-3193841993-3875661804-501 - Limited - Disabled)Лида (S-1-5-21-3133911900-3193841993-3875661804-1000 - Administrator - Enabled) => C:\Users\Лида ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)Adobe Flash Player 17 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 17.0.0.135 - Adobe Systems Incorporated)Adobe Reader 9.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)AMD Catalyst Install Manager (HKLM\...\{44537D5C-4CB8-CFCD-2D95-9205FF380CCC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTIONGoogle Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.28.13 - Google Inc.) HiddenHydraVision (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) HiddenJava 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)K-Lite Codec Pack 6.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.8.0 - )Malwarebytes Anti-Malware, версия 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)Mozilla Firefox 40.0.3 (x86 ru) (HKLM\...\Mozilla Firefox 40.0.3 (x86 ru)) (Version: 40.0.3 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)OpenAL (HKLM\...\OpenAL) (Version: - )Opera Stable 31.0.1889.240 (HKLM\...\Opera 31.0.1889.240) (Version: 31.0.1889.240 - Opera Software)Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)Samsung Universal Print Driver 2 (HKLM\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)Skype™ 7.9 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)Zona (HKLM\...\Zona)) (Version: - )Документы ПУ 5 (HKLM\...\Документы ПУ 5) (Version: - ОПФР по Республике Коми)МедиаКом IPTV (IP-TV Player 0.28.1.8834) (HKLM\...\IP-TV_Player) (Version: 0.28.1.8834 - ООО АДСЛ Клуб)Набор программ МедиаКом (HKLM\...\MediaCom Soft) (Version: 12.01.2013 - ООО "МедиаКом") ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{2D6BD2F0-5F84-4a06-924F-AEE0598B6272}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No FileCustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No FileCustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> no filepathCustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}\localserver32 -> C:\Users\Лида\AppData\Local\Amigo\Application\32.0.1725.115\delegate_execute.exe (LLC Mail.Ru)CustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No FileCustomCLSID: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000_Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}\InprocServer32 -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File ==================== Restore Points ========================= 08-09-2015 19:38:36 Removed Java 8 Update 4509-09-2015 22:24:35 Центр обновления Windows10-09-2015 15:48:03 Центр обновления Windows ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 07:04 - 2015-08-14 21:25 - 00000026 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00F2931F-09BA-4A09-A160-610F11C533F8} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTIONTask: {1E1E20AA-E188-455A-86A0-AB5088DABC06} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e732e06d9d3e => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)Task: {2B92C125-9656-43F4-88E2-5A1B0DA7FA51} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-07] (AVAST Software)Task: {5F6DB23B-A9E2-4B07-AC1C-5C524331DA06} - System32\Tasks\Opera scheduled Autoupdate 1441637903 => C:\Program Files\Opera\launcher.exe [2015-09-03] (Opera Software)Task: {D0C33AA3-E078-444C-A35F-D57E234E082C} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTIONTask: {F44B4E8A-8028-418B-A275-D4D552B43F2D} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e732e0a10a0e => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\4Ue9NpUtuGc.job => C:\Users\????\AppData\Roaming\4Ue9NpUtuGc.exe <==== ATTENTIONTask: C:\Windows\Tasks\4zcDGkUqCZDGA75Rm.job => C:\Users\????\AppData\Roaming\4zcDGkUqCZDGA75Rm.exe <==== ATTENTIONTask: C:\Windows\Tasks\D30TxpaFpHSQ.job => C:\Users\????\AppData\Roaming\D30TxpaFpHSQ.exe <==== ATTENTIONTask: C:\Windows\Tasks\dL4ZbPEmSL97xm4b0FiJ.job => C:\Users\????\AppData\Roaming\dL4ZbPEmSL97xm4b0FiJ.exe <==== ATTENTIONTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e732e06d9d3e.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e732e0a10a0e.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\KlFj3QUlEHIo0SE7SIjPc.job => C:\Users\????\AppData\Roaming\KlFj3QUlEHIo0SE7SIjPc.exe <==== ATTENTIONTask: C:\Windows\Tasks\NZxWIFkKud4Z7x.job => C:\Users\????\AppData\Roaming\NZxWIFkKud4Z7x.exe <==== ATTENTIONTask: C:\Windows\Tasks\uPcPs8Mb2URpsEmYz8351Z6DGu.job => C:\Users\????\AppData\Roaming\uPcPs8Mb2URpsEmYz8351Z6DGu.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2014-12-05 21:06 - 2011-04-11 10:26 - 00024064 _____ () C:\Windows\System32\spe__l.dll2009-09-01 05:31 - 2009-09-01 05:31 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll2013-11-01 11:45 - 2013-11-01 11:45 - 00203776 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll2013-07-26 05:18 - 2013-07-26 05:18 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll2013-07-26 05:18 - 2013-07-26 05:18 - 00618496 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll2015-07-31 07:52 - 2015-08-25 18:28 - 02874656 _____ () C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe2014-12-30 17:39 - 2014-12-30 17:39 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe2013-11-01 11:45 - 2013-11-01 11:45 - 00095744 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2015-09-07 20:21 - 2015-09-07 20:21 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2015-09-07 20:21 - 2015-09-07 20:21 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll2015-09-07 20:21 - 2015-09-07 20:21 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll2013-11-01 11:34 - 2013-11-01 11:34 - 00090112 _____ () C:\Program Files\ATI Technologies\HydraVision\HydraRus.dll2015-09-14 18:21 - 2015-09-14 18:21 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091400\algo.dll2015-09-07 20:21 - 2015-08-28 05:17 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.85\libglesv2.dll2015-09-07 20:21 - 2015-08-28 05:17 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.85\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:NTAlternateDataStreams: C:\ProgramData:NT2AlternateDataStreams: C:\Users\All Users:NTAlternateDataStreams: C:\Users\All Users:NT2AlternateDataStreams: C:\Users\Все пользователи:NTAlternateDataStreams: C:\Users\Все пользователи:NT2AlternateDataStreams: C:\Users\Лида:idAlternateDataStreams: C:\ProgramData\Application Data:NTAlternateDataStreams: C:\ProgramData\Application Data:NT2AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NTAlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2AlternateDataStreams: C:\ProgramData\TEMP:10D14739AlternateDataStreams: C:\Users\Все пользователи\Application Data:NTAlternateDataStreams: C:\Users\Все пользователи\Application Data:NT2AlternateDataStreams: C:\Users\Все пользователи\MTA San Andreas All:NTAlternateDataStreams: C:\Users\Все пользователи\MTA San Andreas All:NT2AlternateDataStreams: C:\Users\Все пользователи\TEMP:10D14739AlternateDataStreams: C:\Users\Лида\Application Data:NTAlternateDataStreams: C:\Users\Лида\Application Data:NT2AlternateDataStreams: C:\Users\Лида\AppData\Roaming:NTAlternateDataStreams: C:\Users\Лида\AppData\Roaming:NT2 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3133911900-3193841993-3875661804-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Лида\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 10.0.1.22 - 8.8.8.8HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Лида^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Вырезка экрана и программа запуска для OneNote 2007.lnk => C:\Windows\pss\Вырезка экрана и программа запуска для OneNote 2007.lnk.StartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: apphide => C:\Program Files\baidu\pps.exeMSCONFIG\startupreg: HCDNClient => "C:\IQIYI Video\Common\QyKernel.exe" -shell_startMSCONFIG\startupreg: hl => "C:\Program Files\Counter-Strike 1.6\ENG\hl.exe" autorunMSCONFIG\startupreg: Only-search => C:\Program Files\onlysearch\onlysearch\1.3.22.1\onlysearch.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{DBF66B21-4844-4F8E-B284-A5E3EEF75C55}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeFirewallRules: [{8AAF39B7-73CF-448C-B70F-B480729E5371}] => (Allow) C:\Program Files\Skype\Phone\Skype.exeFirewallRules: [{D10F2BA9-FC99-4502-A6DF-EE8E2DD65B9B}] => (Allow) C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exeFirewallRules: [{8D94F768-19D4-402A-B242-AD8E0196722D}] => (Allow) C:\Program Files\MediaCom\CommFort\CommFort.exeFirewallRules: [{A1FA2C59-907E-4C43-93CC-849D47D915CB}] => (Allow) C:\Program Files\MediaCom\CommFort\CommFort.exeFirewallRules: [{FA9F96D8-5874-4710-AD81-CB556B1D3889}] => (Allow) C:\Program Files\MediaCom\StrongDC++\StrongDC.exeFirewallRules: [{4CFEAEDB-495F-4535-9144-31F7059CA767}] => (Allow) C:\Program Files\MediaCom\StrongDC++\StrongDC.exeFirewallRules: [{BF07CE1D-BBC1-494F-B91C-8B2CF72210A7}] => (Allow) C:\Program Files\MediaCom\IPTV\IpTvPlayer.exeFirewallRules: [{CD436DCB-C92D-4479-8290-9D770DB8A2F0}] => (Allow) C:\Program Files\MediaCom\IPTV\IpTvPlayer.exeFirewallRules: [TCP Query User{D562412A-04AD-43BF-A59A-9FAE153C0C2B}C:\program files\counter-strike 1.6 [repack by silent]\hl.exe] => (Allow) C:\program files\counter-strike 1.6 [repack by silent]\hl.exeFirewallRules: [uDP Query User{3D0C3A59-D7F8-4F36-92CB-5ACAB8FD5E74}C:\program files\counter-strike 1.6 [repack by silent]\hl.exe] => (Allow) C:\program files\counter-strike 1.6 [repack by silent]\hl.exeFirewallRules: [{ED8686A0-20E7-4F3F-B843-14ACE947B029}] => (Allow) LPort=80FirewallRules: [{8AC618AE-582E-4EE5-A3DA-211B7515D94F}] => (Allow) LPort=443FirewallRules: [{FEA68B9C-0515-43C2-8A0E-7BB5EFFD7EC7}] => (Allow) LPort=20010FirewallRules: [{5A8620DE-CAEC-4E92-9C2D-E41187FBA998}] => (Allow) LPort=3478FirewallRules: [{DDD08FEB-7F97-4359-A8B7-8B1B5F6F5E7A}] => (Allow) LPort=7850FirewallRules: [{110C2E33-BAD3-4BF2-8FFC-43398DF04C01}] => (Allow) LPort=7852FirewallRules: [{38C13953-BF2E-4A80-ACC8-D37C5D3F2E36}] => (Allow) LPort=7853FirewallRules: [{5445774E-2215-4809-9AD4-11351FC8ED1A}] => (Allow) LPort=27022FirewallRules: [{5928BD24-1483-45CE-8C58-D306B71FBFC3}] => (Allow) LPort=6881FirewallRules: [{48579F90-F74D-470C-A43B-07A752829F67}] => (Allow) LPort=33333FirewallRules: [{1FDCC86F-C039-4320-A48D-9C5104D6FCB4}] => (Allow) LPort=20443FirewallRules: [{C5485DCC-692D-4ADE-8A26-3FE5C1F1F621}] => (Allow) LPort=8090FirewallRules: [{2677D63B-A0FD-4B1C-8F17-8F743485C9F0}] => (Allow) C:\Users\Лида\Downloads\uTorrent.exeFirewallRules: [{86FB66FB-4E92-45E5-9A7E-4C5CA1CF1D9D}] => (Allow) C:\Users\Лида\Downloads\uTorrent.exeFirewallRules: [{EA65BCAA-F684-460F-9106-AA8ECD3C181A}] => (Allow) C:\Users\Лида\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exeFirewallRules: [{DF978091-5B31-4B20-99DA-53F47EC6D6A2}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exeFirewallRules: [{5F1764FE-BC92-48A6-A2D1-0D437D363BBF}] => (Allow) C:\Users\Лида\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exeFirewallRules: [{66B662DD-A6E5-4CD3-83C1-C2E0B558EDF2}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exeFirewallRules: [{6034F75F-284E-4525-A0DE-0AD304C81819}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exeFirewallRules: [{AE6EBB45-E15B-4FF5-838E-406E222B00D0}] => (Allow) C:\IQIYI Video\Common\QyKernel.exeFirewallRules: [{18678528-AF1D-4ED6-BBD2-D829C38AEAE9}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exeFirewallRules: [{607A4714-56E1-4F8F-B00A-4235BC49A021}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exeFirewallRules: [{F13E7628-EBE4-43F8-8004-312DD18DD41C}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exeFirewallRules: [{64423ED0-975D-4EB1-8BF4-34A86283ADF6}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exeFirewallRules: [{2FC19B43-A377-4A10-8932-44C0BE20DD9F}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exeFirewallRules: [{0DF6BBD2-0FB5-4C7C-AC27-79573A720657}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exeFirewallRules: [{43F113EC-140C-4BFA-BEFE-37E6A018EC72}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exeFirewallRules: [{D03ACD44-DF34-45EF-8928-E21C3A9ADCE0}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exeFirewallRules: [{353843B6-2516-400C-84D3-3AA8955341B8}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exeFirewallRules: [{7E2C736E-5EFA-4B40-852A-7D4129117E6F}] => (Allow) C:\Users\Лида\AppData\Roaming\IQIYI Video\GeePlayer\GpUpdate.exeFirewallRules: [{4054B829-A1B7-44BE-BD1C-8E4C03BF1CE0}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\GeePlayer.exeFirewallRules: [{CFD19CD2-4553-46ED-BDBA-ECD74CE9A31D}] => (Allow) C:\Users\Лида\AppData\Roaming\IQIYI Video\GeePlayer\GpUpdate.exeFirewallRules: [{8236CFEB-0DD6-42F8-BA5A-4A9E25C16AB5}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\GeePlayer.exeFirewallRules: [{CCD067F1-185E-40DE-9426-4F9A893685A7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exeFirewallRules: [{3C113BE7-D89C-460B-91EC-6570D190453E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exeFirewallRules: [{CF9E184D-AD48-44CC-9794-62A46067D104}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exeFirewallRules: [{14DA6109-6B4D-4DA0-9D91-6A952997CB18}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exeFirewallRules: [{11EA9837-727E-48BB-A95F-DE8C49470F51}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Faulty Device Manager Devices ============= Name: tencent QMUdiskDescription: tencent QMUdiskClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer: Service: QMUdiskProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (09/13/2015 06:58:50 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Имя сбойного приложения: svchost.exe_SysMain, версия: 6.1.7600.16385, отметка времени: 0x4a5bc100Имя сбойного модуля: sysmain.dll, версия: 6.1.7601.18933, отметка времени 0x55a69e09Код исключения: 0xc0000005Смещение ошибки: 0x00046558Идентификатор сбойного процесса: 0x6e0Время запуска сбойного приложения: 0xsvchost.exe_SysMain0Путь сбойного приложения: svchost.exe_SysMain1Путь сбойного модуля: svchost.exe_SysMain2Код отчета: svchost.exe_SysMain3 Error: (09/13/2015 06:22:58 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Имя сбойного приложения: mbamservice.exe, версия: 3.2.13.0, отметка времени: 0x558200e9Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18933, отметка времени 0x55a69d9fКод исключения: 0xc0000005Смещение ошибки: 0x00059c85Идентификатор сбойного процесса: 0x1194Время запуска сбойного приложения: 0xmbamservice.exe0Путь сбойного приложения: mbamservice.exe1Путь сбойного модуля: mbamservice.exe2Код отчета: mbamservice.exe3 Error: (09/13/2015 05:22:23 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Имя сбойного приложения: svchost.exe_SysMain, версия: 6.1.7600.16385, отметка времени: 0x4a5bc100Имя сбойного модуля: sysmain.dll, версия: 6.1.7601.18933, отметка времени 0x55a69e09Код исключения: 0xc0000005Смещение ошибки: 0x00046558Идентификатор сбойного процесса: 0xd20Время запуска сбойного приложения: 0xsvchost.exe_SysMain0Путь сбойного приложения: svchost.exe_SysMain1Путь сбойного модуля: svchost.exe_SysMain2Код отчета: svchost.exe_SysMain3 Error: (09/13/2015 04:28:01 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Имя сбойного приложения: chrome.exe, версия: 45.0.2454.85, отметка времени: 0x55df881bИмя сбойного модуля: ntdll.dll, версия: 6.1.7601.18933, отметка времени 0x55a69d9fКод исключения: 0xc0000005Смещение ошибки: 0x00052e34Идентификатор сбойного процесса: 0x9b4Время запуска сбойного приложения: 0xchrome.exe0Путь сбойного приложения: chrome.exe1Путь сбойного модуля: chrome.exe2Код отчета: chrome.exe3 Error: (09/13/2015 03:08:08 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Имя сбойного приложения: mbamservice.exe, версия: 3.2.13.0, отметка времени: 0x558200e9Имя сбойного модуля: mbamservice.exe, версия: 3.2.13.0, отметка времени 0x558200e9Код исключения: 0xc0000005Смещение ошибки: 0x000aafb4Идентификатор сбойного процесса: 0xbe4Время запуска сбойного приложения: 0xmbamservice.exe0Путь сбойного приложения: mbamservice.exe1Путь сбойного модуля: mbamservice.exe2Код отчета: mbamservice.exe3 Error: (09/13/2015 08:26:24 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Имя сбойного приложения: svchost.exe_Winmgmt, версия: 6.1.7600.16385, отметка времени: 0x4a5bc100Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18933, отметка времени 0x55a69d9fКод исключения: 0xc0000374Смещение ошибки: 0x000c3f83Идентификатор сбойного процесса: 0x10dcВремя запуска сбойного приложения: 0xsvchost.exe_Winmgmt0Путь сбойного приложения: svchost.exe_Winmgmt1Путь сбойного модуля: svchost.exe_Winmgmt2Код отчета: svchost.exe_Winmgmt3 Error: (09/13/2015 08:26:22 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2select * from MSFT_SCMEventLogEvent0x80041012 Error: (09/13/2015 08:26:22 AM) (Source: WinMgmt) (EventID: 24) (User: )Description: $Coreselect * from __TimerEvent__TimerEvent//./root/CIMV2 Error: (09/13/2015 08:26:22 AM) (Source: WinMgmt) (EventID: 24) (User: )Description: $Coreselect * from __SystemEvent__SystemEvent//./root/CIMV2 Error: (09/13/2015 08:26:22 AM) (Source: WinMgmt) (EventID: 24) (User: )Description: $Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root/CIMV2 System errors:=============Error: (09/14/2015 06:21:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: Служба Avast Antivirus была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 5000 мсек: Перезапуск службы. Error: (09/14/2015 06:20:30 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (09/13/2015 06:58:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: Служба Superfetch была неожиданно завершена. Это произошло 2 раз(а). Следующее корректирующее действие будет предпринято через 60000 мсек: Перезапуск службы. Error: (09/13/2015 06:23:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: Служба "MBAMService" неожиданно прервана. Это произошло (раз): 2. Error: (09/13/2015 05:22:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: Служба Superfetch была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 60000 мсек: Перезапуск службы. Error: (09/13/2015 03:08:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: Служба "MBAMService" неожиданно прервана. Это произошло (раз): 1. Error: (09/13/2015 03:06:28 PM) (Source: EventLog) (EventID: 6008) (User: )Description: Предыдущее завершение работы системы в 9:13:22 на ?13.?09.?2015 было неожиданным. Error: (09/13/2015 09:05:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: Превышение времени ожидания (120000 мс) при ожидании ответа транзакции от службы "Winmgmt". Error: (09/13/2015 09:05:11 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Error: (09/13/2015 08:53:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: Превышение времени ожидания (120000 мс) при ожидании ответа транзакции от службы "Winmgmt". Microsoft Office:========================= ==================== Memory info =========================== Processor: AMD A6-5400K APU with Radeon HD Graphics Percentage of memory in use: 35%Total physical RAM: 3012.19 MBAvailable physical RAM: 1953.2 MBTotal Virtual: 8510.5 MBAvailable Virtual: 6715.46 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:38.37 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0BFF96B5)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-09-2015 02Ran by Лида (administrator) on ЛИДА-ПК (14-09-2015 19:10:49)Running from C:\Users\Лида\DesktopLoaded Profiles: Лида (Available Profiles: Лида)Platform: Microsoft Windows 7 Максимальная Service Pack 1 (X86) Language: Русский (Россия)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe() C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe() C:\Windows\System32\PnkBstrA.exe(Mail.Ru) C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe(SMART-SOFT) C:\Program Files\MediaCom\TrafInsp\Agent\trafinspag.exe(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-11-01] (Advanced Micro Devices, Inc.)HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM\...\Run: [MediaComUpdate] => "C:\Program Files\MediaCom\MediaComTools\mediacom-update" -sHKLM\...\Run: [trafinspag.exe] => C:\Program Files\MediaCom\TrafInsp\Agent\trafinspag.exe [998912 2013-01-11] (SMART-SOFT)HKLM\...\Run: [gpuminer] => C:\Users\Лида\AppData\Roaming\cpuminer\sgminer\start.cmd [214 2015-08-21] ()HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-07] (AVAST Software)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)HKU\S-1-5-21-3133911900-3193841993-3875661804-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-11-01] (AMD)HKU\S-1-5-21-3133911900-3193841993-3875661804-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [55106080 2015-08-26] (Skype Technologies S.A.)HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-11-30] (Microsoft Corporation)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-07] (AVAST Software)ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{10F01852-59D5-482C-BC73-4745E7467D1C}: [NameServer] 10.0.1.22,8.8.8.8,8.8.4.4,10.0.7.254 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3133911900-3193841993-3875661804-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}HKU\S-1-5-21-3133911900-3193841993-3875661804-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006HKU\S-1-5-21-3133911900-3193841993-3875661804-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKLM -> {F4137D40-259A-4FB3-B780-F8C39B303C41} URL = hxxp://yandex.ru/yandsearch?clid=2101082&text={searchTerms}SearchScopes: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> {8C01790A-D2B9-4F10-A6CF-8BD15CB2C8F6} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^RU&gct=sb&itbv=12.21.0.114&apn_uid=2F3E36E8-9159-4582-A6DB-A271B0F92A09&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^RU&apn_dbr=ie&doi=2014-12-01&trgb=IE&q={searchTerms}&psv=&pt=tbSearchScopes: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}SearchScopes: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> {F4137D40-259A-4FB3-B780-F8C39B303C41} URL = hxxp://yandex.ru/yandsearch?clid=2101082&text={searchTerms}SearchScopes: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=iextnBHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-08] (Oracle Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-07] (AVAST Software)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)BHO: No Name -> {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} -> No FileBHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-08] (Oracle Corporation)BHO: °®ЖжТХЦъКЦ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\IQIYI Video\Common\Accelerator\IEHelper.dll No FileToolbar: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-3133911900-3193841993-3875661804-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No FileHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox:========FF ProfilePath: C:\Users\Лида\AppData\Roaming\Mozilla\Firefox\Profiles\89xaq27n.default-1439004351157FF DefaultSearchEngine: YandexFF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-08] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-08] (Oracle Corporation)FF SearchPlugin: C:\Users\Лида\AppData\Roaming\Mozilla\Firefox\Profiles\89xaq27n.default-1439004351157\searchplugins\google-avast.xml [2015-08-08]FF SearchPlugin: C:\Users\Лида\AppData\Roaming\Mozilla\Firefox\Profiles\89xaq27n.default-1439004351157\searchplugins\mailru.xml [2015-09-05]FF SearchPlugin: C:\Users\Лида\AppData\Roaming\Mozilla\Firefox\Profiles\89xaq27n.default-1439004351157\searchplugins\yandex-avast.xml [2015-09-10]FF Extension: Визуальные закладки @Mail.Ru - C:\Users\Лида\AppData\Roaming\Mozilla\Firefox\Profiles\89xaq27n.default-1439004351157\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2015-08-14]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-07]FF Extension: No Name - C:\Users\Лида\AppData\Roaming\Mozilla\Firefox\Profiles\89xaq27n.default-1439004351157\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [not found] Chrome: =======CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn9CHR DefaultSearchKeyword: Default -> mail.ruCHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}CHR Profile: C:\Users\Лида\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Презентации) - C:\Users\Лида\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-07]CHR Extension: (Документы Google) - C:\Users\Лида\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07]CHR Extension: (Диск Google) - C:\Users\Лида\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-07]CHR Extension: (CiPlus-4.5vV29.08) - C:\Users\Лида\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfaohpmjmhdgnjblojekjlnadhehiadj [2015-09-10]CHR Extension: (YouTube) - C:\Users\Лида\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-07]CHR Extension: (Google Search) - C:\Users\Лида\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-07]CHR Extension: (Google Документы Офлайн) - C:\Users\Лида\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Лида\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-07]CHR Extension: (Skype Click to Call) - C:\Users\Лида\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-09-07]CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Лида\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]CHR Extension: (Gmail) - C:\Users\Лида\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]CHR HKLM\...\Chrome\Extension: [bgomnbpelpcdicbnicimghcecemjpbef] - hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [cegdomhocaeoedbdpfolmgjkjaijfomo] - hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-07]CHR HKLM\...\Chrome\Extension: [fopefgobkmblbipkdebgnnlclchlakom] - hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [gdknicmnhbaajdglbinpahhapghpakch] - hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-07]CHR HKLM\...\Chrome\Extension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] - hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [jaeahnnfohikjnejpokeaaiinijhpfop] - hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] - hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [kppacdmmddediahklmcgkgdhhoojemmd] - hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]CHR HKLM\...\Chrome\Extension: [njabjmhinndphfnbjehdalkphpdmepli] - hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [pchfckkccldkbclgdepkaonamkignanh] - hxxp://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [pganlglbhgfjfgopijbhemcpbehjnpia] - hxxps://clients2.google.com/service/update2/crx Opera: =======OPR Extension: (No Name) - C:\Users\Лида\AppData\Roaming\Opera Software\Opera Stable\Extensions\ablgnpngfaaficpckehadaljnjgjkhbi [2015-08-29]OPR Extension: (No Name) - C:\Users\Лида\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfaohpmjmhdgnjblojekjlnadhehiadj [2015-08-29] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-07] (AVAST Software)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-09-07] (Avast Software)R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт)S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-12-30] ()R2 Updater.Mail.Ru; C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [5525720 2015-09-01] (Mail.Ru)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [57336 2015-06-02] ()R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2015-03-29] (Advanced Micro Devices Inc.)R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [73928 2015-07-30] (Advanced Micro Devices)R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-07-30] (Advanced Micro Devices)R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50432 2013-09-19] (Advanced Micro Devices)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-09-07] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-09-07] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-09-07] (AVAST Software)R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-09-07] (AVAST Software)R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-09-07] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-09-07] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-09-07] (AVAST Software)R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-09-07] (AVAST Software)S3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [25104 2015-07-30] (Disc Soft Ltd)R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-03-23] (REALiX)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-14] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2015-03-29] (Creative Technology Ltd.)R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78784 2015-07-15] (Корпорация Майкрософт)R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-09-07] (AVAST Software)S3 TSSK; C:\Windows\System32\tssk.sys [67896 2015-08-25] (????)S3 ujm0mji3; C:\Windows\system32\Drivers\ujm0mji3.sys [10240 2015-09-09] (Zaitsev Oleg, 2006) [File not signed]S3 utm0mji3; C:\Windows\system32\Drivers\utm0mji3.sys [7168 2015-09-11] () [File not signed]R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-09-07] (Avast Software)R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт)S3 cpuz134; \?\C:\Users\2B13~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]S3 gdrv; \?\C:\Windows\gdrv.sys [X]S1 QMUdisk; \?\C:\Program Files\Tencent\QQPCMgr\10.10.16443.223\QMUdisk.sys [X]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 TS888; \?\C:\Program Files\Tencent\QQPCMgr\10.10.16443.223\TS888.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legitC:\Windows\System32\drivers\ACPI.sys ==> MD5 is legitC:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legitC:\Windows\System32\drivers\adgnetworktdidrv.sys 1A50EDED4A26F8BA3788BBBA40A0AEC2C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legitC:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156C:\Windows\system32\drivers\agp440.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legitC:\Windows\system32\drivers\aliide.sys ==> MD5 is legitC:\Windows\system32\drivers\amdagp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\amdide.sys 7AA286C7F10916DB23734AF066EEC65DC:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\atikmdag.sys 933F07FB581E50611C0A6D3FE87C3E48C:\Windows\System32\DRIVERS\atikmpag.sys 6275133893F38C2DD44B9F4A4081DE9AC:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legitC:\Windows\system32\drivers\amdsata.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legitC:\Windows\System32\drivers\amdxata.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\amd_sata.sys 4B3C8095DD9EBCB67F1D1A7DEDE99201C:\Windows\System32\DRIVERS\amd_xata.sys B38C9AE266D34A18BA4C8609AD9C7B48C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys 5EDD711DDA87E771E9BB52C2D830AA6DC:\Windows\system32\drivers\appid.sys C532028F7EFF8831BE6B5E3C417E07FAC:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legitC:\Windows\system32\drivers\aswHwid.sys D358A8946FC76F9B8564CB424A4D6921C:\Windows\system32\drivers\aswMonFlt.sys 4121974453BB7B823CB0519539995A7AC:\Windows\system32\drivers\aswRdr2.sys EA36346304039B5160E6A365FCA099CBC:\Windows\system32\Drivers\aswRvrt.sys 02E5376D5EDFC3869DF9B459AD006949C:\Windows\system32\drivers\aswSnx.sys B12C276BC7E4C9FC874C55DDFAEAB8BDC:\Windows\system32\drivers\aswSP.sys 9CFAB04FDA0A5F6A9698208FB71C0591C:\Windows\system32\drivers\aswStm.sys 2A4FDC85161C0BCA50F4489F7DC91ADBC:\Windows\system32\Drivers\aswVmm.sys 8B31DFB7A3BFB59A40086E6749D0AF95C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legitC:\Windows\System32\drivers\atapi.sys ==> MD5 is legitC:\Windows\System32\drivers\AtihdW73.sys 5C86176DD05907F40906A3F07F201965C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legitC:\Windows\system32\Drivers\Beep.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legitC:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legitC:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legitC:\Windows\system32\drivers\cmdide.sys ==> MD5 is legitC:\Windows\System32\Drivers\cng.sys 3051724F223EA48968B19567DE2A81F4C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legitC:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legitC:\Windows\System32\drivers\csc.sys ==> MD5 is legitC:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legitC:\Windows\System32\drivers\discache.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legitC:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\dtproscsibus.sys 30F1865C1B77C356E87F244F1B880235C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08BC:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legitC:\Windows\system32\drivers\errdev.sys ==> MD5 is legitC:\Windows\system32\Drivers\exfat.sys ==> MD5 is legitC:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legitC:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legitC:\Windows\System32\drivers\filetrace.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitBC:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legitC:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legitC:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legitC:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legitC:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legitC:\Windows\system32\drivers\hidusb.sys ==> MD5 is legitC:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legitC:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9C:\Windows\system32\drivers\HWiNFO32.SYS 6FFB351C9C9BB88E91785F4CD7396D31C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legitC:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legitC:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legitC:\Windows\System32\drivers\RTKVHDA.sys 82EE5914B6AB27BFD23ECA29AEB34DA4C:\Windows\system32\drivers\intelide.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legitC:\Windows\System32\drivers\ipnat.sys ==> MD5 is legitC:\Windows\System32\drivers\irenum.sys ==> MD5 is legitC:\Windows\system32\drivers\isapnp.sys ==> MD5 is legitC:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legitC:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legitC:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legitC:\Windows\System32\Drivers\ksecdd.sys 48732BFA0C692BEC15DBBFE754E594C6C:\Windows\System32\Drivers\ksecpkg.sys 46B1F590C06AF25BCADCCAE0148C2074C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legitC:\Windows\system32\drivers\luafv.sys ==> MD5 is legitC:\Windows\system32\drivers\mbam.sys B4CD87E78A01562E3DA67FE1C2779204C:\Windows\system32\drivers\MBAMSwissArmy.sys 739164A8B8FB2F1B50A498F20AF7B21EC:\Windows\system32\drivers\mwac.sys 490F0F3ED8A970E2BAA38F719242B8F7C:\Windows\System32\drivers\MBfilt32.sys 29CB85A1FE091C9D3AA3C72D66DF3E69C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legitC:\Windows\System32\drivers\modem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legitC:\Windows\system32\drivers\mouclass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legitC:\Windows\System32\drivers\mountmgr.sys BAD9C0366134BA181514E9263C8CE606C:\Windows\system32\drivers\mpio.sys ==> MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252C:\Windows\System32\DRIVERS\mrxsmb.sys FEDAAB6716B44DE8B9EFC14DD9A26215C:\Windows\System32\DRIVERS\mrxsmb10.sys 77DD652AB8708CDB55FDB7073B868784C:\Windows\System32\DRIVERS\mrxsmb20.sys 4ACDB6414918D8920875B00B286E1FBCC:\Windows\System32\drivers\msahci.sys ==> MD5 is legitC:\Windows\system32\drivers\msdsm.sys ==> MD5 is legitC:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legitC:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legitC:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legitC:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legitC:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legitC:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legitC:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legitC:\Windows\System32\Drivers\mup.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legitC:\Windows\System32\drivers\ndis.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legitC:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legitC:\Windows\system32\Drivers\ngvss.sys DE112A8B8E5ADC26E83791FFF6832B17C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legitC:\Windows\system32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDEC:\Windows\system32\Drivers\Null.sys ==> MD5 is legitC:\Windows\system32\drivers\nvraid.sys ==> MD5 is legitC:\Windows\system32\drivers\nvstor.sys ==> MD5 is legitC:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legitC:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legitC:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9BC:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legitC:\Windows\System32\drivers\pci.sys ==> MD5 is legitC:\Windows\System32\drivers\pciide.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legitC:\Windows\System32\drivers\pcw.sys ==> MD5 is legitC:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43FC:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legitC:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legitC:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpvideominiport.sys EAC76854C359D2534B25296AE425410DC:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\Rtnicxp.sys F75AE5E5288B5417940E9782438C6CD3C:\Windows\System32\DRIVERS\Rt86win7.sys C5CF99568169D377F326B23BFF67FC6BC:\Windows\System32\DRIVERS\Rt630x86.sys B2077AD2FD6F00EE4779C900D3275FFAC:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legitC:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legitC:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legitC:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legitC:\Windows\system32\drivers\sisagp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legitC:\Windows\system32\Drivers\spldr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71ABC:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABCC:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legitC:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legitC:\Windows\system32\drivers\storvsc.sys ==> MD5 is legitC:\Windows\system32\drivers\swenum.sys ==> MD5 is legitC:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6BC:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6BC:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legitC:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legitC:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legitC:\Windows\system32\drivers\termdd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3C:\Windows\System32\tssk.sys C2FA19BAAB0C5C8A79574BE75F60C3ECC:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legitC:\Windows\system32\Drivers\ujm0mji3.sys 817D8D89FE54E6E207BF50582C1C0E4BC:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legitC:\Windows\system32\drivers\umbus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legitC:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AFC:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6C:\Windows\System32\DRIVERS\usbfilter.sys 78BA6C76EAB8AEECD43C06E0E63FAD3DC:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655AC:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legitC:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37ABC:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5C:\Windows\system32\Drivers\utm0mji3.sys 524D8D450622DB4A7875B111C299A76BC:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys 53D2D97E86482E0BF46462D9DCFEEC9DC:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legitC:\Windows\System32\drivers\vga.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vhdmp.sys ==> MD5 is legitC:\Windows\system32\drivers\viaagp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legitC:\Windows\system32\drivers\viaide.sys ==> MD5 is legitC:\Windows\System32\drivers\vmbus.sys ==> MD5 is legitC:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgr.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legitC:\Windows\System32\drivers\volsnap.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legitC:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legitC:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legitC:\Windows\System32\drivers\wimmount.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legitC:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legitC:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-14 19:10 - 2015-09-14 19:11 - 00038291 _____ C:\Users\Лида\Desktop\FRST.txt2015-09-14 19:10 - 2015-09-14 19:10 - 00000000 ____D C:\FRST2015-09-14 19:09 - 2015-09-14 19:09 - 01694208 _____ (Farbar) C:\Users\Лида\Desktop\FRST.exe2015-09-13 16:28 - 2015-09-13 16:28 - 00001237 _____ C:\Users\Лида\Desktop\лог.txt2015-09-11 16:09 - 2015-09-11 16:09 - 00000000 ____D C:\Windows\pss2015-09-10 19:23 - 2015-09-14 12:15 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-09-10 19:23 - 2015-09-10 21:05 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-09-10 19:23 - 2015-09-10 19:23 - 00000000 ____D C:\Users\Все пользователи\Malwarebytes2015-09-10 19:23 - 2015-09-10 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-09-10 19:23 - 2015-09-10 19:23 - 00000000 ____D C:\ProgramData\Malwarebytes2015-09-10 19:23 - 2015-09-10 19:23 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware2015-09-10 19:23 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-09-10 19:23 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-09-10 19:23 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-09-10 19:22 - 2015-09-10 19:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Лида\Desktop\mbam-setup-2.1.8.1057 (1).exe2015-09-10 19:21 - 2015-09-10 19:22 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Лида\Downloads\mbam-setup-2.1.8.1057.exe2015-09-10 15:36 - 2015-08-05 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2015-09-10 15:36 - 2015-08-05 22:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll2015-09-09 18:37 - 2015-09-09 18:38 - 00180024 _____ C:\Users\Лида\Desktop\ClearLNK.zip2015-09-09 18:35 - 2015-09-09 18:35 - 00030564 _____ C:\quarantine.zip2015-09-09 18:30 - 2015-09-09 18:30 - 00010240 _____ (Zaitsev Oleg, 2006) C:\Windows\system32\Drivers\ujm0mji3.sys2015-09-09 18:22 - 2015-09-09 18:22 - 00388608 _____ (Trend Micro Inc.) C:\Users\Лида\Downloads\HijackThis.exe2015-09-09 18:10 - 2015-09-02 07:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll2015-09-09 18:10 - 2015-09-02 07:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-09-09 18:10 - 2015-09-02 07:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll2015-09-09 18:10 - 2015-09-02 07:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll2015-09-09 18:10 - 2015-09-02 06:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-09-09 18:10 - 2015-09-02 06:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-09-09 18:10 - 2015-08-18 06:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-09-09 18:10 - 2015-08-15 11:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-09-09 18:10 - 2015-08-15 10:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-09-09 18:10 - 2015-08-15 10:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-09-09 18:10 - 2015-08-15 10:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-09-09 18:10 - 2015-08-15 10:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-09-09 18:10 - 2015-08-15 10:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-09-09 18:10 - 2015-08-15 10:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-09-09 18:10 - 2015-08-15 10:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-09-09 18:10 - 2015-08-15 10:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-09-09 18:10 - 2015-08-15 10:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-09-09 18:10 - 2015-08-15 10:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-09-09 18:10 - 2015-08-15 10:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-09-09 18:10 - 2015-08-15 10:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-09-09 18:10 - 2015-08-15 10:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-09-09 18:10 - 2015-08-15 10:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-09-09 18:10 - 2015-08-15 10:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-09-09 18:10 - 2015-08-15 10:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-09-09 18:10 - 2015-08-15 10:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-09-09 18:10 - 2015-08-15 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-09-09 18:10 - 2015-08-15 10:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-09-09 18:10 - 2015-08-15 10:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-09-09 18:10 - 2015-08-15 10:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-09-09 18:10 - 2015-08-15 10:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-09-09 18:10 - 2015-08-15 10:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-09-09 18:10 - 2015-08-15 10:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-09-09 18:10 - 2015-08-15 10:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-09-09 18:10 - 2015-08-15 10:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-09-09 18:10 - 2015-08-15 10:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-09-09 18:10 - 2015-08-15 09:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-09-09 18:10 - 2015-08-15 09:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-09-09 18:10 - 2015-08-15 09:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-09-09 18:10 - 2015-08-05 22:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll2015-09-09 18:10 - 2015-08-04 22:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll2015-09-09 18:10 - 2015-08-04 22:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2015-09-09 18:10 - 2015-08-04 22:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2015-09-09 18:10 - 2015-08-04 22:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe2015-09-09 18:10 - 2015-08-04 22:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe2015-09-09 18:10 - 2015-08-04 21:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys2015-09-09 18:09 - 2015-07-15 07:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2015-09-09 18:07 - 2015-08-26 22:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-09-09 18:07 - 2015-08-26 22:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-09-09 18:07 - 2015-08-26 22:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-09-09 18:07 - 2015-08-26 22:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-09-09 18:07 - 2015-08-26 22:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-09-09 18:07 - 2015-08-26 22:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-09-09 18:07 - 2015-08-26 22:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-09-09 18:07 - 2015-08-26 22:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-09-09 18:07 - 2015-08-26 22:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-09-09 18:07 - 2015-08-26 22:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-09-09 18:07 - 2015-08-26 22:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-09-09 18:00 - 2015-09-11 21:30 - 00007168 _____ C:\Windows\system32\Drivers\utm0mji3.sys2015-09-09 17:50 - 2015-09-09 17:51 - 09842759 _____ C:\Users\Лида\Downloads\avz4.zip2015-09-08 20:17 - 2015-09-08 20:16 - 22397829 _____ C:\Users\Лида\Desktop\AutoLogger.zip2015-09-08 20:14 - 2015-09-08 20:16 - 22397829 _____ C:\Users\Лида\Downloads\AutoLogger.zip2015-09-08 20:06 - 2015-09-08 20:06 - 00000000 ____D C:\FixerBro2015-09-08 20:04 - 2015-09-08 19:46 - 01165931 _____ C:\Users\Лида\Desktop\FixerBro.zip2015-09-08 19:51 - 2015-09-10 21:05 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-09-08 19:51 - 2015-09-10 21:05 - 00001103 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-09-08 19:51 - 2015-09-08 19:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2015-09-08 19:50 - 2015-09-08 19:50 - 00243008 _____ C:\Users\Лида\Downloads\Firefox Setup Stub 40.0.3.exe2015-09-08 19:46 - 2015-09-08 19:46 - 01165931 _____ C:\Users\Лида\Downloads\FixerBro.zip2015-09-08 19:45 - 2015-09-08 19:45 - 00000000 ____D C:\Program Files\Common Files\Java2015-09-08 19:41 - 2015-09-08 19:41 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Sun2015-09-08 19:41 - 2015-09-08 19:41 - 00000000 ____D C:\Users\Лида\.oracle_jre_usage2015-09-08 19:38 - 2015-09-08 19:38 - 49695840 _____ (Oracle Corporation) C:\Users\Лида\Downloads\jre-8u60-windows-i586.exe2015-09-08 18:46 - 2015-09-08 18:47 - 00076800 _____ C:\Users\Лида\Downloads\Прайс 01-09-2015_OPTIC_CENTER_Ekaterinburg (1).xls2015-09-08 07:01 - 2015-09-08 07:01 - 00076800 _____ C:\Users\Лида\Downloads\Прайс 01-09-2015_OPTIC_CENTER_Ekaterinburg.xls2015-09-07 20:26 - 2015-09-07 20:26 - 00000000 ____D C:\Users\Лида\AppData\Roaming\AVAST Software2015-09-07 20:22 - 2015-09-10 21:05 - 00002073 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk2015-09-07 20:22 - 2015-09-07 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-09-07 20:21 - 2015-09-10 21:05 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-09-07 20:21 - 2015-09-07 20:21 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2015-09-07 20:21 - 2015-09-07 20:21 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2015-09-07 20:21 - 2015-09-07 20:21 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2015-09-07 20:21 - 2015-09-07 20:21 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys2015-09-07 20:21 - 2015-09-07 20:21 - 00113592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2015-09-07 20:21 - 2015-09-07 20:21 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys2015-09-07 20:21 - 2015-09-07 20:21 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2015-09-07 20:21 - 2015-09-07 20:21 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2015-09-07 20:21 - 2015-09-07 20:21 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys2015-09-07 20:21 - 2015-09-07 20:21 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr2015-09-07 20:21 - 2015-09-07 20:21 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys2015-09-07 20:21 - 2015-09-07 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-09-07 20:19 - 2015-09-07 20:19 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Лида\Downloads\avast_free_antivirus_setup_online_comss.exe2015-09-07 20:19 - 2015-09-07 20:19 - 00000000 ____D C:\Program Files\AVAST Software2015-09-07 19:58 - 2015-09-10 21:05 - 00001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk2015-09-07 19:58 - 2015-09-10 21:05 - 00001067 _____ C:\Users\Public\Desktop\Opera.lnk2015-09-07 19:57 - 2015-09-07 19:57 - 00703536 _____ (Opera Software) C:\Users\Лида\Downloads\Opera_NI_stable.exe2015-09-07 19:49 - 2015-09-07 19:49 - 00000000 ____D C:\Users\Лида\AppData\Roaming\AMCPromote2015-09-07 19:49 - 2015-09-07 19:49 - 00000000 ____D C:\Users\Все пользователи\{2ACB8283-3DA0-4D9A-8EC6-CE39EEA98C97}2015-09-07 19:49 - 2015-09-07 19:49 - 00000000 ____D C:\ProgramData\{2ACB8283-3DA0-4D9A-8EC6-CE39EEA98C97}2015-09-06 18:08 - 2015-06-02 16:38 - 00057336 _____ () C:\Windows\system32\Drivers\adgnetworktdidrv.sys2015-09-06 17:55 - 2015-09-06 17:55 - 00000273 _____ C:\Windows\system32\Drivers\vwifikerneldrv.sys2015-09-06 17:55 - 2015-09-06 17:55 - 00000273 _____ C:\Windows\system32\d3dx9_11.dll.tmp2015-09-06 17:55 - 2015-09-06 17:55 - 00000273 _____ C:\Users\Все пользователи\fontcacheev1.dat2015-09-06 17:55 - 2015-09-06 17:55 - 00000273 _____ C:\ProgramData\fontcacheev1.dat2015-09-06 17:55 - 2015-09-06 17:55 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Performix LLC2015-09-06 17:24 - 2015-09-10 21:05 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk2015-09-06 17:24 - 2015-09-06 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-09-06 17:24 - 2015-09-06 17:24 - 00000000 ____D C:\Program Files\Common Files\Skype2015-09-05 20:51 - 2015-09-07 20:49 - 00000000 ____D C:\Users\Лида\AppData\Local\tmp73392015-09-05 08:38 - 2015-09-05 08:38 - 00000000 ____D C:\Windows\system32\%Report%2015-09-05 07:52 - 2015-09-07 20:49 - 00000000 ____D C:\Users\Лида\AppData\Local\tmp186892015-09-04 21:58 - 2015-09-14 19:03 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e732e0a10a0e.job2015-09-04 21:58 - 2015-09-14 11:30 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e732e06d9d3e.job2015-09-04 21:58 - 2015-09-07 20:49 - 00000000 ____D C:\Users\Лида\AppData\Local\tmp5852015-09-04 21:57 - 2015-09-04 21:57 - 00929360 _____ (Google Inc.) C:\Users\Лида\Downloads\ChromeSetup.exe2015-09-04 20:51 - 2015-09-04 20:51 - 00000000 ____D C:\Users\Лида\AppData\Local\tmp201082015-09-04 20:16 - 2015-09-04 20:16 - 00262144 _____ C:\Windows\system32\config\elam2015-09-04 20:09 - 2015-09-07 20:15 - 00000000 ____D C:\Users\Все пользователи\Kaspersky Lab2015-09-04 20:09 - 2015-09-07 20:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab2015-09-03 18:58 - 2015-09-04 21:13 - 00000000 ____D C:\Program Files\2dde74c0-a512-4d52-ac32-6c776dd170f42015-09-03 08:34 - 2015-09-07 20:32 - 00000000 ____D C:\Program Files\03000200-1441251257-0500-0006-0007000800092015-09-03 08:33 - 2015-09-07 20:49 - 00000000 ____D C:\Users\Лида\AppData\Local\tmp193592015-09-02 18:15 - 2015-09-02 18:15 - 00000000 ____D C:\ProgramDataIObit2015-09-02 08:06 - 2015-09-02 08:06 - 00000000 ____D C:\Users\Лида\AppData\Local\tmp269492015-09-01 19:35 - 2015-09-01 19:35 - 00000000 ____D C:\Users\Лида\AppData\Local\tmp108812015-08-31 19:01 - 2015-08-31 19:01 - 00000000 ____D C:\Users\Лида\AppData\Local\tmp168802015-08-29 19:40 - 2015-08-29 19:40 - 00001010 _____ C:\Windows\Tasks\KlFj3QUlEHIo0SE7SIjPc.job2015-08-29 19:40 - 2015-08-29 19:40 - 00001002 _____ C:\Windows\Tasks\4zcDGkUqCZDGA75Rm.job2015-08-29 19:34 - 2015-08-29 19:34 - 00001008 _____ C:\Windows\Tasks\dL4ZbPEmSL97xm4b0FiJ.job2015-08-29 19:34 - 2015-08-29 19:34 - 00000996 _____ C:\Windows\Tasks\NZxWIFkKud4Z7x.job2015-08-29 19:33 - 2015-09-10 21:03 - 00000000 ____D C:\Program Files\8488224d-b0b2-4cc0-9c50-35e9e90103322015-08-28 21:15 - 2015-09-07 20:42 - 00000000 ____D C:\Users\Лида\AppData\Local\BC6939A7-9311-4031-9493-83BDD84B33382015-08-28 19:01 - 2015-09-09 17:47 - 00000000 ____D C:\Program Files\Mozilla Firefox2015-08-27 22:00 - 2015-09-07 19:38 - 00000000 ____D C:\Program Files\VideoLAN2015-08-27 21:56 - 2015-08-27 21:56 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2015-08-27 21:56 - 2015-08-27 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR2015-08-27 21:33 - 2015-09-10 21:04 - 00000000 ____D C:\Program Files\onlysearch2015-08-27 21:31 - 2015-08-27 21:46 - 00000000 ____D C:\Users\Лида\AppData\Roaming\cpuminer2015-08-27 21:30 - 2015-08-27 21:30 - 00000000 ____D C:\Users\Все пользователи\App732015-08-27 21:30 - 2015-08-27 21:30 - 00000000 ____D C:\ProgramData\App732015-08-27 21:16 - 2015-08-27 21:16 - 00001020 _____ C:\Windows\Tasks\uPcPs8Mb2URpsEmYz8351Z6DGu.job2015-08-27 20:52 - 2015-09-04 21:00 - 00000000 ____D C:\Program Files\NixSrv2015-08-27 20:52 - 2015-08-27 20:52 - 00000187 _____ C:\Users\Лида\AppData\Local\Singleholding.exe.config2015-08-27 20:40 - 2015-09-08 18:41 - 00000000 ____D C:\Program Files\globalUpdate2015-08-26 20:21 - 2015-08-26 20:21 - 00409552 _____ (YANDEX LLC) C:\Users\Лида\Documents\Yandex (1).exe2015-08-26 19:29 - 2015-09-10 21:03 - 00000000 ____D C:\Program Files\SFK2015-08-26 10:42 - 2015-08-26 10:42 - 00000000 ____D C:\Users\????\AppData\Roaming\Tencent2015-08-25 19:18 - 2015-09-04 20:10 - 00000000 ____D C:\Users\????2015-08-25 18:57 - 2015-08-25 18:50 - 00067896 _____ (????) C:\Windows\system32\TSSK.sys2015-08-25 11:17 - 2015-08-25 11:17 - 00000000 ____D C:\Users\Все пользователи\KingSoft2015-08-25 11:17 - 2015-08-25 11:17 - 00000000 ____D C:\ProgramData\KingSoft2015-08-25 11:06 - 2015-08-26 18:58 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys2015-08-25 11:06 - 2015-08-25 11:06 - 00000000 ____D C:\Windows\system32\UploadCache2015-08-25 11:05 - 2015-09-14 11:30 - 00004695 _____ C:\Windows\setupact.log2015-08-25 11:05 - 2015-09-10 21:16 - 01192268 _____ C:\Windows\PFRO.log2015-08-25 11:05 - 2015-09-10 15:27 - 00407792 _____ C:\Windows\system32\FNTCACHE.DAT2015-08-25 11:05 - 2015-08-25 11:05 - 00000000 _____ C:\Windows\setuperr.log2015-08-25 08:15 - 2015-08-26 19:12 - 00000063 _____ C:\Windows\QMNetworkMgr.ini2015-08-25 08:00 - 2015-08-25 08:00 - 00000000 ____D C:\Users\Все пользователи\TXQMPC2015-08-25 08:00 - 2015-08-25 08:00 - 00000000 ____D C:\ProgramData\TXQMPC2015-08-25 07:59 - 2015-09-04 20:10 - 00000000 ____D C:\Users\??2015-08-25 07:59 - 2015-08-25 07:59 - 00000000 ____D C:\Users\??\AppData\Roaming\Tencent2015-08-25 07:58 - 2015-08-25 21:12 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Tencent2015-08-25 07:58 - 2015-08-25 11:07 - 00000000 ____D C:\Users\Все пользователи\Tencent2015-08-25 07:58 - 2015-08-25 11:07 - 00000000 ____D C:\ProgramData\Tencent2015-08-25 07:58 - 2015-08-25 07:59 - 00000000 ____D C:\Program Files\Common Files\Tencent2015-08-25 07:58 - 2015-08-25 07:58 - 00000000 ____D C:\Program Files\Tencent2015-08-25 07:53 - 2015-08-28 19:29 - 00001085 _____ C:\task.vbs2015-08-25 07:53 - 2015-08-25 11:06 - 00109608 _____ C:\Users\Лида\AppData\Local\GDIPFONTCACHEV1.DAT2015-08-25 07:48 - 2015-08-27 19:45 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Google2015-08-25 07:27 - 2015-09-07 19:32 - 00000000 ____D C:\qycache2015-08-25 07:25 - 2015-09-07 19:45 - 00000000 ____D C:\IQIYI Video2015-08-25 07:25 - 2015-08-25 07:25 - 00000000 ____D C:\Users\Public\QiYi2015-08-25 07:24 - 2015-09-07 20:32 - 00000000 ____D C:\Program Files\baidu2015-08-25 07:24 - 2015-09-06 18:40 - 00000102 _____ C:\Users\Все пользователи\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat2015-08-25 07:24 - 2015-09-06 18:40 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat2015-08-25 07:24 - 2015-08-29 21:22 - 00000000 ____D C:\Users\Все пользователи\update2015-08-25 07:24 - 2015-08-29 21:22 - 00000000 ____D C:\ProgramData\update2015-08-25 07:23 - 2015-08-25 11:16 - 00000000 ____D C:\Users\Лида\AppData\Local\8F15FB71-F28-4052-B59B-6EFDE230DA9B2015-08-24 22:04 - 2015-08-24 22:05 - 00000000 ____D C:\Program Files\Setup pre-release 42015-08-24 21:55 - 2015-09-05 23:35 - 00000000 ____D C:\Users\Лида\AppData\Roaming\ASPackage2015-08-24 21:55 - 2015-08-24 21:55 - 00000000 ____D C:\Users\Лида\AppData\Local\Amigo2015-08-24 21:55 - 2015-08-24 21:55 - 00000000 ____D C:\Program Files\Mail.Ru2015-08-24 21:55 - 2015-08-14 21:25 - 00000026 _____ C:\Windows\system32\Drivers\etc\hp.bak2015-08-24 07:46 - 2015-08-24 08:28 - 37901824 _____ C:\Users\Лида\Documents\Windows.vhd2015-08-24 07:25 - 2015-09-14 18:20 - 01904898 _____ C:\Windows\WindowsUpdate.log2015-08-23 22:20 - 2015-08-23 22:20 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Car Mechanic Simulator 20142015-08-23 22:01 - 2015-08-23 22:01 - 00000000 ___HD C:\$Windows.~WS2015-08-23 21:17 - 2015-08-23 21:17 - 00086016 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll2015-08-23 21:17 - 2015-08-23 21:17 - 00078848 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW73.sys2015-08-23 21:15 - 2015-08-23 21:15 - 39714816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl.dll2015-08-23 21:15 - 2015-08-23 21:15 - 25299968 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atioglxx.dll2015-08-23 21:15 - 2015-08-23 21:15 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl.dll2015-08-23 21:15 - 2015-08-23 21:15 - 19503104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys2015-08-23 21:15 - 2015-08-23 21:15 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd.dll2015-08-23 21:15 - 2015-08-23 21:15 - 05068288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle32.dll2015-08-23 21:15 - 2015-08-23 21:15 - 03471376 _____ C:\Windows\system32\atiumdva.cap2015-08-23 21:15 - 2015-08-23 21:15 - 00833798 _____ C:\Windows\system32\amdicdxx.dat2015-08-23 21:15 - 2015-08-23 21:15 - 00670208 _____ (AMD) C:\Windows\system32\coinst_15.20.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00660912 _____ C:\Windows\system32\atiapfxx.blb2015-08-23 21:15 - 2015-08-23 21:15 - 00532480 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys2015-08-23 21:15 - 2015-08-23 21:15 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe2015-08-23 21:15 - 2015-08-23 21:15 - 00322868 _____ C:\Windows\system32\ativvaxy_vi.dat2015-08-23 21:15 - 2015-08-23 21:15 - 00321200 _____ C:\Windows\system32\ativvaxy_vi_nd.dat2015-08-23 21:15 - 2015-08-23 21:15 - 00268488 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys2015-08-23 21:15 - 2015-08-23 21:15 - 00255808 _____ C:\Windows\system32\ativvaxy_cz_nd.dat2015-08-23 21:15 - 2015-08-23 21:15 - 00250884 _____ C:\Windows\system32\ativvaxy_FJ.dat2015-08-23 21:15 - 2015-08-23 21:15 - 00249088 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat2015-08-23 21:15 - 2015-08-23 21:15 - 00234420 _____ C:\Windows\system32\ativvaxy_cik.dat2015-08-23 21:15 - 2015-08-23 21:15 - 00232752 _____ C:\Windows\system32\ativvaxy_cik_nd.dat2015-08-23 21:15 - 2015-08-23 21:15 - 00203776 _____ C:\Windows\system32\clinfo.exe2015-08-23 21:15 - 2015-08-23 21:15 - 00189952 _____ C:\Windows\system32\amdgfxinfo32.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00169152 _____ C:\Windows\system32\ativce03.dat2015-08-23 21:15 - 2015-08-23 21:15 - 00167456 _____ C:\Windows\system32\amde31a.dat2015-08-23 21:15 - 2015-08-23 21:15 - 00164352 _____ (AMD) C:\Windows\system32\atitmmxx.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00143872 _____ C:\Windows\system32\atieah32.exe2015-08-23 21:15 - 2015-08-23 21:15 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atigktxx.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp32.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle32.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00102400 _____ C:\Windows\system32\hsa-thunk.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00100816 _____ C:\Windows\system32\ativce02.dat2015-08-23 21:15 - 2015-08-23 21:15 - 00100568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave32.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00086528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl32.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu32.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc32.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom32.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00059392 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00047664 _____ C:\Windows\system32\kapp_ci.sbin2015-08-23 21:15 - 2015-08-23 21:15 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00043408 _____ C:\Windows\system32\kapp_si.sbin2015-08-23 21:15 - 2015-08-23 21:15 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll2015-08-23 21:15 - 2015-08-23 21:15 - 00029184 _____ (AMD) C:\Windows\system32\atimuixx.dll2015-08-23 21:09 - 2015-08-23 22:09 - 00000000 ____D C:\IObit2015-08-23 08:09 - 2015-08-23 08:09 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Sniper Ghost Warrior 22015-08-22 21:58 - 2015-08-24 08:06 - 00000000 ____D C:\Users\Лида\AppData\Roaming\WinRAR2015-08-22 20:29 - 2015-08-22 20:29 - 00000000 ____D C:\Users\Лида\AppData\Local\NFS Underground 22015-08-22 07:49 - 2015-08-22 08:24 - 00000000 ____D C:\Users\Лида\AppData\Local\MediaGet22015-08-16 08:39 - 2015-08-16 08:39 - 00406992 _____ (YANDEX LLC) C:\Users\Лида\Documents\Yandex.exe2015-08-16 08:06 - 2015-09-02 20:22 - 00000148 _____ C:\Windows\Reimage.ini ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-14 19:11 - 2014-11-29 21:19 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Skype2015-09-14 11:38 - 2009-07-14 09:34 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-09-14 11:38 - 2009-07-14 09:34 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-09-14 11:30 - 2009-07-14 09:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-09-13 22:15 - 2015-03-29 10:42 - 00065536 _____ C:\Windows\system32\spu_storage.bin2015-09-13 16:41 - 2009-07-14 09:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-09-13 16:28 - 2014-12-01 12:26 - 00000000 ____D C:\Users\Лида\AppData\Local\CrashDumps2015-09-13 08:25 - 2009-07-14 09:53 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT2015-09-10 21:05 - 2015-08-14 21:07 - 00001409 _____ C:\Users\Лида\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-09-10 21:05 - 2015-04-15 12:13 - 00001661 _____ C:\Users\Лида\Desktop\Отчет ФСС 2015 год - Ярлык.lnk2015-09-10 21:05 - 2015-02-14 21:40 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2015-09-10 21:05 - 2015-02-13 12:03 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\МедиаКом IPTV.lnk2015-09-10 21:05 - 2015-02-13 12:03 - 00001980 _____ C:\Users\Public\Desktop\МедиаКом IPTV.lnk2015-09-10 21:05 - 2015-02-13 11:59 - 00001159 _____ C:\Users\Public\Desktop\Проверка сети.lnk2015-09-10 21:05 - 2014-11-22 23:26 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk2015-09-10 21:05 - 2014-11-22 23:26 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk2015-09-10 21:05 - 2014-11-22 20:02 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk2015-09-10 21:05 - 2009-07-14 09:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk2015-09-10 21:05 - 2009-07-14 09:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk2015-09-10 21:05 - 2009-07-14 09:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk2015-09-10 21:05 - 2009-07-14 09:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk2015-09-10 21:05 - 2009-07-14 09:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk2015-09-10 21:04 - 2014-12-01 19:57 - 00000000 ____D C:\Users\Все пользователи\APN2015-09-10 21:04 - 2014-12-01 19:57 - 00000000 ____D C:\ProgramData\APN2015-09-10 21:03 - 2015-01-08 23:44 - 00000000 ____D C:\Users\Лида\AppData\Local\Kometa2015-09-10 21:03 - 2014-11-22 20:02 - 00000000 ____D C:\Program Files\Adobe2015-09-10 17:03 - 2014-11-22 19:41 - 01655454 _____ C:\Windows\system32\PerfStringBackup.INI2015-09-10 17:03 - 2009-08-28 16:36 - 00727016 _____ C:\Windows\system32\perfh019.dat2015-09-10 17:03 - 2009-08-28 16:36 - 00151108 _____ C:\Windows\system32\perfc019.dat2015-09-10 15:48 - 2009-07-14 12:50 - 00000000 ____D C:\Program Files\Windows Journal2015-09-10 15:37 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\Microsoft.NET2015-09-10 15:26 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\system32\ru-RU2015-09-09 22:28 - 2014-11-29 19:09 - 00000000 ____D C:\Users\Все пользователи\Microsoft Help2015-09-09 22:28 - 2014-11-29 19:09 - 00000000 ____D C:\ProgramData\Microsoft Help2015-09-09 18:42 - 2015-02-01 13:04 - 00000000 ____D C:\Users\Лида\Desktop\юбилей мамы2015-09-09 18:11 - 2014-12-01 20:43 - 00001527 _____ C:\Users\Лида\.iBank22015-09-09 09:13 - 2015-03-20 21:07 - 00000000 ____D C:\Users\Все пользователи\ProductData2015-09-09 09:13 - 2015-03-20 21:07 - 00000000 ____D C:\ProgramData\ProductData2015-09-08 20:06 - 2015-08-05 18:27 - 00000000 ____D C:\Users\Лида\Desktop\Новая папка2015-09-08 19:41 - 2014-12-01 19:54 - 00000000 ____D C:\Users\Все пользователи\Oracle2015-09-08 19:41 - 2014-12-01 19:54 - 00000000 ____D C:\ProgramData\Oracle2015-09-08 19:41 - 2014-11-22 19:35 - 00000000 ____D C:\Users\Лида2015-09-08 19:40 - 2015-07-14 19:59 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2015-09-08 19:40 - 2015-07-14 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-09-08 19:40 - 2014-12-01 19:54 - 00000000 ____D C:\Program Files\Java2015-09-08 18:41 - 2015-01-08 23:31 - 00000000 ____D C:\Users\Лида\AppData\Local\Mail.Ru2015-09-08 15:29 - 2014-12-27 21:19 - 00000000 ____D C:\Windows\system32\vbox2015-09-07 20:42 - 2015-03-20 21:13 - 00000000 ____D C:\Users\Лида\AppData\Local\03000200-1426886008-0500-0006-0007000800092015-09-07 20:25 - 2014-11-22 19:39 - 00000000 ____D C:\Users\Лида\AppData\Local\Google2015-09-07 20:19 - 2014-12-27 21:16 - 00000000 ____D C:\Users\Все пользователи\AVAST Software2015-09-07 20:19 - 2014-12-27 21:16 - 00000000 ____D C:\ProgramData\AVAST Software2015-09-07 19:58 - 2014-11-29 21:16 - 00000000 ____D C:\Program Files\Opera2015-09-07 19:37 - 2015-01-04 13:17 - 00000000 ____D C:\Program Files\VS Revo Group2015-09-07 19:35 - 2014-11-22 19:43 - 00000000 ____D C:\Users\Все пользователи\Package Cache2015-09-07 19:35 - 2014-11-22 19:43 - 00000000 ____D C:\ProgramData\Package Cache2015-09-06 17:53 - 2015-03-20 21:09 - 00000000 ____D C:\Users\Лида\AppData\Roaming\03000200-1426867742-0500-0006-0007000800092015-09-06 17:24 - 2014-11-29 21:19 - 00000000 ___RD C:\Program Files\Skype2015-09-06 17:24 - 2014-11-29 21:19 - 00000000 ____D C:\Users\Все пользователи\Skype2015-09-06 17:24 - 2014-11-29 21:19 - 00000000 ____D C:\ProgramData\Skype2015-09-06 17:21 - 2014-11-22 19:39 - 00000000 ____D C:\Program Files\Google2015-09-06 17:12 - 2015-04-19 17:20 - 00000554 _____ C:\Users\Лида\AppData\Roaming\uPcPs8Mb2URpsEmYz8351Z6DGu2015-09-06 17:12 - 2015-04-19 17:20 - 00000554 _____ C:\Users\Лида\AppData\Roaming\dL4ZbPEmSL97xm4b0FiJ2015-09-06 17:12 - 2015-04-19 17:20 - 00000554 _____ C:\Users\Лида\AppData\Roaming\4zcDGkUqCZDGA75Rm2015-09-06 17:12 - 2015-04-19 17:20 - 00000554 _____ C:\Users\Лида\AppData\Roaming\4Ue9NpUtuGc2015-09-06 17:10 - 2015-01-30 17:48 - 00000000 ____D C:\Users\Лида\AppData\Local\Unity2015-09-05 07:36 - 2014-11-22 19:39 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-09-05 07:36 - 2014-11-22 19:39 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-09-04 22:08 - 2015-08-14 21:03 - 00000000 ____D C:\Program Files\Application Assistance2015-09-04 22:00 - 2015-01-29 18:26 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Media Player Classic2015-09-04 21:13 - 2015-08-14 20:56 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Browsers2015-09-04 20:10 - 2009-07-14 07:37 - 00000000 ___RD C:\Users\Public2015-09-02 20:11 - 2014-11-29 21:38 - 00000000 ____D C:\Users\Лида\AppData\Roaming\Yandex2015-08-27 21:56 - 2014-11-29 19:11 - 00000000 ____D C:\Program Files\WinRAR2015-08-27 21:38 - 2009-07-14 07:04 - 00000612 _____ C:\Windows\win.ini2015-08-25 07:36 - 2015-07-30 13:13 - 00000000 ____D C:\Users\Лида\AppData\Roaming\uTorrent2015-08-24 21:54 - 2015-07-30 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moorhuhn Wanted XXL2015-08-23 22:02 - 2014-11-23 10:21 - 00000000 ____D C:\Windows\Panther2015-08-23 21:15 - 2014-11-22 19:44 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll2015-08-23 21:15 - 2013-11-17 09:01 - 10094152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx32.dll2015-08-23 21:15 - 2013-11-17 09:01 - 07929616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdva.dll2015-08-23 21:15 - 2013-11-17 09:01 - 07408936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumdag.dll2015-08-23 21:15 - 2013-11-17 09:01 - 01193904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx32.dll2015-08-23 21:15 - 2013-11-17 09:01 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxpag.dll2015-08-23 21:15 - 2013-11-17 09:01 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9pag.dll2015-08-23 21:15 - 2013-11-17 07:47 - 00543744 _____ (AMD) C:\Windows\system32\atieclxx.exe2015-08-23 21:15 - 2013-11-17 07:46 - 00214528 _____ (AMD) C:\Windows\system32\atiesrxx.exe2015-08-23 21:15 - 2013-11-17 07:14 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll2015-08-23 20:57 - 2015-07-30 20:14 - 00000000 ____D C:\Users\Лида\AppData\Roaming\DAEMON Tools Pro2015-08-23 20:56 - 2014-12-27 09:19 - 00000000 ____D C:\Windows\Minidump2015-08-23 20:47 - 2015-03-20 21:08 - 00000000 ____D C:\Users\Лида\AppData\Roaming\ProductData2015-08-23 20:47 - 2015-01-25 09:28 - 00000000 ____D C:\Program Files\Counter-Strike 1.62015-08-23 20:47 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\system32\wfp2015-08-23 20:47 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\registration2015-08-23 20:47 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\AppCompat2015-08-22 19:31 - 2015-07-07 11:44 - 00000000 ____D C:\Users\Лида\Desktop\видео с камеры2015-08-22 17:16 - 2014-11-29 20:47 - 00000000 ____D C:\Users\Лида\Documents\документы2015-08-22 08:17 - 2014-12-30 22:39 - 00000000 ___HD C:\Windows\msdownld.tmp2015-08-22 08:17 - 2014-12-11 16:04 - 00000000 ____D C:\Windows\system32\directx2015-08-22 07:49 - 2015-02-14 19:27 - 00000000 ____D C:\Users\Все пользователи\Media Get LLC2015-08-22 07:49 - 2015-02-14 19:27 - 00000000 ____D C:\ProgramData\Media Get LLC2015-08-18 10:56 - 2014-11-29 20:48 - 00000000 ____D C:\Users\Лида\Documents\Лидия Васильевна2015-08-18 10:56 - 2014-11-29 20:47 - 00000000 ____D C:\Users\Лида\Documents\омск2015-08-16 16:42 - 2009-07-14 09:53 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU(20).TXT2015-08-16 08:39 - 2014-11-29 21:38 - 00000000 ____D C:\Users\Лида\AppData\Local\Yandex2015-08-16 08:14 - 2014-11-22 19:45 - 00000000 ____D C:\Program Files\AMD ==================== Files in the root of some directories ======= 2015-04-19 17:20 - 2015-09-06 17:12 - 0000554 _____ () C:\Users\Лида\AppData\Roaming\4Ue9NpUtuGc2015-04-19 17:20 - 2015-09-06 17:12 - 0000554 _____ () C:\Users\Лида\AppData\Roaming\4zcDGkUqCZDGA75Rm2015-04-14 21:28 - 2015-04-14 21:28 - 0004387 _____ () C:\Users\Лида\AppData\Roaming\D30TxpaFpHSQ2015-04-19 17:20 - 2015-09-06 17:12 - 0000554 _____ () C:\Users\Лида\AppData\Roaming\dL4ZbPEmSL97xm4b0FiJ2015-04-14 21:28 - 2015-04-14 21:28 - 0004387 _____ () C:\Users\Лида\AppData\Roaming\KlFj3QUlEHIo0SE7SIjPc2015-04-14 21:28 - 2015-04-14 21:28 - 0004387 _____ () C:\Users\Лида\AppData\Roaming\NZxWIFkKud4Z7x2015-04-19 17:20 - 2015-09-06 17:12 - 0000554 _____ () C:\Users\Лида\AppData\Roaming\uPcPs8Mb2URpsEmYz8351Z6DGu2015-08-24 21:54 - 2015-08-24 21:54 - 0148529 _____ () C:\Users\Лида\AppData\Roaming\Играть в War Thunder.ico2015-08-24 21:54 - 2015-08-24 21:54 - 0370070 _____ () C:\Users\Лида\AppData\Roaming\Играть в Войны Престолов.ico2015-01-17 22:51 - 2015-01-17 22:51 - 0000000 ___SH () C:\Users\Лида\AppData\Local\LumaEmu2015-08-27 20:52 - 2015-08-27 20:52 - 0000187 _____ () C:\Users\Лида\AppData\Local\Singleholding.exe.config2015-09-06 17:55 - 2015-09-06 17:55 - 0000273 _____ () C:\ProgramData\fontcacheev1.dat2015-08-25 07:24 - 2015-09-06 18:40 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Some files in TEMP:====================C:\Users\Лида\AppData\Local\Temp\AmigoDistrib.exeC:\Users\Лида\AppData\Local\Temp\Archive_File255319.exeC:\Users\Лида\AppData\Local\Temp\DownPageDll.dllC:\Users\Лида\AppData\Local\Temp\ins.exeC:\Users\Лида\AppData\Local\Temp\Insp.exeC:\Users\Лида\AppData\Local\Temp\install1215124.exeC:\Users\Лида\AppData\Local\Temp\IQIYIsetup_l_huayukeji@kb006.exeC:\Users\Лида\AppData\Local\Temp\kometa_vd.exeC:\Users\Лида\AppData\Local\Temp\nsnB1D3.exeC:\Users\Лида\AppData\Local\Temp\nsqA352.exeC:\Users\Лида\AppData\Local\Temp\nsuA5E.exeC:\Users\Лида\AppData\Local\Temp\nsv4C8B.exeC:\Users\Лида\AppData\Local\Temp\nsvA7B7.exeC:\Users\Лида\AppData\Local\Temp\PCMgr_AndroidServer.exeC:\Users\Лида\AppData\Local\Temp\PCMgr_Setup_10_10_16443_223.exeC:\Users\Лида\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71821_Silence.exeC:\Users\Лида\AppData\Local\Temp\ReimagePackage.exeC:\Users\Лида\AppData\Local\Temp\ReimageRepair.exeC:\Users\Лида\AppData\Local\Temp\rn32.dllC:\Users\Лида\AppData\Local\Temp\rp123.exeC:\Users\Лида\AppData\Local\Temp\sqlite3.dllC:\Users\Лида\AppData\Local\Temp\sqlite3.exeC:\Users\Лида\AppData\Local\Temp\tmp9379.tmp.exeC:\Users\Лида\AppData\Local\Temp\tmpA60E.tmp.exeC:\Users\Лида\AppData\Local\Temp\Uninstall.exeC:\Users\????\AppData\Local\Temp\TempQMDTLSDKSetup20141114(1).exeC:\Users\????\AppData\Local\Temp\TempQMDTLSDKSetup20141114.exeC:\Users\????\AppData\Local\Temp\TempQMSystemSetup_10.10.16443.223_683216754(1).exeC:\Users\????\AppData\Local\Temp\TempQMSystemSetup_10.10.16443.223_683216754.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ „ЁбЇҐвзҐа § Јаг§ЄЁ Windows--------------------Ё¤ҐвЁдЁЄ в®а {bootmgr}device partition=\Device\HarddiskVolume1description Windows Boot Managerlocale ru-RUinherit {globalsettings}default {current}resumeobject {83d7bc1c-72d0-11e4-9ca5-85ff0642419e}displayorder {current}toolsdisplayorder {memdiag}timeout 30 ‡ Јаг§Є Windows-------------------Ё¤ҐвЁдЁЄ в®а {current}device partition=C:path \Windows\system32\winload.exedescription Windows 7locale ru-RUinherit {bootloadersettings}recoverysequence {83d7bc1e-72d0-11e4-9ca5-85ff0642419e}recoveryenabled Yesosdevice partition=C:systemroot \Windowsresumeobject {83d7bc1c-72d0-11e4-9ca5-85ff0642419e}nx OptIn ‡ Јаг§Є Windows-------------------Ё¤ҐвЁдЁЄ в®а {83d7bc1e-72d0-11e4-9ca5-85ff0642419e}device ramdisk=[C:]\Recovery\83d7bc1e-72d0-11e4-9ca5-85ff0642419e\Winre.wim,{83d7bc1f-72d0-11e4-9ca5-85ff0642419e}path \windows\system32\winload.exedescription Windows Recovery Environmentinherit {bootloadersettings}osdevice ramdisk=[C:]\Recovery\83d7bc1e-72d0-11e4-9ca5-85ff0642419e\Winre.wim,{83d7bc1f-72d0-11e4-9ca5-85ff0642419e}systemroot \windowsnx OptInwinpe Yes ‚л室 Ё§ ०Ё¬ ЈЁЎҐа жЁЁ--------------------------Ё¤ҐвЁдЁЄ в®а {83d7bc1c-72d0-11e4-9ca5-85ff0642419e}device partition=C:path \Windows\system32\winresume.exedescription Windows Resume Applicationlocale ru-RUinherit {resumeloadersettings}filedevice partition=C:filepath \hiberfil.syspae Yesdebugoptionenabled No Џа®ўҐаЄ Ї ¬пвЁ Windows---------------------Ё¤ҐвЁдЁЄ в®а {memdiag}device partition=\Device\HarddiskVolume1path \boot\memtest.exedescription „Ё Ј®бвЁЄ Ї ¬пвЁlocale ru-RUinherit {globalsettings}badmemoryaccess Yes Џ а ¬Ґвал EMS-------------Ё¤ҐвЁдЁЄ в®а {emssettings}bootems Yes Џ а ¬Ґвал ®в« ¤зЁЄ -------------------Ё¤ҐвЁдЁЄ в®а {dbgsettings}debugtype Serialdebugport 1baudrate 115200 „ҐдҐЄвл Ћ‡“-----------Ё¤ҐвЁдЁЄ в®а {badmemory} ѓ«®Ў «млҐ Ї а ¬Ґвал--------------------Ё¤ҐвЁдЁЄ в®а {globalsettings}inherit {dbgsettings} {emssettings} {badmemory} Џ а ¬Ґвал § Јаг§зЁЄ --------------------Ё¤ҐвЁдЁЄ в®а {bootloadersettings}inherit {globalsettings} {hypervisorsettings} Џ а ¬Ґвал ЈЁЇҐаўЁ§®а -------------------Ё¤ҐвЁдЁЄ в®а {hypervisorsettings}hypervisordebugtype Serialhypervisordebugport 1hypervisorbaudrate 115200 Џ а ¬Ґвал § Јаг§зЁЄ ў®ббв ®ў«ҐЁп-----------------------------------Ё¤ҐвЁдЁЄ в®а {resumeloadersettings}inherit {globalsettings} Џ а ¬Ґвал гбва®©бвў-------------------Ё¤ҐвЁдЁЄ в®а {83d7bc1f-72d0-11e4-9ca5-85ff0642419e}description Ramdisk Optionsramdisksdidevice partition=C:ramdisksdipath \Recovery\83d7bc1e-72d0-11e4-9ca5-85ff0642419e\boot.sdi LastRegBack: 2015-08-24 20:49 ==================== End of FRST.txt ============================ Сообщение от модератора "Mark D. Pearlstone" Отчёты нужно прикреплять в виде текстовых файлов. Убрано под спойлер. Цитата Ссылка на сообщение Поделиться на другие сайты
thyrex 1 473 Опубликовано 14 сентября, 2015 Share Опубликовано 14 сентября, 2015 Разбираться в этой каше я не стану. Сказано было прикрепить отчеты к сообщению, так и нужно их прикрепить. Если не удается это сделать, заархивируйте и прикрепите. Переделывайте 1 Цитата Ссылка на сообщение Поделиться на другие сайты
shtaf1987 0 Опубликовано 15 сентября, 2015 Автор Share Опубликовано 15 сентября, 2015 да я бы с радостью!!!!!!!!!! как их прикрепить? Цитата Ссылка на сообщение Поделиться на другие сайты
thyrex 1 473 Опубликовано 15 сентября, 2015 Share Опубликовано 15 сентября, 2015 Другие логи как-то же прикрепляли Цитата Ссылка на сообщение Поделиться на другие сайты
shtaf1987 0 Опубликовано 15 сентября, 2015 Автор Share Опубликовано 15 сентября, 2015 через создание новой темы! но строгий модератор пожелал, чтоб я больше так не делал!!!!!!! Цитата Ссылка на сообщение Поделиться на другие сайты
thyrex 1 473 Опубликовано 15 сентября, 2015 Share Опубликовано 15 сентября, 2015 Через кнопку Расширенная форма Цитата Ссылка на сообщение Поделиться на другие сайты
shtaf1987 0 Опубликовано 18 сентября, 2015 Автор Share Опубликовано 18 сентября, 2015 вон оно что)))))) Addition.txt FRST.txt Цитата Ссылка на сообщение Поделиться на другие сайты
Рекомендуемые сообщения
Присоединяйтесь к обсуждению
Вы можете написать сейчас и зарегистрироваться позже. Если у вас есть аккаунт, авторизуйтесь, чтобы опубликовать от имени своего аккаунта.