- This topic has 20 ответов, 2 участника, and was last updated 8 years, 8 months назад by
.
-
Сообщения
-
Вчера возникла проблема — при запуске игры Neverwinter или видео на ютубе начали выскакивать сообщения и блокировать сайты и игру. Выскакивает реклама и страничка с якобы починкой системы. Сканировал каспером — он ничего не видит. Внизу прикреплен скан из HijackThis.
Здравствуйте, Добро пожаловать на Spyware-ru форум.
Выполните сканирование компьютера программой FRST.
Скачайте программу FRST с этой страницы.
Запустите её. Ничего не меняйте в настройках, просто нажмите кнопку Scan.Когда сканирование будет завершено откроется блокнот с первым отчетом (frst.txt) вставьте его содержимое в ваш ответ. Чуть позже откроется второй отчёт Addition.txt.
Второй отчёт просто присоедините к вашему сообщению используя вкладку Добавить вложения.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Юра (administrator) on ЮРА-ПК (08-03-2016 10:44:25)
Running from C:UsersЮраDesktop
Loaded Profiles: Юра (Available Profiles: Юра)
Platform: Microsoft Windows 7 Максимальная Service Pack 1 (X86) Language: Русский (Россия)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forums/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(NVIDIA Corporation) C:Program FilesNVIDIA Corporation3D VisionnvSCPAPISvr.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(Innova Co S.a r.l.) C:Program Files4game3.5.8.1804game-service.exe
(Kaspersky Lab ZAO) C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0avp.exe
(Microsoft Corporation) C:Program FilesMicrosoft Office 15ClientX86officeclicktorun.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNetServiceNvNetworkService.exe
(Pandora.TV) C:Program FilesPANDORA.TVPanServiceKMPService.exe
(PandoraTV) C:Program FilesPANDORA.TVPanServiceKMPProcess.exe
(Kaspersky Lab ZAO) C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0avpui.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvtray.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationUpdate CoreNvBackend.exe
(BioWare) D:OldGAMESStar Wars-The Old Republiclauncher.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKUS-1-5-21-2060737710-1981992819-119070258-1000…MountPoints2: G — G:setup.exe
HKUS-1-5-21-2060737710-1981992819-119070258-1000…MountPoints2: {d414f997-050c-11e3-a5d6-001cc079f9a0} — F:setup.exe
HKUS-1-5-21-2060737710-1981992819-119070258-1000…MountPoints2: {d414f9b0-050c-11e3-a5d6-001cc079f9a0} — H:setup.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
CHR HKUS-1-5-21-2060737710-1981992819-119070258-1000SOFTWAREPoliciesGoogle: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) TcpipParameters: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{2819289A-8805-4D65-9465-A3277B00F999}: [DhcpNameServer] 192.168.0.1Internet Explorer:
==================
HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <======= ATTENTION
HKUS-1-5-21-2060737710-1981992819-119070258-1000SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
HKUS-1-5-21-2060737710-1981992819-119070258-1000SoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
URLSearchHook: [S-1-5-21-2060737710-1981992819-119070258-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> DefaultScope {0DBC05A7-B305-443E-AD9D-11984F226399} URL = hxxp://search.eshield.com/serp?guid={37D7589A-53CB-473B-8401-CE7EED431741}&action=default_search&k={searchTerms}
SearchScopes: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> {0DBC05A7-B305-443E-AD9D-11984F226399} URL = hxxp://search.eshield.com/serp?guid={37D7589A-53CB-473B-8401-CE7EED431741}&action=default_search&k={searchTerms}
SearchScopes: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> {96C61647-90DD-4B4C-A20D-8159B39342FA} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft Office 15rootOffice15OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtContentBlockerie_content_blocker_plugin.dll [2014-12-14] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll [2014-12-19] (Kaspersky Lab ZAO)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:OldGAMESArcPluginsArcPluginIE.dll [2016-02-24] (Perfect World Entertainment Inc)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtOnlineBankingonline_banking_bho.dll [2014-12-14] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program FilesMicrosoft Office 15rootOffice15URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtUrlAdvisorklwtbbho.dll [2014-12-14] (Kaspersky Lab ZAO)
Toolbar: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> No Name — {4B4D5056-3700-A76A-76A7-7A786E7484D7} — No File
Toolbar: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> No Name — {1C4D6E93-BFFF-496C-887D-FD3223999279} — No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf — {D924BDC6-C83A-4BD5-90D0-095128A113D1} — C:Program FilesMicrosoft Office 15rootOffice15MSOSB.DLL [2015-06-06] (Microsoft Corporation)
Handler: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:Program FilesCommon FilesSkypeSkype4COM.dll [2014-05-02] (Skype Technologies)FireFox:
========
FF ProfilePath: C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.default
FF Keyword.URL: hxxp://search.eshield.com/serp?guid={37D7589A-53CB-473B-8401-CE7EED431741}&action=default_search&k=
FF DefaultSearchEngine: eShield Safe Web
FF Homepage: hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
FF NewTab: hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
FF Plugin: @4game.com/plugin -> C:Program Files4game3.5.8.180npplugin4game.dll [2015-12-25] (Innova Co S.a r.l.)
FF Plugin: @adobe.com/FlashPlayer -> D:OldGAMESArcpluginsNPSWF32.dll [2016-02-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft Office 15rootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:PROGRA~1MICROS~3Office14NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft Office 15rootOffice15NPSPWRAP.DLL [2015-06-06] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:Program FilesNVIDIA Corporation3D Visionnpnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:Program FilesNVIDIA Corporation3D Visionnpnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:OldGAMESArcPluginsnpArcPluginFF.dll [2016-02-24] (Perfect World Entertainment Inc)
FF Plugin: @raidcall.en/RCplugin -> C:UsersЮраAppDataRoamingraidcallpluginsnprcplugin.dll [2014-03-04] (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:Program FilesGoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:Program FilesGoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin: Adobe Reader -> C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKUS-1-5-21-2060737710-1981992819-119070258-1000: @mail.ru/GameCenter -> C:UsersЮраAppDataLocalMail.RuGameCenterNPDetector.dll [2015-12-21] (LLC Mail.Ru)
FF user.js: detected! => C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultuser.js [2015-12-18]
FF Extension: eShield — C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultExtensionstoolbar11467@eshield.com.xpi [2015-12-18] [not signed]
FF HKLM…FirefoxExtensions: [url_advisor@kaspersky.com] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExturl_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExturl_advisor@kaspersky.com [2014-12-19] [not signed]
FF HKLM…FirefoxExtensions: [virtual_keyboard@kaspersky.com] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtvirtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtvirtual_keyboard@kaspersky.com [2014-12-19] [not signed]
FF HKLM…FirefoxExtensions: [content_blocker@kaspersky.com] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtcontent_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtcontent_blocker@kaspersky.com [2014-12-19] [not signed]Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn10
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:UsersЮраAppDataLocalGoogleChromeUser DataDefault
CHR Extension: (Google Презентации) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2016-03-07]
CHR Extension: (Документы Google) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2016-03-07]
CHR Extension: (Диск Google) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2016-03-07]
CHR Extension: (Kaspersky Protection) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsblbkdnmdcafmfhinpmnlhhddbepgkeaa [2016-03-07]
CHR Extension: (YouTube) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-07]
CHR Extension: (Модуль проверки ссылок) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsdchlnpcodkpfdpacogkljefecpegganj [2016-03-07]
CHR Extension: (eShield) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsdkmjljdbbgogihjcapfhgkonfmccbffp [2016-03-07]
CHR Extension: (Google Таблицы) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2016-03-07]
CHR Extension: (Google Документы офлайн) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-07]
CHR Extension: (Модуль блокирования опасных веб-сайтов) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionshghkgaeecgjhjkannahfamoehjmkjail [2016-03-07]
CHR Extension: (Mail.Ru) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsilamgbdaebkbpkkmfmmfbnaamkhijdek [2016-03-07]
CHR Extension: (Платежная система Интернет-магазина Chrome) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2016-03-07]
CHR Extension: (Домашняя страница Mail.Ru) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsofdgafmdegfkhfdfkmllfefmcmcjllec [2016-03-07]
CHR Extension: (Gmail) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2016-03-07]
CHR Extension: (Визуальные Закладки Mail.Ru) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionspnooffjhclkocplopffdbcdghmiffhji [2016-03-07]
CHR HKLM…ChromeExtension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] — hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM…ChromeExtension: [dchlnpcodkpfdpacogkljefecpegganj] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0ChromeExturladvisor.crx [2013-10-11]
CHR HKLM…ChromeExtension: [dkmjljdbbgogihjcapfhgkonfmccbffp] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [hghkgaeecgjhjkannahfamoehjmkjail] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0ChromeExtcontent_blocker_chrome.crx [2013-10-11]
CHR HKLM…ChromeExtension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [jagncdcchgajhfhijbbhecadmaiegcmh] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0ChromeExtvirtkbd.crx [2014-12-19]
CHR HKLM…ChromeExtension: [mfmjpfoggikolkfilofbpgcnhdcgahib] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [pfjgibhmcgncmjhdodpaolfbjpjjajal] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [pgaidlfgjkmeendhknafahppllbniejm] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [pnooffjhclkocplopffdbcdghmiffhji] — hxxps://clients2.google.com/service/update2/crxOpera:
=======
OPR StartupUrls: «hxxp://mail.ru/cnt/10445»
OPR Session Restore: -> is enabled.==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 4game-service; C:Program Files4game3.5.8.1804game-service.exe [1561312 2015-12-25] (Innova Co S.a r.l.)
S3 appdrvrem01; C:WindowsSystem32appdrvrem01.exe [316816 2014-08-21] (Protection Technology)
S3 ArcService; D:OldGAMESArcArcService.exe [88024 2016-02-24] (Perfect World Entertainment Inc)
R2 AVP; C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0avp.exe [214512 2013-10-11] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:Program FilesMicrosoft Office 15ClientX86OfficeClickToRun.exe [1904368 2016-01-20] (Microsoft Corporation)
S3 defragsvc; C:WindowsSystem32defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт)
S3 GfExperienceService; C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe [921208 2015-08-27] (NVIDIA Corporation)
R2 NvNetworkService; C:Program FilesNVIDIA CorporationNetServiceNvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
S3 NvStreamSvc; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe [4305016 2015-08-27] (NVIDIA Corporation)
R2 PanService; C:Program FilesPANDORA.TVPanServiceKMPService.exe [1922600 2013-07-08] (Pandora.TV)
S2 pr2ajtsc; C:Windowssystem32pr2ajtsc.exe [411000 2008-03-07] (1C: Multimedia)
R2 WinDefend; C:Program FilesWindows Defendermpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:WindowsSystem32wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 appdrv01; C:WindowsSystem32Driversappdrv01.sys [3110512 2014-08-21] (Protection Technology)
S3 hamachi; C:WindowsSystem32DRIVERShamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 inpout32; C:WindowsSystem32Driversinpout32.sys [11936 2016-02-03] (Highresolution Enterprises [www.highrez.co.uk])
R1 ISODrive; C:Program FilesUltraISOdriversISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R0 kl1; C:WindowsSystem32DRIVERSkl1.sys [135776 2014-12-14] (Kaspersky Lab ZAO)
S4 klflt; C:WindowsSystem32DRIVERSklflt.sys [94304 2014-12-14] (Kaspersky Lab ZAO)
R1 KLIF; C:WindowsSystem32DRIVERSklif.sys [576608 2014-12-14] (Kaspersky Lab ZAO)
R1 KLIM6; C:WindowsSystem32DRIVERSklim6.sys [25696 2013-10-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:WindowsSystem32DRIVERSklkbdflt.sys [25184 2014-12-14] (Kaspersky Lab ZAO)
R3 klmouflt; C:WindowsSystem32DRIVERSklmouflt.sys [25696 2013-10-11] (Kaspersky Lab ZAO)
R1 klpd; C:WindowsSystem32DRIVERSklpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:WindowsSystem32DRIVERSkltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:WindowsSystem32DRIVERSkneps.sys [144992 2014-12-14] (Kaspersky Lab ZAO)
R0 mountmgr; C:WindowsSystem32driversmountmgr.sys [78208 2010-11-20] (Корпорация Майкрософт)
S3 NvStreamKms; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamKms.sys [18552 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:WindowsSystem32driversnvvad32v.sys [44840 2015-08-11] (NVIDIA Corporation)
R0 pe3ajtsc; C:WindowsSystem32driverspe3ajtsc.sys [64640 2008-03-07] (1C: Multimedia)
R3 phaudlwr; C:WindowsSystem32DRIVERSphaudlwr.sys [89648 2009-10-20] (Philips Applied Technologies)
R0 ps7ajtsc; C:WindowsSystem32driversps7ajtsc.sys [68744 2008-03-07] (1C: Multimedia)
S1 qutmipc; C:Windowssystem32driversqutmipc.sys [53960 2015-09-06] (360.cn)
R3 SPC520; C:WindowsSystem32driversSPC520.sys [483328 2007-10-01] (Philips )
R3 SPC520m; C:WindowsSystem32driversSPC520m.sys [7680 2007-10-01] (Philips )
S3 ssudserd; C:WindowsSystem32DRIVERSssudserd.sys [182680 2013-08-20] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
R0 volmgrx; C:WindowsSystem32driversvolmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт)
S3 BRDriver_1_3_3_E02B25FC; ??C:ProgramDataBitRaidersupport1.3.3E02B25FCBRDriver.sys [X]
S3 cpuz134; ??C:Users6EDA~1AppDataLocalTempcpuz134cpuz134_x32.sys [X]
S3 EagleXNt; ??C:Windowssystem32driversEagleXNt.sys [X]
S3 npkcrypt; ??D:OldGAMESЛ2 Интераsystemnpkcrypt.sys [X]
S3 npkcusb; ??D:OldGAMESЛ2 Интераsystemnpkcusb.sys [X]
S3 Synth3dVsc; System32driverssynth3dvsc.sys [X]
S3 tsusbhub; system32driverstsusbhub.sys [X]
S3 VGPU; System32driversrdvgkmd.sys [X]==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-08 10:44 — 2016-03-08 10:44 — 00020800 _____ C:UsersЮраDesktopFRST.txt
2016-03-08 10:44 — 2016-03-08 10:44 — 00000000 ____D C:FRST
2016-03-08 10:43 — 2016-03-08 10:43 — 01725440 _____ (Farbar) C:UsersЮраDesktopFRST.exe
2016-03-07 19:30 — 2016-03-07 19:35 — 00000000 ____D C:UsersВсе пользователиBitRaider
2016-03-07 19:30 — 2016-03-07 19:35 — 00000000 ____D C:ProgramDataBitRaider
2016-03-07 19:30 — 2016-03-07 19:30 — 00000000 ____D C:Usersް܁ppData
2016-03-07 19:14 — 2016-03-07 19:18 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsPerfect World Entertainment
2016-03-07 19:14 — 2016-03-07 19:16 — 00000000 ____D C:UsersЮраAppDataRoamingArc
2016-03-07 19:13 — 2016-03-07 19:13 — 00999096 _____ (Perfect World Entertainment) C:UsersЮраDownloadsNeverwinter_ArcSetup.exe
2016-03-07 19:13 — 2016-03-07 19:13 — 00000000 ____D C:UsersЮраDownloadsLog
2016-03-07 19:13 — 2016-02-05 20:43 — 10478336 _____ (Perfect World Entertainment) C:UsersЮраDownloadsArcInstall_NW_20151009a.exe
2016-03-07 19:08 — 2016-03-07 19:08 — 00002214 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2016-03-07 19:08 — 2016-03-07 19:08 — 00002202 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2016-03-07 19:07 — 2016-03-08 10:12 — 00000950 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job
2016-03-07 19:07 — 2016-03-07 19:12 — 00000946 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job
2016-03-07 18:20 — 2016-03-07 18:20 — 00000000 ____D C:UsersЮраDownloadsbackups
2016-03-07 17:42 — 2016-03-07 17:42 — 00388608 _____ (Trend Micro Inc.) C:UsersЮраDownloadsHijackThis.exe
2016-03-07 17:06 — 2016-03-07 17:06 — 00987728 _____ (Google Inc.) C:UsersЮраDownloadsChromeSetup.exe
2016-03-07 10:24 — 2016-03-07 10:24 — 00000970 _____ C:UsersЮраDesktopUltraISO.lnk
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:UsersЮраDocumentsMy ISO Files
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsUltraISO
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:Program FilesUltraISO
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:Program FilesCommon FilesEZB Systems
2016-03-07 03:49 — 2016-03-07 10:38 — 00000958 _____ C:WindowsTasksAdobe Flash Player PPAPI Notifier.job
2016-03-07 03:49 — 2016-03-07 10:38 — 00000896 _____ C:WindowsTasksAdobe Flash Player Updater.job
2016-03-07 03:47 — 2016-03-07 04:00 — 00112640 _____ C:UsersЮраAppDataLocalGDIPFONTCACHEV1.DAT
2016-03-07 03:46 — 2016-03-07 03:46 — 00001410 _____ C:UsersЮраAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk
2016-03-07 02:33 — 2016-03-07 02:35 — 00000140 _____ C:WindowsReimage.ini
2016-03-06 22:27 — 2016-03-07 10:38 — 00440560 _____ C:Windowssystem32FNTCACHE.DAT
2016-03-06 12:17 — 2016-03-06 12:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-19a3-0
2016-03-06 12:17 — 2016-03-06 12:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-0ea3-1
2016-03-06 12:17 — 2016-03-06 12:17 — 00000000 ____D C:ProgramData811b4c8b-19a3-0
2016-03-06 12:17 — 2016-03-06 12:17 — 00000000 ____D C:ProgramData811b4c8b-0ea3-1
2016-03-06 06:17 — 2016-03-06 06:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-7515-0
2016-03-06 06:17 — 2016-03-06 06:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-1a87-1
2016-03-06 06:17 — 2016-03-06 06:17 — 00000000 ____D C:ProgramData811b4c8b-7515-0
2016-03-06 06:17 — 2016-03-06 06:17 — 00000000 ____D C:ProgramData811b4c8b-1a87-1
2016-03-06 00:17 — 2016-03-06 00:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-2941-0
2016-03-06 00:17 — 2016-03-06 00:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-0403-1
2016-03-06 00:17 — 2016-03-06 00:17 — 00000000 ____D C:ProgramData811b4c8b-2941-0
2016-03-06 00:17 — 2016-03-06 00:17 — 00000000 ____D C:ProgramData811b4c8b-0403-1
2016-03-05 18:17 — 2016-03-05 18:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-6827-0
2016-03-05 18:17 — 2016-03-05 18:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-4c13-1
2016-03-05 18:17 — 2016-03-05 18:17 — 00000000 ____D C:ProgramData811b4c8b-6827-0
2016-03-05 18:17 — 2016-03-05 18:17 — 00000000 ____D C:ProgramData811b4c8b-4c13-1
2016-03-05 06:17 — 2016-03-05 06:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-5b93-1
2016-03-05 06:17 — 2016-03-05 06:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-1c63-0
2016-03-05 06:17 — 2016-03-05 06:17 — 00000000 ____D C:ProgramData811b4c8b-5b93-1
2016-03-05 06:17 — 2016-03-05 06:17 — 00000000 ____D C:ProgramData811b4c8b-1c63-0
2016-03-05 00:17 — 2016-03-05 00:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-7c67-0
2016-03-05 00:17 — 2016-03-05 00:17 — 00000000 ____D C:UsersВсе пользователи811b4c8b-1035-1
2016-03-05 00:17 — 2016-03-05 00:17 — 00000000 ____D C:ProgramData811b4c8b-7c67-0
2016-03-05 00:17 — 2016-03-05 00:17 — 00000000 ____D C:ProgramData811b4c8b-1035-1
2016-02-20 15:39 — 2016-02-20 15:39 — 00000000 ____D C:UsersЮраAppDataRoamingAC3Filter
2016-02-20 14:19 — 2016-02-20 14:19 — 00000000 ____D C:UsersЮраDocumentsCriterion Games
2016-02-20 13:39 — 2016-02-20 13:39 — 00000000 ___HD C:Program FilesCommon FilesEAInstaller
2016-02-20 12:27 — 2016-03-06 22:39 — 00000000 ____D C:UsersВсе пользователиElectronic Arts
2016-02-20 12:27 — 2016-03-06 22:39 — 00000000 ____D C:ProgramDataElectronic Arts
2016-02-19 18:17 — 2016-03-04 23:08 — 00000000 ____D C:UsersВсе пользователи811b4c8b-0a11-0
2016-02-19 18:17 — 2016-03-04 23:08 — 00000000 ____D C:ProgramData811b4c8b-0a11-0
2016-02-19 18:12 — 2016-03-06 22:19 — 00000000 ____D C:UsersВсе пользователиcfa54b68
2016-02-19 18:12 — 2016-03-06 22:19 — 00000000 ____D C:ProgramDatacfa54b68
2016-02-19 18:12 — 2016-03-04 23:08 — 00000000 ____D C:UsersВсе пользователи811b4c8b-40f1-0
2016-02-19 18:12 — 2016-03-04 23:08 — 00000000 ____D C:ProgramData811b4c8b-40f1-0
2016-02-19 18:12 — 2016-02-19 18:12 — 00000000 ____D C:UsersВсе пользователи{319c6ae5-112c-0}
2016-02-19 18:12 — 2016-02-19 18:12 — 00000000 ____D C:UsersВсе пользователи{008c7bcb-012c-1}
2016-02-19 18:12 — 2016-02-19 18:12 — 00000000 ____D C:ProgramData{319c6ae5-112c-0}
2016-02-19 18:12 — 2016-02-19 18:12 — 00000000 ____D C:ProgramData{008c7bcb-012c-1}
2016-02-14 09:04 — 2015-11-12 11:50 — 00027040 ____H (LogMeIn, Inc.) C:Windowssystem32hamachi.sys
2016-02-14 09:03 — 2016-02-18 14:48 — 00000000 ____D C:UsersЮраAppDataLocalLogMeIn Hamachi
2016-02-14 09:03 — 2016-02-14 09:03 — 00000000 ____D C:UsersЮраAppDataLocalLogMeIn
2016-02-14 09:03 — 2016-02-14 09:03 — 00000000 ____D C:UsersВсе пользователиLogMeIn
2016-02-14 09:03 — 2016-02-14 09:03 — 00000000 ____D C:ProgramDataLogMeIn
2016-02-14 00:25 — 2016-02-14 00:25 — 00000000 ____D C:UsersЮраAppDataRoamingEurekaLog
2016-02-14 00:25 — 2016-02-14 00:25 — 00000000 _____ C:Windowssystem32Access.dat
2016-02-14 00:23 — 2015-12-21 17:01 — 00043568 _____ (Tunngle.net) C:Windowssystem32Driverstap0901t.sys
2016-02-14 00:12 — 2016-02-20 12:28 — 00000000 ____D C:UsersЮраAppDataRoamingOrigin
2016-02-14 00:11 — 2016-03-06 22:39 — 00000000 ____D C:UsersВсе пользователиOrigin
2016-02-14 00:11 — 2016-03-06 22:39 — 00000000 ____D C:ProgramDataOrigin
2016-02-13 20:15 — 2016-02-13 20:16 — 00000000 ____D C:UsersЮраDocumentsNFS Most Wanted
2016-02-13 20:12 — 2016-02-13 20:12 — 00000000 ____D C:UsersЮраAppDataRoamingNeed for Speed — Most Wanted
2016-02-13 20:12 — 2016-02-13 20:12 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsR.G. Mechanics
2016-02-13 12:49 — 2016-02-13 18:56 — 00000000 ____D C:UsersЮраDesktopМаша==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-07 22:55 — 2014-02-22 20:51 — 00000000 ____D C:UsersЮраAppDataRoamingMumble
2016-03-07 20:24 — 2013-08-14 18:59 — 00000000 ____D C:UsersЮраAppDataRoamingAIMP3
2016-03-07 19:39 — 2009-07-14 04:37 — 00000000 ____D C:Windowsinf
2016-03-07 19:18 — 2013-08-14 19:45 — 00000000 ___RD C:UsersЮраDesktopИгры
2016-03-07 19:14 — 2014-04-09 15:02 — 00000000 ___HD C:Program FilesInstallShield Installation Information
2016-03-07 19:08 — 2013-08-14 18:52 — 00000000 ____D C:UsersЮраAppDataLocalGoogle
2016-03-07 19:07 — 2014-05-07 13:54 — 00000000 ____D C:Program FilesGoogle
2016-03-07 18:55 — 2013-08-14 19:59 — 00000000 ____D C:UsersВсе пользователиKaspersky Lab
2016-03-07 18:55 — 2013-08-14 19:59 — 00000000 ____D C:ProgramDataKaspersky Lab
2016-03-07 18:46 — 2009-07-14 06:34 — 00026256 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-07 18:46 — 2009-07-14 06:34 — 00026256 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-07 18:39 — 2013-08-14 18:29 — 00000000 ____D C:UsersВсе пользователиNVIDIA
2016-03-07 18:39 — 2013-08-14 18:29 — 00000000 ____D C:ProgramDataNVIDIA
2016-03-07 18:39 — 2009-07-14 06:53 — 00000006 ____H C:WindowsTasksSA.DAT
2016-03-07 17:01 — 2014-07-01 15:27 — 00000000 ____D C:Program FilesSteam
2016-03-07 17:01 — 2013-08-14 18:54 — 00000000 ____D C:UsersЮраAppDataRoaminguTorrent
2016-03-07 16:52 — 2013-08-14 18:32 — 00000000 ____D C:UsersЮраAppDataLocalOpera Software
2016-03-07 16:52 — 2013-08-14 18:32 — 00000000 ____D C:Program FilesOpera
2016-03-07 14:59 — 2013-09-07 22:09 — 00000000 ____D C:UsersЮраAppDataLocalElevatedDiagnostics
2016-03-07 03:49 — 2014-08-20 12:34 — 00000000 ____D C:UsersЮраAppDataLocalAdobe
2016-03-07 03:49 — 2013-08-14 19:28 — 00796864 _____ (Adobe Systems Incorporated) C:Windowssystem32FlashPlayerApp.exe
2016-03-07 03:49 — 2013-08-14 19:28 — 00142528 _____ (Adobe Systems Incorporated) C:Windowssystem32FlashPlayerCPLApp.cpl
2016-03-07 03:47 — 2015-12-18 21:45 — 00000000 ____D C:UsersВсе пользователиsimplitec
2016-03-07 03:47 — 2015-12-18 21:45 — 00000000 ____D C:ProgramDatasimplitec
2016-03-07 00:22 — 2015-12-18 21:43 — 00000000 ____D C:Program FilesSearch Extensions
2016-03-06 22:43 — 2014-11-12 16:28 — 00000000 ____D C:Program Files360
2016-03-06 22:35 — 2009-07-14 06:52 — 00000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsGames
2016-03-06 22:17 — 2013-08-14 18:51 — 00000000 ____D C:UsersЮраAppDataRoamingSkype
2016-03-06 21:35 — 2015-09-09 11:10 — 00000000 ____D C:Program FilesCommon FilesAV
2016-03-05 17:38 — 2015-06-03 22:17 — 00000000 ____D C:UsersЮраAppDataLocalBattle.net
2016-03-04 14:12 — 2015-12-28 20:37 — 00000133 _____ C:UsersЮраDesktopцитаты.txt
2016-03-04 13:49 — 2013-08-14 18:51 — 00000000 ____D C:UsersВсе пользователиSkype
2016-03-04 13:49 — 2013-08-14 18:51 — 00000000 ____D C:ProgramDataSkype
2016-03-02 08:16 — 2015-06-03 22:17 — 00000000 ____D C:UsersЮраAppDataRoamingBattle.net
2016-03-02 08:16 — 2015-06-03 22:15 — 00000000 ____D C:UsersВсе пользователиBattle.net
2016-03-02 08:16 — 2015-06-03 22:15 — 00000000 ____D C:ProgramDataBattle.net
2016-02-27 13:20 — 2009-07-14 04:37 — 00000000 ____D C:Windowssystem32NDF
2016-02-23 04:50 — 2015-06-06 14:33 — 00000000 ____D C:UsersВсе пользователиregid.1991-06.com.microsoft
2016-02-23 04:50 — 2015-06-06 14:33 — 00000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2016-02-23 04:50 — 2013-08-25 23:10 — 00000000 ____D C:UsersВсе пользователиMicrosoft Help
2016-02-23 04:48 — 2015-06-06 14:31 — 00000000 ____D C:Program FilesMicrosoft Office 15
2016-02-20 15:36 — 2013-08-14 19:16 — 00000000 ____D C:UsersЮраAppDataRoamingMicrosoftWindowsStart MenuProgramsGames
2016-02-19 18:12 — 2015-12-18 21:43 — 00000000 ____D C:UsersВсе пользователи102d5787-6bd3-0
2016-02-19 18:12 — 2015-12-18 21:43 — 00000000 ____D C:UsersВсе пользователи102d5787-4813-1
2016-02-19 18:12 — 2015-12-18 21:43 — 00000000 ____D C:ProgramData102d5787-6bd3-0
2016-02-19 18:12 — 2015-12-18 21:43 — 00000000 ____D C:ProgramData102d5787-4813-1
2016-02-18 14:48 — 2014-11-12 17:46 — 00000000 __SHD C:UsersВсе пользователи360Quarant
2016-02-18 14:48 — 2014-11-12 17:46 — 00000000 __SHD C:ProgramData360Quarant
2016-02-18 14:48 — 2014-11-12 16:45 — 00000000 __SHD C:$360Section
2016-02-18 10:56 — 2013-08-14 23:47 — 00000000 ____D C:UsersЮраAppDataLocalMail.Ru
2016-02-15 08:15 — 2014-11-12 16:41 — 00000000 ____D C:WindowsTasks360Disabled
2016-02-14 09:36 — 2015-11-19 17:56 — 00000000 ____D C:UsersЮраAppDataRoamingTunngle
2016-02-14 00:11 — 2014-02-23 23:15 — 00000000 ____D C:UsersВсе пользователиPackage Cache
2016-02-14 00:11 — 2014-02-23 23:15 — 00000000 ____D C:ProgramDataPackage Cache
2016-02-13 12:53 — 2013-08-14 18:28 — 01648658 _____ C:Windowssystem32PerfStringBackup.INI
2016-02-13 12:53 — 2009-07-14 10:41 — 00724852 _____ C:Windowssystem32perfh019.dat
2016-02-13 12:53 — 2009-07-14 10:41 — 00149680 _____ C:Windowssystem32perfc019.dat==================== Files in the root of some directories =======
2014-08-12 22:01 — 2014-08-12 22:01 — 0000040 _____ () C:Program Files{AACE8122-B27D-421C-A5BB-95060941AFD7}.sys
2013-12-19 00:52 — 2015-03-24 02:52 — 0000107 _____ () C:UsersЮраAppDataRoamingWB.CFG
2014-02-23 23:19 — 2014-02-23 23:19 — 0000000 ___SH () C:UsersЮраAppDataLocalLumaEmu
2015-07-08 11:48 — 2015-07-08 11:48 — 0000017 _____ () C:UsersЮраAppDataLocalresmon.resmoncfgSome files in TEMP:
====================
C:UsersЮраAppDataLocalTempBRSVC_1589306_hlp.exe
C:UsersЮраAppDataLocalTempICReinstall_FlashVideoPlayer.exe
C:UsersЮраAppDataLocalTempReimagePackage.exe==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:Windowsexplorer.exe => File is digitally signed
C:Windowssystem32winlogon.exe => File is digitally signed
C:Windowssystem32wininit.exe => File is digitally signed
C:Windowssystem32svchost.exe => File is digitally signed
C:Windowssystem32services.exe => File is digitally signed
C:Windowssystem32User32.dll => File is digitally signed
C:Windowssystem32userinit.exe => File is digitally signed
C:Windowssystem32rpcss.dll => File is digitally signed
C:Windowssystem32dnsapi.dll => File is digitally signed
C:Windowssystem32Driversvolsnap.sys => File is digitally signedLastRegBack: 2016-03-07 14:52
==================== End of FRST.txt ============================
Второй документ добавить нельзя, т.к. превышен размер. Отправлю его содержимое вторым сообщением.
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Юра (2016-03-08 10:45:07)
Running from C:UsersЮраDesktop
Microsoft Windows 7 Максимальная Service Pack 1 (X86) (2013-08-14 16:23:26)
Boot Mode: Normal
============================================================================== Accounts: =============================
HomeGroupUser$ (S-1-5-21-2060737710-1981992819-119070258-1002 — Limited — Enabled)
Администратор (S-1-5-21-2060737710-1981992819-119070258-500 — Administrator — Disabled)
Гость (S-1-5-21-2060737710-1981992819-119070258-501 — Limited — Disabled)
Юра (S-1-5-21-2060737710-1981992819-119070258-1000 — Administrator — Enabled) => C:UsersЮра==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Enabled — Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Enabled — Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled — Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================
(Only the adware programs with «Hidden» flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKUS-1-5-21-2060737710-1981992819-119070258-1000…uTorrent) (Version: 3.4.5.41865 — BitTorrent Inc.)
4game (HKLM…4game) (Version: 3.5.8.180 — Innova Systems)
Adobe Flash Player 15 ActiveX (HKLM…Adobe Flash Player ActiveX) (Version: 15.0.0.223 — Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM…Adobe Flash Player PPAPI) (Version: 20.0.0.306 — Adobe Systems Incorporated)
Adobe Flash Player Packages (HKUS-1-5-21-2060737710-1981992819-119070258-1000…Adobe Flash Player Packages) (Version: — ) <==== ATTENTION
Adobe Reader XI (11.0.12) (HKLM…{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 — Adobe Systems Incorporated)
AIMP3 (HKLM…AIMP3) (Version: v3.55.1355, 14.07.2014 — AIMP DevTeam)
AppCloudUpdater (HKUS-1-5-21-2060737710-1981992819-119070258-1000…AppCloudUpdater) (Version: — AppCloudUpdater) <==== ATTENTION
Arc (HKLM…{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 — Perfect World Entertainment)
Battle.net (HKLM…Battle.net) (Version: — Blizzard Entertainment)
BitRaider Streaming Client (HKLM…BitRaider Streaming Client) (Version: 1.3.3.4098 — BitRaider, LLC)
CCleaner (HKLM…CCleaner) (Version: 4.14 — Piriform)
Command and Conquer 3: Tiberium Wars 1.09 (HKLM…{706670F2-E5C6-449A-9C3E-BBCB24885B1C}_is1) (Version: — )
Dota 2 (HKLM…Steam App 570) (Version: — Valve)
FastStone Image Viewer 4.8 (HKLM…FastStone Image Viewer) (Version: 4.8 — FastStone Soft)
Fraps (remove only) (HKLM…Fraps) (Version: — )
GameSpy Comrade (HKLM…{894084B6-BC69-43B7-BF06-B93AECFEA520}) (Version: 2.1.1.214 — GameSpy)
Google Chrome (HKLM…Google Chrome) (Version: 49.0.2623.75 — Google Inc.)
Google Update Helper (Version: 1.3.25.5 — Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 — Google Inc.) Hidden
Heroes of the Storm (HKLM…Heroes of the Storm) (Version: — Blizzard Entertainment)
Jove’s Mod Pack Extended 0.9.13, версия 24.5 от 10.01.2016 (HKLM…{B0F4B9B2-D252-44B6-B6C4-464809AA675B}_is1) (Version: 24.5 от 10.01.2016 — )
Kaspersky Anti-Virus (HKLM…InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 — Лаборатория Касперского)
Kaspersky Anti-Virus (Version: 14.0.0.4651 — Лаборатория Касперского) Hidden
KMP Media Toolbar (HKLM…{4B4D5056-3700-A76A-76A7-A758B70C1002}) (Version: 12.16.2.1960 — APN, LLC)
KMP Service (HKLM…4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: — KMP) <==== ATTENTION
Lineage 2 — Gracia Epilogue (HKLM…Lineage 2 — Gracia Epilogue_is1) (Version: — )
LineageII (HKLM…4game_lineage2) (Version: — Innova Systems)
Microsoft .NET Framework 4 Client Profile (HKLM…Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 — Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM…Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 — Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM…{90140000-008B-0000-0000-0000000FF1CE}_Office14.SMALLBUSBASICS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: — Microsoft)
Microsoft Office 365 ProPlus — ru-ru (HKLM…O365ProPlusRetail — ru-ru) (Version: 15.0.4797.1003 — Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Russian) (HKLM…{95120000-00AF-0419-0000-0000000FF1CE}) (Version: 12.0.4518.1022 — Microsoft Corporation)
Microsoft Office для малого бизнеса 2010 (HKLM…Office14.SMALLBUSBASICS) (Version: 14.0.6029.1000 — Microsoft Corporation)
Microsoft Silverlight (HKLM…{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x86 8.0.61001 (HKLM…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.6161 (HKLM…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable — x86 10.0.40219 (HKLM…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.61030 (HKLM…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.61030 (HKLM…{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 — Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) — 12.0.30501 (HKLM…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 — Microsoft Corporation)
Mount & Blade — Warband [1.168] | RePack by TRiOLD -l- (HKLM…Mount & Blade — Warband_is1) (Version: — )
MPEG Video Wizard DVD 5.0.0.110 (10/2010) (HKLM…{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1) (Version: 5.0.0.110 — Womble Multimedia, Inc.)
MPEG Video Wizard DVD 5.0.0.110 (10/2010) (HKLM…Mpeg Video Wizard DVD 5.0) (Version: 5.0.0.110 (10/2010) — Womble Multimedia, Inc.)
Mumble 1.2.5 (HKLM…{3B38D201-CED3-44D1-8E50-2A8DEB1368DD}) (Version: 1.2.5 — Thorvald Natvig)
Need for Speed — Most Wanted (HKLM…Need for Speed — Most Wanted_R.G. Mechanics_is1) (Version: — R.G. Mechanics, markfiter)
NVIDIA GeForce Experience 2.5.14.5 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 — NVIDIA Corporation)
NVIDIA Графический драйвер 341.92 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 — NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 341.92 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 — NVIDIA Corporation)
NVIDIA Драйвер контроллера 3D Vision 340.50 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 — NVIDIA Corporation)
NVIDIA Системное программное обеспечение PhysX 9.13.1220 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 — NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4797.1003 — Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 — Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4797.1003 — Microsoft Corporation) Hidden
Philips SPC520NC Webcam (HKLM…{C3B312B7-7158-4E01-9B65-21FE18ADEFA9}) (Version: 1.00.0000 — Philips)
PointBlank (HKLM…4game_pointblank) (Version: — Innova Systems)
S.T.A.L.K.E.R. — Зов Припяти [v1.6.00] (HKLM…{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1) (Version: 1.6.00 — GSC World Publishing)
S.T.A.L.K.E.R. [v1.0004] (HKLM…S.T.A.L.K.E.R._is1) (Version: 1.0004 — GSC World Publishing)
S.T.A.L.K.E.R.: Lost Alpha version 1.3.0 (HKLM…S.T.A.L.K.E.R.: Lost Alpha_is1) (Version: 1.3.0 — dezowave)
SHIELD Streaming (Version: 4.1.3000 — NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 — NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM…{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 — Skype Technologies S.A.)
Star Wars The Old Republic (HKLM…swtor_swtor) (Version: — Bioware/EA)
Star Wars: The Old Republic (HKLM…{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 — Electronic Arts, Inc.)
Steam (HKLM…Steam) (Version: — Valve Corporation)
TeamSpeak 3 Client (HKLM…TeamSpeak 3 Client) (Version: 3.0.13 — TeamSpeak Systems GmbH)
Total Commander 8.01 PowerPack (HKLM…Total Commander) (Version: — )
UltraISO Premium V9.51 (HKLM…UltraISO_is1) (Version: — )
ViewSonic Windows 7 x64 Signed Files (HKLM…{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: — )
Warface (HKUS-1-5-21-2060737710-1981992819-119070258-1000…Warface) (Version: 1.129 — Mail.Ru)
WinRAR 5.01 (32-bit) (HKLM…WinRAR archiver) (Version: 5.01.0 — win.rar GmbH)
World of Tanks (HKLM…{1EAC1D02-C6AC-4FA6-9A44-96258C37C812RU}_is1) (Version: — Wargaming.net)
Xvid Video Codec (HKLM…Xvid Video Codec 1.3.2) (Version: 1.3.3 — Xvid Team)
Ассистент II (HKLM…AssistII) (Version: 1.2 — Intellized Software Ltd.)
Игровой центр (HKUS-1-5-21-2060737710-1981992819-119070258-1000…GameCenterMailRu) (Version: 3.1156 — ООО «Мэйл.Ру Геймз»)
Обновления NVIDIA 2.5.14.5 (Version: 2.5.14.5 — NVIDIA Corporation) Hidden
Панель управления NVIDIA 341.92 (Version: 341.92 — NVIDIA Corporation) Hidden
С.Т.А.Л.К.Е.Р. — Чистое Небо (HKLM…С.Т.А.Л.К.Е.Р. — Чистое Небо_is1) (Version: 1.0000 — GSC World Publishing)
Языковой пакет клиентского профиля Microsoft.NET Framework 4 — RUS (HKLM…Microsoft .NET Framework 4 Client Profile RUS Language Pack) (Version: 4.0.30319 — Корпорация Майкрософт)
Языковой пакет расширенной версии Microsoft.NET Framework 4 — RUS (HKLM…Microsoft .NET Framework 4 Extended RUS Language Pack) (Version: 4.0.30319 — Корпорация Майкрософт)==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-2060737710-1981992819-119070258-1000_ClassesCLSID{5A8FF410-F3CE-4844-B31B-F18D911239E8}InprocServer32 -> C:UsersЮраAppDataLocalMail.RuGameCenterNPDetector.dll (LLC Mail.Ru)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {32616139-BB3B-4C7F-9992-C94D5C06A227} — LaunchSignup -> No File <==== ATTENTION
Task: {3614AC3A-B47B-412C-BCC2-0ACC08583561} — System32TasksGoogleUpdateTaskMachineUA => C:Program FilesGoogleUpdateGoogleUpdate.exe [2016-03-07] (Google Inc.)
Task: {38DC7708-E93F-4ABF-8ED2-061590140CA4} — System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack => C:Program FilesMicrosoft Office 15rootOffice15msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {3B30B817-277D-42CB-8A49-730334E18181} — {1B529BFC-1D99-E5B5-8A4C-1B8135CE3F2A} -> No File <==== ATTENTION
Task: {4A971106-D7F0-46DF-BE2D-C4EB868D9713} — System32TasksMicrosoftOfficeOffice Automatic Updates => C:Program FilesMicrosoft Office 15ClientX86OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {592204E7-1E9C-4B21-A333-E462012896BD} — System32TasksAdobe Acrobat Update Task => C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {60AC28E6-51DF-4BED-B27E-59CB8B68D27D} — System32Tasks{87353A8F-EEA9-4D04-8358-070D76A9FA89} => pcalua.exe -a «D:OldGAMESHellgate Londonunins000.exe»
Task: {637D95A9-1436-473F-B2E6-D2BC39EE3042} — RocketTab -> No File <==== ATTENTION
Task: {64BA7930-D80D-40EC-B51C-E52A2960B717} — {090E0547-7D05-0F0A-0411-05040B081105} -> No File <==== ATTENTION
Task: {6764B663-3EFB-4238-9D76-58ED82F74B05} — MicrosoftWindowsWindows Activation TechnologiesValidationTaskDeadline -> No File <==== ATTENTION
Task: {6EFCA284-C823-4E73-BE2E-15FA9D34C6D6} — nethost task -> No File <==== ATTENTION
Task: {6EFCF6B0-100C-40EC-AA3A-E74D9FD66813} — System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn => C:Program FilesMicrosoft Office 15rootOffice15msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {72E92829-9453-4318-A9F3-0F1F4902C239} — System32TasksGoogleUpdateTaskMachineCore => C:Program FilesGoogleUpdateGoogleUpdate.exe [2016-03-07] (Google Inc.)
Task: {7DE2E4DD-50C8-4378-8A16-1D14D7798250} — System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesMicrosoft Office 15ClientX86OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {8E952465-93D4-4548-8020-789221279BD5} — System32Taskssimplitec Power Suite (Tray) => C:Program FilessimplitecKMPFasterServiceProvider.exe
Task: {9CFABEDB-49FD-4E00-A7CD-A988383B911F} — System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {A0557040-6056-4158-859C-B69B909D478A} — MicrosoftWindowsWindows Activation TechnologiesValidationTask -> No File <==== ATTENTION
Task: {AF520B83-944E-4491-ACB4-1ABC39C07C1B} — Dealply -> No File <==== ATTENTION
Task: {BED92BC2-3E7E-440F-865F-393B893518C8} — System32TasksQtraxPlayer => 2397307950.portal.qtrax.com
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} — System32TasksMicrosoftWindowsApplication ExperienceAitAgent => C:Windowssystem32aitagent.exe [2010-11-20] (Корпорация Майкрософт (Microsoft Corp.))
Task: {DD91D809-1A66-495F-817B-755F6ED02614} — System32Tasks{1BCF900F-550C-428F-8A7D-F017F5EAAB93} => c:program filesoperalauncher.exe
Task: {DE665A1F-B7C8-457A-82F1-A0258851C9D8} — System32TasksAdobe Flash Player PPAPI Notifier => C:Windowssystem32MacromedFlashFlashUtil32_20_0_0_306_pepper.exe [2016-03-07] (Adobe Systems Incorporated)
Task: {E2284E9A-917D-48C1-86D0-D8B6889CBDD4} — System32Tasks{E123A4FC-9FF5-4D39-8ED9-C05E8E06FAD6} => D:OldGAMESS.T.A.L.K.E.R. — Зов ПрипятиbinxrEngine.exe [2010-02-06] (GSC Game World)
Task: {E549F1E3-35AB-4A80-88D6-75D1119B3518} — newSI_4396 -> No File <==== ATTENTION
Task: {F17FADB8-C513-4EFC-AC14-917E8C96DC4F} — System32Tasksadobe flash player updater => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2016-03-07] (Adobe Systems Incorporated)
Task: {F22EA721-3461-4F82-87F6-8236EE710B51} — System32TasksMicrosoftOfficeOffice Subscription Maintenance => C:Program FilesMicrosoft Office 15rootvfsProgramFilesCommonx86Microsoft SharedOFFICE15OLicenseHeartbeat.exe [2016-02-23] (Microsoft Corporation)
Task: {F65FDFF7-027C-47DF-888A-A469B127D13B} — {BC3FC698-7E6C-4520-AE1E-8A7C6E8B76C7} -> No File <==== ATTENTION
Task: {FB9979AD-D9B3-4CF9-B7E2-92496BE87BA3} — System32TasksDSite => C:Users6EDA~1AppDataRoamingDSiteUPDATE~1UPDATE~1.EXE <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:WindowsTasksAdobe Flash Player PPAPI Notifier.job => C:Windowssystem32MacromedFlashFlashUtil32_20_0_0_306_pepper.exe
Task: C:WindowsTasksAdobe Flash Player Updater.job => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
Task: C:WindowsTasksGoogleUpdateTaskMachineCore.job => C:Program FilesGoogleUpdateGoogleUpdate.exe
Task: C:WindowsTasksGoogleUpdateTaskMachineUA.job => C:Program FilesGoogleUpdateGoogleUpdate.exe==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:UsersЮраDesktopИгрыStаr Wаrs — Thе Оld Rерubliс.lnk -> D:OldGAMESStar Wars-The Old Republiclauncher.bat ()
Shortcut: C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle ChromeGооglе Сhrоmе.lnk -> C:Program FilesGoogleChromechrome.bat ()ShortcutWithArgument: C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarGооglе Сhrоmе.lnk -> C:WindowsSystem32cmd.exe (Microsoft Corporation) -> /C «c:program filesgooglechromechrome.bat»
ShortcutWithArgument: C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarОреrа.lnk -> C:WindowsSystem32cmd.exe (Microsoft Corporation) -> /C «c:program filesoperalauncher.bat»==================== Loaded Modules (Whitelisted) ==============
2013-08-14 18:29 — 2015-10-13 18:47 — 00113840 _____ () C:Program FilesNVIDIA CorporationDisplayNvSmartMax.dll
2015-10-20 10:17 — 2015-10-20 10:17 — 00242176 _____ () C:Program Files4game3.5.8.180PocoUtil.dll
2015-10-20 10:18 — 2015-10-20 10:18 — 00714240 _____ () C:Program Files4game3.5.8.180PocoNet.dll
2015-10-20 10:16 — 2015-10-20 10:16 — 00394240 _____ () C:Program Files4game3.5.8.180PocoXML.dll
2013-06-17 12:35 — 2013-06-17 12:35 — 00478400 _____ () C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0dblite.dll
2013-05-08 14:52 — 2013-05-08 14:52 — 01270464 _____ () C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0kpcengine.2.3.dll
2015-06-06 14:31 — 2015-10-13 02:43 — 00080040 _____ () C:Program FilesMicrosoft Office 15ClientX86ApiClient.dll
2013-08-14 18:55 — 2012-10-22 10:21 — 01277952 _____ () C:Program FilesPANDORA.TVPanServiceavformat-53.dll
2013-08-14 18:55 — 2012-07-09 16:57 — 02090496 _____ () C:Program FilesPANDORA.TVPanServiceavcodec-53.dll
2013-08-14 18:55 — 2011-12-06 15:19 — 00133632 _____ () C:Program FilesPANDORA.TVPanServiceavutil-51.dll
2013-08-14 18:55 — 2012-03-23 09:07 — 00224768 _____ () C:Program FilesPANDORA.TVPanServicelibupnp.dll
2015-08-19 19:35 — 2015-08-27 02:37 — 00011896 _____ () C:Program FilesNVIDIA CorporationUpdate Coredetoured.dll
2014-01-31 23:22 — 2014-01-31 23:22 — 00134576 _____ () D:OldGAMESmumblemumble_ol.dll
2015-03-29 20:38 — 2015-12-10 18:11 — 20458752 _____ () d:OldGAMESStar Wars-The Old Republiclibcef.dll
2015-03-29 20:38 — 2015-12-10 18:09 — 01100560 _____ () d:OldGAMESStar Wars-The Old Republicavcodec-53.dll
2015-03-29 20:38 — 2015-12-10 18:10 — 00123664 _____ () d:OldGAMESStar Wars-The Old Republicavutil-51.dll
2015-03-29 20:38 — 2015-12-10 18:10 — 00190224 _____ () d:OldGAMESStar Wars-The Old Republicavformat-53.dll
2016-03-07 19:08 — 2016-03-02 06:47 — 01675928 _____ () C:Program FilesGoogleChromeApplication49.0.2623.75libglesv2.dll
2016-03-07 19:08 — 2016-03-02 06:47 — 00086168 _____ () C:Program FilesGoogleChromeApplication49.0.2623.75libegl.dll
2016-03-07 19:08 — 2016-03-02 06:47 — 16808600 _____ () C:Program FilesGoogleChromeApplication49.0.2623.75PepperFlashpepflashplayer.dll==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The «AlternateShell» value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 — 2014-09-10 22:24 — 00000147 ____A C:Windowssystem32Driversetchosts
127.0.0.1 localhost
::1 localhost==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKUS-1-5-21-2060737710-1981992819-119070258-1000Control PanelDesktop\Wallpaper -> C:UsersЮраAppDataRoamingFastStoneFSIVFSViewerWallPaper.bmp
DNS Servers: 192.168.0.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIGstartupreg: DAEMON Tools Ultra Agent => «C:Program FilesDAEMON Tools UltraDTAgent.exe» -autorun
MSCONFIGstartupreg: GameCenterMailRu => «C:UsersЮраAppDataLocalMail.RuGameCenterGameCenter@Mail.Ru.exe» -autostart
MSCONFIGstartupreg: MailRuUpdater => C:UsersЮраAppDataLocalMailRuMailRuUpdater.exe
MSCONFIGstartupreg: NvBackend => «C:Program FilesNVIDIA CorporationUpdate CoreNvBackend.exe»
MSCONFIGstartupreg: ShadowPlay => C:Windowssystem32rundll32.exe C:Windowssystem32nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIGstartupreg: uTorrent => «C:UsersЮраAppDataRoaminguTorrentuTorrent.exe» /MINIMIZED==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1772360A-9CEC-4647-ACF0-435E75F3BD85}] => (Allow) C:Program FilesSkypePhoneSkype.exe
FirewallRules: [{44F2F6F4-6223-4E91-B8DC-B1462EDB5A35}] => (Allow) C:UsersЮраAppDataRoaminguTorrentuTorrent.exe
FirewallRules: [{BD133E9E-DA31-4949-9F0D-5CEA4FD983FE}] => (Allow) C:UsersЮраAppDataRoaminguTorrentuTorrent.exe
FirewallRules: [TCP Query User{5F0F1D45-7483-46D0-BD3B-A528201E6777}D:oldgameswotwotlauncher.exe] => (Allow) D:oldgameswotwotlauncher.exe
FirewallRules: [UDP Query User{7DB34485-8121-4D04-AD65-AA586799F42C}D:oldgameswotwotlauncher.exe] => (Allow) D:oldgameswotwotlauncher.exe
FirewallRules: [TCP Query User{EB79892E-1CDF-443C-A2FF-DE71CC86025D}D:oldgameswotworldoftanks.exe] => (Allow) D:oldgameswotworldoftanks.exe
FirewallRules: [UDP Query User{7B98D220-9BB2-43AC-9ABF-24DCD8A0D268}D:oldgameswotworldoftanks.exe] => (Allow) D:oldgameswotworldoftanks.exe
FirewallRules: [{CE8F322C-BD18-43A5-BC8B-6193C26C6C4F}] => (Allow) D:OldGAMESS.T.A.L.K.E.RbinXR_3DA.exe
FirewallRules: [{348DA8D1-691A-4121-BB40-905FD572974F}] => (Allow) D:OldGAMESS.T.A.L.K.E.RbinXR_3DA.exe
FirewallRules: [{BF908696-2CFE-427B-9920-F7D3E5CE734B}] => (Allow) D:OldGAMESS.T.A.L.K.E.RbindedicatedXR_3DA.exe
FirewallRules: [{11850CDD-A506-4657-B2D2-2FA6184EF455}] => (Allow) D:OldGAMESS.T.A.L.K.E.RbindedicatedXR_3DA.exe
FirewallRules: [{A39D26AA-2B20-49C2-886B-D48557A08D8F}] => (Allow) LPort=80
FirewallRules: [{213312B4-E7F3-4374-9750-308D9A5C6801}] => (Allow) LPort=443
FirewallRules: [{7337EBFA-E7E9-47D4-BF8C-6FB70862A6A1}] => (Allow) LPort=20010
FirewallRules: [{B795008D-961C-465C-B673-15F3C19BC8AE}] => (Allow) LPort=3478
FirewallRules: [{D7959262-A0E3-4EEC-9067-7149673BDF26}] => (Allow) LPort=7850
FirewallRules: [{52396DC1-5F6F-40B5-81E4-091C9820C0FE}] => (Allow) LPort=27022
FirewallRules: [{E1FB60DD-841C-4865-B163-011ACA18F2D8}] => (Allow) LPort=6881
FirewallRules: [{BB37AA97-6E24-459B-B6E1-4AB1CC88E7BE}] => (Allow) LPort=33333
FirewallRules: [{F3B64B56-AC75-49F4-9695-D6A161E06B17}] => (Allow) LPort=20443
FirewallRules: [{B9E2FB8B-54EF-4947-B104-C3B51D76FC47}] => (Allow) LPort=8090
FirewallRules: [{FC81A9F8-289B-429B-8E7C-0A8FC7C47E10}] => (Allow) C:WindowsMicrosoft.NETFrameworkv4.0.30319SMSvcHost.exe
FirewallRules: [{072E5EFA-5BB7-467E-AA2C-29443F082D81}] => (Allow) C:Program FilesNVIDIA CorporationNetServiceNvNetworkService.exe
FirewallRules: [{C6842AAE-D0DD-4C13-9095-4BD913CB5ABC}] => (Allow) C:Program FilesNVIDIA CorporationNetServiceNvNetworkService.exe
FirewallRules: [{E16911B8-2F77-4294-9D03-5D89F706256A}] => (Allow) C:UsersЮраAppDataRoaminguTorrentuTorrent.exe
FirewallRules: [{8BE38FFB-66F7-4629-A774-62C8DC88DF52}] => (Allow) C:UsersЮраAppDataRoaminguTorrentuTorrent.exe
FirewallRules: [{BFE76C14-57F8-4D8F-B3E5-8C11B0CBFE5A}] => (Allow) C:Program FilesSteamSteam.exe
FirewallRules: [{E236E922-384E-4A89-9FC1-2CAA82C06AD7}] => (Allow) C:Program FilesSteamSteam.exe
FirewallRules: [{8A933710-B3D6-4102-AF69-D707886AF541}] => (Allow) C:Program FilesSteambinsteamwebhelper.exe
FirewallRules: [{43B9173A-90BA-4E32-8699-B256881A0948}] => (Allow) C:Program FilesSteambinsteamwebhelper.exe
FirewallRules: [{1474FE40-8174-4FA4-A379-EE9E0B306EF2}] => (Allow) D:OldGAMESС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe
FirewallRules: [{79373CFD-987B-460B-9A67-715444BF1F44}] => (Allow) D:OldGAMESС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe
FirewallRules: [{EA738FD9-B7F8-4DCD-BB1E-8F9B4D665CEA}] => (Allow) D:OldGAMESС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe
FirewallRules: [{3520A5E6-3D4B-4E7C-961A-11D2AC935B5C}] => (Allow) D:OldGAMESС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe
FirewallRules: [{A0D5E14D-AAE8-4462-A86C-763DB3F30493}] => (Allow) D:OldGAMESStar Wars-The Old Republiclauncher.exe
FirewallRules: [{1854A6B6-6B91-4E13-AE97-22803B8E2A25}] => (Allow) D:OldGAMESStar Wars-The Old Republiclauncher.exe
FirewallRules: [{DCA7E6C5-D8F7-449F-B5F7-52347A3C974B}] => (Allow) D:OldGAMESStar Wars-The Old Republiclauncher.exe
FirewallRules: [{DD77B126-C485-473E-8A5B-80855683B70E}] => (Allow) D:OldGAMESStar Wars-The Old Republiclauncher.exe
FirewallRules: [{9DA46A95-7F6A-49F3-98C6-4707937F2F5C}] => (Allow) D:OldGAMESS.T.A.L.K.E.R. — Зов ПрипятиbinxrEngine.exe
FirewallRules: [{52296BD5-6C3C-473D-9228-986EDDFABDED}] => (Allow) D:OldGAMESS.T.A.L.K.E.R. — Зов ПрипятиbinxrEngine.exe
FirewallRules: [{254ACCDD-1914-4F37-857C-70B93761A8A3}] => (Allow) D:OldGAMESS.T.A.L.K.E.R. — Зов ПрипятиbindedicatedxrEngine.exe
FirewallRules: [{26C10028-C00A-47BA-A262-8D6F21BFCCF9}] => (Allow) D:OldGAMESS.T.A.L.K.E.R. — Зов ПрипятиbindedicatedxrEngine.exe
FirewallRules: [{5E66F231-F413-42C3-92E8-DCAEFC96DED8}] => (Allow) D:OldGAMESBattle.netBattle.net.exe
FirewallRules: [{CD8E5244-7658-427A-97C0-AEC23C46B65C}] => (Allow) D:OldGAMESBattle.netBattle.net.exe
FirewallRules: [{16C444B0-65B9-418B-AB3A-81CCC2013A58}] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15outlook.exe
FirewallRules: [{57240F46-E06D-4971-BBA4-E58907538B4F}] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15Lync.exe
FirewallRules: [{CEFF2905-CCDB-4AA2-95C7-54C7D8F22521}] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15UcMapi.exe
FirewallRules: [{B0F3761A-EC2A-4FFF-87D2-C44A791D9B41}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe
FirewallRules: [{D97F20FE-B732-4A2F-A4D6-A2D88FC51DC5}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe
FirewallRules: [{8C76C62D-A052-489C-8F9D-9EFC596C4668}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamUserAgent.exe
FirewallRules: [{64D58DAA-E8B6-430B-BEDA-52E6CFD06269}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe
FirewallRules: [{BF0FC037-C2F7-4506-A7BF-C1491948793F}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe
FirewallRules: [{12B8619E-5FF3-4ED6-85D8-91B00C13B639}] => (Allow) D:OldGAMESCommand & Conquer 3 Tiberium WarsRetailExe1.9cnc3game.dat
FirewallRules: [{DE58A5A3-8353-4C1B-AD05-A53FB46469C4}] => (Allow) D:OldGAMESDota 2 SteamSteamAppscommondota 2 betagamebinwin32dota2.exe
FirewallRules: [{40CA8E7F-BD4E-462F-9F26-AC05E7DE8B29}] => (Allow) D:OldGAMESDota 2 SteamSteamAppscommondota 2 betagamebinwin32dota2.exe
FirewallRules: [{FD009F82-865E-4A32-983A-D16C59DB2C2C}] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15Lync.exe
FirewallRules: [{000F65DA-5535-4D1D-97FF-EF6D0D235006}] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15UcMapi.exe
FirewallRules: [{6EAA9D58-F4B7-4912-96A8-7D665236C058}] => (Allow) C:UsersЮраAppDataLocalMail.RuGameCenterGameCenter@Mail.Ru.exe
FirewallRules: [{0B502F38-99F2-42FC-A098-3B374A9E6F04}] => (Allow) C:UsersЮраAppDataLocalMail.RuGameCenterGameCenter@Mail.Ru.exe
FirewallRules: [{31862ECB-DEBE-4807-9B68-BA3A9B1AE323}] => (Allow) D:OldGAMES4gamePointBlankPointBlank.exe
FirewallRules: [{89CBB350-31BF-4621-BBE7-E626989EB51C}] => (Allow) D:OldGAMES4gamePointBlankPointBlank.exe
FirewallRules: [TCP Query User{AE1B5F53-C138-4867-AB55-C2088BACA397}D:oldgamesneed for speed — most wantedspeed.exe] => (Allow) D:oldgamesneed for speed — most wantedspeed.exe
FirewallRules: [UDP Query User{21C9C3C4-E49D-422E-B023-B988863C83D9}D:oldgamesneed for speed — most wantedspeed.exe] => (Allow) D:oldgamesneed for speed — most wantedspeed.exe
FirewallRules: [{DCA494F2-B32F-48A8-96B2-536DA0F743E6}] => (Allow) C:Program FilesPANDORA.TVPanServiceKMPProcess.exe
FirewallRules: [{3CECD703-DD74-4600-AB17-4712FCD578EC}] => (Allow) C:Program FilesPANDORA.TVPanServiceKMPProcess.exe
FirewallRules: [TCP Query User{65E8A07B-6FDF-4DA3-B011-952DC73622B1}D:oldgamesneed for speed — most wantedspeed.exe] => (Allow) D:oldgamesneed for speed — most wantedspeed.exe
FirewallRules: [UDP Query User{17C153F2-96DD-4E42-AD5B-6D30E1551420}D:oldgamesneed for speed — most wantedspeed.exe] => (Allow) D:oldgamesneed for speed — most wantedspeed.exe
FirewallRules: [{CC8FB11F-2903-4392-B1DB-C3429CAA60E3}] => (Allow) LPort=49170
FirewallRules: [{42DC9AC8-1F19-42D0-A236-05E39BE32128}] => (Allow) LPort=5000
FirewallRules: [{1EB2E0F1-B88C-4621-9EBA-267BB554F087}] => (Allow) C:Program FilesPANDORA.TVPanServiceKMPProcess.exe
FirewallRules: [{4821E17B-12EE-4570-BEF8-F8F24BE8F111}] => (Allow) C:Program FilesPANDORA.TVPanServiceKMPProcess.exe
FirewallRules: [{31055783-8BF5-4B44-9D6F-3118680B1926}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe==================== Restore Points =========================
07-03-2016 02:20:32 Операция восстановления
07-03-2016 19:14:21 Установлена Arc==================== Faulty Device Manager Devices =============
Name: PCI-контроллер Simple Communications
Description: PCI-контроллер Simple Communications
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click «Update Driver», which starts the Hardware Update wizard.Name: Microsoft PS/2 мышь
Description: Microsoft PS/2 мышь
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.Name: Мультимедиа контроллер
Description: Мультимедиа контроллер
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click «Update Driver», which starts the Hardware Update wizard.Name: qutmipc
Description: qutmipc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: qutmipc
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.Name: Стандартная клавиатура PS/2
Description: Стандартная клавиатура PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Стандартные клавиатуры)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.Name: Teredo Tunneling Pseudo-Interface
Description: Туннельный адаптер Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click «Update Driver» to update the drivers for this device.
On the «General Properties» tab of the device, click «Troubleshoot» to start the troubleshooting wizard.==================== Event log errors: =========================
Application errors:
==================
Error: (03/07/2016 07:14:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Сбой служб шифрования в ходе обработки вызова OnIdentity() в объекте «Системный модуль записи».Details:
AddWin32ServiceFiles: Unable to back up image of service BitRaider Mini-Support Service Stub Loader since QueryServiceConfig API failedSystem Error:
Не удается найти указанный файл.
.Error: (03/07/2016 04:57:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Программа Explorer.EXE версии 6.1.7601.17567 прекратила взаимодействие с Windows и была закрыта. Чтобы узнать, имеются ли дополнительные сведения о проблеме, проверьте историю проблемы в Центре поддержки в панели управления.ИД процесса: 744
Время запуска: 01d1784cae12586c
Время завершения: 33846
Путь приложения: C:WindowsExplorer.EXE
ИД отчета: d7e9f818-e474-11e5-86f6-0026b91ef55f
Error: (03/07/2016 04:29:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Программа mspaint.exe версии 6.1.7600.16385 прекратила взаимодействие с Windows и была закрыта. Чтобы узнать, имеются ли дополнительные сведения о проблеме, проверьте историю проблемы в Центре поддержки в панели управления.ИД процесса: 1b6c
Время запуска: 01d1787d91acf50b
Время завершения: 188
Путь приложения: C:Windowssystem32mspaint.exe
ИД отчета: ef643d51-e470-11e5-86f6-0026b91ef55f
Error: (03/07/2016 02:58:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Ошибка при создании контекста активации для «Microsoft.Windows.Common-Controls,language=»*»,processorArchitecture=»amd64″,publicKeyToken=»6595b64144ccf1df»,type=»Win32″,version=»6.0.0.0″1″.
Не найдена зависимая сборка «Microsoft.Windows.Common-Controls,language=»*»,processorArchitecture=»amd64″,publicKeyToken=»6595b64144ccf1df»,type=»Win32″,version=»6.0.0.0″».
Используйте sxstrace.exe для подробной диагностики.Error: (03/07/2016 10:22:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: DiscSoftBusService.exe, версия: 1.1.0.103, отметка времени: 0x51c959aa
Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db96c5
Код исключения: 0xc0000005
Смещение ошибки: 0x00056018
Идентификатор сбойного процесса: 0x718
Время запуска сбойного приложения: 0xDiscSoftBusService.exe0
Путь сбойного приложения: DiscSoftBusService.exe1
Путь сбойного модуля: DiscSoftBusService.exe2
Код отчета: DiscSoftBusService.exe3Error: (03/07/2016 02:30:02 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: Выбранная точка восстановления была повреждена или удалена в процессе восстановления (Центр обновления Windows).Error: (03/03/2016 10:48:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: l2.exe, версия: 0.0.0.0, отметка времени: 0x4ba86ca6
Имя сбойного модуля: NWindow.DLL, версия: 0.0.0.0, отметка времени 0x4ba86c73
Код исключения: 0xc0000005
Смещение ошибки: 0x00270472
Идентификатор сбойного процесса: 0x1288
Время запуска сбойного приложения: 0xl2.exe0
Путь сбойного приложения: l2.exe1
Путь сбойного модуля: l2.exe2
Код отчета: l2.exe3Error: (03/03/2016 07:25:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: l2.exe, версия: 0.0.0.0, отметка времени: 0x4ba86ca6
Имя сбойного модуля: NWindow.DLL, версия: 0.0.0.0, отметка времени 0x4ba86c73
Код исключения: 0xc0000005
Смещение ошибки: 0x00270472
Идентификатор сбойного процесса: 0x161c
Время запуска сбойного приложения: 0xl2.exe0
Путь сбойного приложения: l2.exe1
Путь сбойного модуля: l2.exe2
Код отчета: l2.exe3Error: (03/03/2016 03:30:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: l2.exe, версия: 0.0.0.0, отметка времени: 0x4ba86ca6
Имя сбойного модуля: NWindow.DLL, версия: 0.0.0.0, отметка времени 0x4ba86c73
Код исключения: 0xc0000005
Смещение ошибки: 0x00270472
Идентификатор сбойного процесса: 0x1790
Время запуска сбойного приложения: 0xl2.exe0
Путь сбойного приложения: l2.exe1
Путь сбойного модуля: l2.exe2
Код отчета: l2.exe3Error: (03/02/2016 09:23:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: l2.exe, версия: 0.0.0.0, отметка времени: 0x4ba86ca6
Имя сбойного модуля: NWindow.DLL, версия: 0.0.0.0, отметка времени 0x4ba86c73
Код исключения: 0xc0000005
Смещение ошибки: 0x00270472
Идентификатор сбойного процесса: 0xb90
Время запуска сбойного приложения: 0xl2.exe0
Путь сбойного приложения: l2.exe1
Путь сбойного модуля: l2.exe2
Код отчета: l2.exe3System errors:
=============
Error: (03/07/2016 06:39:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Служба «Группировка сетевых участников» является зависимой от службы «Протокол PNRP», которую не удалось запустить из-за ошибки
%%-2140993535Error: (03/07/2016 06:39:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Служба «Протокол PNRP» завершена из-за ошибки
%%-2140993535Error: (03/07/2016 06:39:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Служба «Группировка сетевых участников» является зависимой от службы «Протокол PNRP», которую не удалось запустить из-за ошибки
%%-2140993535Error: (03/07/2016 06:39:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Служба «Протокол PNRP» завершена из-за ошибки
%%-2140993535Error: (03/07/2016 06:39:56 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801Error: (03/07/2016 06:39:56 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801Error: (03/07/2016 06:39:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Служба «Группировка сетевых участников» является зависимой от службы «Протокол PNRP», которую не удалось запустить из-за ошибки
%%-2140993535Error: (03/07/2016 06:39:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Служба «Протокол PNRP» завершена из-за ошибки
%%-2140993535Error: (03/07/2016 06:39:45 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801Error: (03/07/2016 06:39:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Сбой при загрузке драйвера(ов) перезагрузки или запуска системы:
qutmipcCodeIntegrity:
===================================
Date: 2016-03-07 14:54:53.808
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.806
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.804
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.797
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.795
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.792
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.766
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0KLELAMX86klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.763
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0KLELAMX86klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.761
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0KLELAMX86klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.754
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0KLELAMX86klelam.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz
Percentage of memory in use: 55%
Total physical RAM: 3052.32 MB
Available physical RAM: 1372.07 MB
Total Virtual: 15050.61 MB
Available Virtual: 12875.34 MB==================== Drives ================================
Drive c: (Win 7) (Fixed) (Total:120.02 GB) (Free:72.46 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (User) (Fixed) (Total:345.73 GB) (Free:72.71 GB) NTFS==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B051B051)
Partition 1: (Active) — (Size=120 GB) — (Type=07 NTFS)
Partition 2: (Not Active) — (Size=345.7 GB) — (Type=05)==================== End of Addition.txt ============================
Запустите программу Блокнот и вставьте в открытое окно следующий текст
CHR HKUS-1-5-21-2060737710-1981992819-119070258-1000SOFTWAREPoliciesGoogle: Restriction <======= ATTENTION
HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-2060737710-1981992819-119070258-1000] ATTENTION => Default URLSearchHook is missing
Toolbar: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> No Name - {4B4D5056-3700-A76A-76A7-7A786E7484D7} - No File
Toolbar: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> No Name - {1C4D6E93-BFFF-496C-887D-FD3223999279} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S1 qutmipc; C:Windowssystem32driversqutmipc.sys [53960 2015-09-06] (360.cn)
S3 cpuz134; ??C:Users6EDA~1AppDataLocalTempcpuz134cpuz134_x32.sys [X]
S3 EagleXNt; ??C:Windowssystem32driversEagleXNt.sys [X]
S3 npkcrypt; ??D:OldGAMESЛ2 Интераsystemnpkcrypt.sys [X]
S3 npkcusb; ??D:OldGAMESЛ2 Интераsystemnpkcusb.sys [X]
S3 Synth3dVsc; System32driverssynth3dvsc.sys [X]
S3 tsusbhub; system32driverstsusbhub.sys [X]
S3 VGPU; System32driversrdvgkmd.sys [X]
Task: {32616139-BB3B-4C7F-9992-C94D5C06A227} - LaunchSignup -> No File <==== ATTENTION
Task: {3B30B817-277D-42CB-8A49-730334E18181} - {1B529BFC-1D99-E5B5-8A4C-1B8135CE3F2A} -> No File <==== ATTENTION
Task: {637D95A9-1436-473F-B2E6-D2BC39EE3042} - RocketTab -> No File <==== ATTENTION
Task: {64BA7930-D80D-40EC-B51C-E52A2960B717} - {090E0547-7D05-0F0A-0411-05040B081105} -> No File <==== ATTENTION
Task: {6764B663-3EFB-4238-9D76-58ED82F74B05} - MicrosoftWindowsWindows Activation TechnologiesValidationTaskDeadline -> No File <==== ATTENTION
Task: {6EFCA284-C823-4E73-BE2E-15FA9D34C6D6} - nethost task -> No File <==== ATTENTION
Task: {A0557040-6056-4158-859C-B69B909D478A} - MicrosoftWindowsWindows Activation TechnologiesValidationTask -> No File <==== ATTENTION
Task: {AF520B83-944E-4491-ACB4-1ABC39C07C1B} - Dealply -> No File <==== ATTENTION
Task: {BED92BC2-3E7E-440F-865F-393B893518C8} - System32TasksQtraxPlayer => 2397307950.portal.qtrax.com
Task: {E549F1E3-35AB-4A80-88D6-75D1119B3518} - newSI_4396 -> No File <==== ATTENTION
Task: {F65FDFF7-027C-47DF-888A-A469B127D13B} - {BC3FC698-7E6C-4520-AE1E-8A7C6E8B76C7} -> No File <==== ATTENTION
Task: {FB9979AD-D9B3-4CF9-B7E2-92496BE87BA3} - System32TasksDSite => C:Users6EDA~1AppDataRoamingDSiteUPDATE~1UPDATE~1.EXE <==== ATTENTION
EmptyTemp:
Сохраните полученный файл в папку где находится программа FRST/FRST64 под именем fixlist
Запустите программу FRST и нажмите кнопку Fix.
Когда программа закончит работу появиться сообщение «Fix completed». Нажмите OK.
Откроется блокнот с содержимым файла fixlog.txt. Вставьте содержимое этого файла в ваш ответ.Запустите FRST, в главном меню поставьте галочку в пункте Addtion.txt, затем нажмите Scan.
По-окончании сканирования будет создано снова два лога. Пожалуйста приложите их к вашем следующему сообщению.Скачайте AdwCleaner.
Запустите программу, кликнув по ней правой клавишей мыши и выбрав «Запустить от имени администратора».
Нажмите кнопку «Сканировать» и дождитесь окончания процесса. Когда сканирование закончиться, закройте программу и найдите отчет о сканировании.
Он находиться в папке C:AdwCleaner и имеет имя AdwCleaner[S1].
Прикрепите этот отчет к своему следующему сообщению.И, последнее.
Программа FRST показала, что некоторые программы запускаются не напрямую, а через bat файлы:Shortcut: C:UsersЮраDesktopИгрыStаr Wаrs — Thе Оld Rерubliс.lnk -> D:OldGAMESStar Wars-The Old Republiclauncher.bat ()
Shortcut: C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle ChromeGооglе Сhrоmе.lnk -> C:Program FilesGoogleChromechrome.bat ()
ShortcutWithArgument: C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarGооglе Сhrоmе.lnk -> C:WindowsSystem32cmd.exe (Microsoft Corporation) -> /C «c:program filesgooglechromechrome.bat«
ShortcutWithArgument: C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarОреrа.lnk -> C:WindowsSystem32cmd.exe (Microsoft Corporation) -> /C «c:program filesoperalauncher.bat«Это было сделано вами или нет ?
Фикс лог:
Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Юра (2016-03-09 13:39:30) Run:1
Running from C:UsersЮраDesktop
Loaded Profiles: Юра (Available Profiles: Юра)
Boot Mode: Normal==============================================
fixlist content:
*****************
CHR HKUS-1-5-21-2060737710-1981992819-119070258-1000SOFTWAREPoliciesGoogle: Restriction <======= ATTENTION
HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-2060737710-1981992819-119070258-1000] ATTENTION => Default URLSearchHook is missing
Toolbar: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> No Name — {4B4D5056-3700-A76A-76A7-7A786E7484D7} — No File
Toolbar: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> No Name — {1C4D6E93-BFFF-496C-887D-FD3223999279} — No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S1 qutmipc; C:Windowssystem32driversqutmipc.sys [53960 2015-09-06] (360.cn)
S3 cpuz134; ??C:Users6EDA~1AppDataLocalTempcpuz134cpuz134_x32.sys [X]
S3 EagleXNt; ??C:Windowssystem32driversEagleXNt.sys [X]
S3 npkcrypt; ??D:OldGAMESЛ2 Интераsystemnpkcrypt.sys [X]
S3 npkcusb; ??D:OldGAMESЛ2 Интераsystemnpkcusb.sys [X]
S3 Synth3dVsc; System32driverssynth3dvsc.sys [X]
S3 tsusbhub; system32driverstsusbhub.sys [X]
S3 VGPU; System32driversrdvgkmd.sys [X]
Task: {32616139-BB3B-4C7F-9992-C94D5C06A227} — LaunchSignup -> No File <==== ATTENTION
Task: {3B30B817-277D-42CB-8A49-730334E18181} — {1B529BFC-1D99-E5B5-8A4C-1B8135CE3F2A} -> No File <==== ATTENTION
Task: {637D95A9-1436-473F-B2E6-D2BC39EE3042} — RocketTab -> No File <==== ATTENTION
Task: {64BA7930-D80D-40EC-B51C-E52A2960B717} — {090E0547-7D05-0F0A-0411-05040B081105} -> No File <==== ATTENTION
Task: {6764B663-3EFB-4238-9D76-58ED82F74B05} — MicrosoftWindowsWindows Activation TechnologiesValidationTaskDeadline -> No File <==== ATTENTION
Task: {6EFCA284-C823-4E73-BE2E-15FA9D34C6D6} — nethost task -> No File <==== ATTENTION
Task: {A0557040-6056-4158-859C-B69B909D478A} — MicrosoftWindowsWindows Activation TechnologiesValidationTask -> No File <==== ATTENTION
Task: {AF520B83-944E-4491-ACB4-1ABC39C07C1B} — Dealply -> No File <==== ATTENTION
Task: {BED92BC2-3E7E-440F-865F-393B893518C8} — System32TasksQtraxPlayer => 2397307950.portal.qtrax.com
Task: {E549F1E3-35AB-4A80-88D6-75D1119B3518} — newSI_4396 -> No File <==== ATTENTION
Task: {F65FDFF7-027C-47DF-888A-A469B127D13B} — {BC3FC698-7E6C-4520-AE1E-8A7C6E8B76C7} -> No File <==== ATTENTION
Task: {FB9979AD-D9B3-4CF9-B7E2-92496BE87BA3} — System32TasksDSite => C:Users6EDA~1AppDataRoamingDSiteUPDATE~1UPDATE~1.EXE <==== ATTENTION
EmptyTemp:
*****************«HKUS-1-5-21-2060737710-1981992819-119070258-1000SOFTWAREPoliciesGoogle» => key removed successfully.
«HKLMSOFTWAREPoliciesMicrosoftInternet Explorer» => key removed successfully.
Could not restore Default URLSearchHook.
HKUS-1-5-21-2060737710-1981992819-119070258-1000SoftwareMicrosoftInternet ExplorerToolbarWebBrowser\{4B4D5056-3700-A76A-76A7-7A786E7484D7} => value removed successfully.
HKCRCLSID{4B4D5056-3700-A76A-76A7-7A786E7484D7} => key not found.
HKUS-1-5-21-2060737710-1981992819-119070258-1000SoftwareMicrosoftInternet ExplorerToolbarWebBrowser\{1C4D6E93-BFFF-496C-887D-FD3223999279} => value removed successfully.
HKCRCLSID{1C4D6E93-BFFF-496C-887D-FD3223999279} => key not found.
«HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE» => key removed successfully.
qutmipc => service removed successfully.
cpuz134 => service removed successfully.
EagleXNt => service removed successfully.
npkcrypt => service removed successfully.
npkcusb => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VGPU => service removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{32616139-BB3B-4C7F-9992-C94D5C06A227}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{32616139-BB3B-4C7F-9992-C94D5C06A227}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeLaunchSignup» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{3B30B817-277D-42CB-8A49-730334E18181}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{3B30B817-277D-42CB-8A49-730334E18181}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTree{1B529BFC-1D99-E5B5-8A4C-1B8135CE3F2A}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheLogon{637D95A9-1436-473F-B2E6-D2BC39EE3042}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{637D95A9-1436-473F-B2E6-D2BC39EE3042}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeRocketTab» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{64BA7930-D80D-40EC-B51C-E52A2960B717}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{64BA7930-D80D-40EC-B51C-E52A2960B717}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTree{090E0547-7D05-0F0A-0411-05040B081105}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{6764B663-3EFB-4238-9D76-58ED82F74B05}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{6764B663-3EFB-4238-9D76-58ED82F74B05}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsWindows Activation TechnologiesValidationTaskDeadline» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{6EFCA284-C823-4E73-BE2E-15FA9D34C6D6}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{6EFCA284-C823-4E73-BE2E-15FA9D34C6D6}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreenethost task» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{A0557040-6056-4158-859C-B69B909D478A}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{A0557040-6056-4158-859C-B69B909D478A}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeMicrosoftWindowsWindows Activation TechnologiesValidationTask» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{AF520B83-944E-4491-ACB4-1ABC39C07C1B}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{AF520B83-944E-4491-ACB4-1ABC39C07C1B}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeDealply» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{BED92BC2-3E7E-440F-865F-393B893518C8}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{BED92BC2-3E7E-440F-865F-393B893518C8}» => key removed successfully.
C:WindowsSystem32TasksQtraxPlayer => moved successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeQtraxPlayer» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheLogon{E549F1E3-35AB-4A80-88D6-75D1119B3518}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{E549F1E3-35AB-4A80-88D6-75D1119B3518}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreenewSI_4396» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{F65FDFF7-027C-47DF-888A-A469B127D13B}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{F65FDFF7-027C-47DF-888A-A469B127D13B}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTree{BC3FC698-7E6C-4520-AE1E-8A7C6E8B76C7}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{FB9979AD-D9B3-4CF9-B7E2-92496BE87BA3}» => key removed successfully.
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{FB9979AD-D9B3-4CF9-B7E2-92496BE87BA3}» => key removed successfully.
C:WindowsSystem32TasksDSite => moved successfully
«HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeDSite» => key removed successfully.
EmptyTemp: => 538.8 MB temporary data Removed.The system needed a reboot.
==== End of Fixlog 13:39:53 ====
Аддишн:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Юра (2016-03-09 13:45:00)
Running from C:UsersЮраDesktop
Microsoft Windows 7 Максимальная Service Pack 1 (X86) (2013-08-14 16:23:26)
Boot Mode: Normal
============================================================================== Accounts: =============================
HomeGroupUser$ (S-1-5-21-2060737710-1981992819-119070258-1002 — Limited — Enabled)
Администратор (S-1-5-21-2060737710-1981992819-119070258-500 — Administrator — Disabled)
Гость (S-1-5-21-2060737710-1981992819-119070258-501 — Limited — Disabled)
Юра (S-1-5-21-2060737710-1981992819-119070258-1000 — Administrator — Enabled) => C:UsersЮра==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Enabled — Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Enabled — Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled — Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================
(Only the adware programs with «Hidden» flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKUS-1-5-21-2060737710-1981992819-119070258-1000…uTorrent) (Version: 3.4.5.41865 — BitTorrent Inc.)
4game (HKLM…4game) (Version: 3.5.8.180 — Innova Systems)
Adobe Flash Player 15 ActiveX (HKLM…Adobe Flash Player ActiveX) (Version: 15.0.0.223 — Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM…Adobe Flash Player PPAPI) (Version: 20.0.0.306 — Adobe Systems Incorporated)
Adobe Flash Player Packages (HKUS-1-5-21-2060737710-1981992819-119070258-1000…Adobe Flash Player Packages) (Version: — ) <==== ATTENTION
Adobe Reader XI (11.0.12) (HKLM…{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 — Adobe Systems Incorporated)
AIMP3 (HKLM…AIMP3) (Version: v3.55.1355, 14.07.2014 — AIMP DevTeam)
AppCloudUpdater (HKUS-1-5-21-2060737710-1981992819-119070258-1000…AppCloudUpdater) (Version: — AppCloudUpdater) <==== ATTENTION
Arc (HKLM…{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 — Perfect World Entertainment)
Battle.net (HKLM…Battle.net) (Version: — Blizzard Entertainment)
BitRaider Streaming Client (HKLM…BitRaider Streaming Client) (Version: 1.3.3.4098 — BitRaider, LLC)
CCleaner (HKLM…CCleaner) (Version: 4.14 — Piriform)
Command and Conquer 3: Tiberium Wars 1.09 (HKLM…{706670F2-E5C6-449A-9C3E-BBCB24885B1C}_is1) (Version: — )
Dota 2 (HKLM…Steam App 570) (Version: — Valve)
FastStone Image Viewer 4.8 (HKLM…FastStone Image Viewer) (Version: 4.8 — FastStone Soft)
Fraps (remove only) (HKLM…Fraps) (Version: — )
GameSpy Comrade (HKLM…{894084B6-BC69-43B7-BF06-B93AECFEA520}) (Version: 2.1.1.214 — GameSpy)
Google Chrome (HKLM…Google Chrome) (Version: 49.0.2623.75 — Google Inc.)
Google Update Helper (Version: 1.3.25.5 — Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 — Google Inc.) Hidden
Heroes of the Storm (HKLM…Heroes of the Storm) (Version: — Blizzard Entertainment)
Jove’s Mod Pack Extended 0.9.13, версия 24.5 от 10.01.2016 (HKLM…{B0F4B9B2-D252-44B6-B6C4-464809AA675B}_is1) (Version: 24.5 от 10.01.2016 — )
Kaspersky Anti-Virus (HKLM…InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 — Лаборатория Касперского)
Kaspersky Anti-Virus (Version: 14.0.0.4651 — Лаборатория Касперского) Hidden
KMP Media Toolbar (HKLM…{4B4D5056-3700-A76A-76A7-A758B70C1002}) (Version: 12.16.2.1960 — APN, LLC)
KMP Service (HKLM…4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: — KMP) <==== ATTENTION
Lineage 2 — Gracia Epilogue (HKLM…Lineage 2 — Gracia Epilogue_is1) (Version: — )
LineageII (HKLM…4game_lineage2) (Version: — Innova Systems)
Microsoft .NET Framework 4 Client Profile (HKLM…Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 — Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM…Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 — Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM…{90140000-008B-0000-0000-0000000FF1CE}_Office14.SMALLBUSBASICS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: — Microsoft)
Microsoft Office 365 ProPlus — ru-ru (HKLM…O365ProPlusRetail — ru-ru) (Version: 15.0.4797.1003 — Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Russian) (HKLM…{95120000-00AF-0419-0000-0000000FF1CE}) (Version: 12.0.4518.1022 — Microsoft Corporation)
Microsoft Office для малого бизнеса 2010 (HKLM…Office14.SMALLBUSBASICS) (Version: 14.0.6029.1000 — Microsoft Corporation)
Microsoft Silverlight (HKLM…{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x86 8.0.61001 (HKLM…{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.6161 (HKLM…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable — x86 10.0.40219 (HKLM…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.61030 (HKLM…{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.61030 (HKLM…{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 — Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) — 12.0.30501 (HKLM…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 — Microsoft Corporation)
Mount & Blade — Warband [1.168] | RePack by TRiOLD -l- (HKLM…Mount & Blade — Warband_is1) (Version: — )
MPEG Video Wizard DVD 5.0.0.110 (10/2010) (HKLM…{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1) (Version: 5.0.0.110 — Womble Multimedia, Inc.)
MPEG Video Wizard DVD 5.0.0.110 (10/2010) (HKLM…Mpeg Video Wizard DVD 5.0) (Version: 5.0.0.110 (10/2010) — Womble Multimedia, Inc.)
Mumble 1.2.5 (HKLM…{3B38D201-CED3-44D1-8E50-2A8DEB1368DD}) (Version: 1.2.5 — Thorvald Natvig)
Need for Speed — Most Wanted (HKLM…Need for Speed — Most Wanted_R.G. Mechanics_is1) (Version: — R.G. Mechanics, markfiter)
NVIDIA GeForce Experience 2.5.14.5 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 — NVIDIA Corporation)
NVIDIA Графический драйвер 341.92 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 — NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 341.92 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 — NVIDIA Corporation)
NVIDIA Драйвер контроллера 3D Vision 340.50 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 — NVIDIA Corporation)
NVIDIA Системное программное обеспечение PhysX 9.13.1220 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 — NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4797.1003 — Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 — Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4797.1003 — Microsoft Corporation) Hidden
Philips SPC520NC Webcam (HKLM…{C3B312B7-7158-4E01-9B65-21FE18ADEFA9}) (Version: 1.00.0000 — Philips)
PointBlank (HKLM…4game_pointblank) (Version: — Innova Systems)
S.T.A.L.K.E.R. — Зов Припяти [v1.6.00] (HKLM…{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1) (Version: 1.6.00 — GSC World Publishing)
S.T.A.L.K.E.R. [v1.0004] (HKLM…S.T.A.L.K.E.R._is1) (Version: 1.0004 — GSC World Publishing)
S.T.A.L.K.E.R.: Lost Alpha version 1.3.0 (HKLM…S.T.A.L.K.E.R.: Lost Alpha_is1) (Version: 1.3.0 — dezowave)
SHIELD Streaming (Version: 4.1.3000 — NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 — NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM…{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 — Skype Technologies S.A.)
Star Wars The Old Republic (HKLM…swtor_swtor) (Version: — Bioware/EA)
Star Wars: The Old Republic (HKLM…{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 — Electronic Arts, Inc.)
Steam (HKLM…Steam) (Version: — Valve Corporation)
TeamSpeak 3 Client (HKLM…TeamSpeak 3 Client) (Version: 3.0.13 — TeamSpeak Systems GmbH)
Total Commander 8.01 PowerPack (HKLM…Total Commander) (Version: — )
UltraISO Premium V9.51 (HKLM…UltraISO_is1) (Version: — )
ViewSonic Windows 7 x64 Signed Files (HKLM…{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: — )
Warface (HKUS-1-5-21-2060737710-1981992819-119070258-1000…Warface) (Version: 1.129 — Mail.Ru)
WinRAR 5.01 (32-bit) (HKLM…WinRAR archiver) (Version: 5.01.0 — win.rar GmbH)
World of Tanks (HKLM…{1EAC1D02-C6AC-4FA6-9A44-96258C37C812RU}_is1) (Version: — Wargaming.net)
Xvid Video Codec (HKLM…Xvid Video Codec 1.3.2) (Version: 1.3.3 — Xvid Team)
Ассистент II (HKLM…AssistII) (Version: 1.2 — Intellized Software Ltd.)
Игровой центр (HKUS-1-5-21-2060737710-1981992819-119070258-1000…GameCenterMailRu) (Version: 3.1156 — ООО «Мэйл.Ру Геймз»)
Обновления NVIDIA 2.5.14.5 (Version: 2.5.14.5 — NVIDIA Corporation) Hidden
Панель управления NVIDIA 341.92 (Version: 341.92 — NVIDIA Corporation) Hidden
С.Т.А.Л.К.Е.Р. — Чистое Небо (HKLM…С.Т.А.Л.К.Е.Р. — Чистое Небо_is1) (Version: 1.0000 — GSC World Publishing)
Языковой пакет клиентского профиля Microsoft.NET Framework 4 — RUS (HKLM…Microsoft .NET Framework 4 Client Profile RUS Language Pack) (Version: 4.0.30319 — Корпорация Майкрософт)
Языковой пакет расширенной версии Microsoft.NET Framework 4 — RUS (HKLM…Microsoft .NET Framework 4 Extended RUS Language Pack) (Version: 4.0.30319 — Корпорация Майкрософт)==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-2060737710-1981992819-119070258-1000_ClassesCLSID{5A8FF410-F3CE-4844-B31B-F18D911239E8}InprocServer32 -> C:UsersЮраAppDataLocalMail.RuGameCenterNPDetector.dll (LLC Mail.Ru)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3614AC3A-B47B-412C-BCC2-0ACC08583561} — System32TasksGoogleUpdateTaskMachineUA => C:Program FilesGoogleUpdateGoogleUpdate.exe [2016-03-07] (Google Inc.)
Task: {38DC7708-E93F-4ABF-8ED2-061590140CA4} — System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack => C:Program FilesMicrosoft Office 15rootOffice15msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {4A971106-D7F0-46DF-BE2D-C4EB868D9713} — System32TasksMicrosoftOfficeOffice Automatic Updates => C:Program FilesMicrosoft Office 15ClientX86OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {592204E7-1E9C-4B21-A333-E462012896BD} — System32TasksAdobe Acrobat Update Task => C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {60AC28E6-51DF-4BED-B27E-59CB8B68D27D} — System32Tasks{87353A8F-EEA9-4D04-8358-070D76A9FA89} => pcalua.exe -a «D:OldGAMESHellgate Londonunins000.exe»
Task: {6EFCF6B0-100C-40EC-AA3A-E74D9FD66813} — System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn => C:Program FilesMicrosoft Office 15rootOffice15msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {72E92829-9453-4318-A9F3-0F1F4902C239} — System32TasksGoogleUpdateTaskMachineCore => C:Program FilesGoogleUpdateGoogleUpdate.exe [2016-03-07] (Google Inc.)
Task: {7DE2E4DD-50C8-4378-8A16-1D14D7798250} — System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesMicrosoft Office 15ClientX86OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {8E952465-93D4-4548-8020-789221279BD5} — System32Taskssimplitec Power Suite (Tray) => C:Program FilessimplitecKMPFasterServiceProvider.exe
Task: {9CFABEDB-49FD-4E00-A7CD-A988383B911F} — System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} — System32TasksMicrosoftWindowsApplication ExperienceAitAgent => C:Windowssystem32aitagent.exe [2010-11-20] (Корпорация Майкрософт (Microsoft Corp.))
Task: {DD91D809-1A66-495F-817B-755F6ED02614} — System32Tasks{1BCF900F-550C-428F-8A7D-F017F5EAAB93} => c:program filesoperalauncher.exe
Task: {DE665A1F-B7C8-457A-82F1-A0258851C9D8} — System32TasksAdobe Flash Player PPAPI Notifier => C:Windowssystem32MacromedFlashFlashUtil32_20_0_0_306_pepper.exe [2016-03-07] (Adobe Systems Incorporated)
Task: {E2284E9A-917D-48C1-86D0-D8B6889CBDD4} — System32Tasks{E123A4FC-9FF5-4D39-8ED9-C05E8E06FAD6} => D:OldGAMESS.T.A.L.K.E.R. — Зов ПрипятиbinxrEngine.exe [2010-02-06] (GSC Game World)
Task: {F17FADB8-C513-4EFC-AC14-917E8C96DC4F} — System32Tasksadobe flash player updater => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2016-03-07] (Adobe Systems Incorporated)
Task: {F22EA721-3461-4F82-87F6-8236EE710B51} — System32TasksMicrosoftOfficeOffice Subscription Maintenance => C:Program FilesMicrosoft Office 15rootvfsProgramFilesCommonx86Microsoft SharedOFFICE15OLicenseHeartbeat.exe [2016-02-23] (Microsoft Corporation)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:WindowsTasksAdobe Flash Player PPAPI Notifier.job => C:Windowssystem32MacromedFlashFlashUtil32_20_0_0_306_pepper.exe
Task: C:WindowsTasksAdobe Flash Player Updater.job => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
Task: C:WindowsTasksGoogleUpdateTaskMachineCore.job => C:Program FilesGoogleUpdateGoogleUpdate.exe
Task: C:WindowsTasksGoogleUpdateTaskMachineUA.job => C:Program FilesGoogleUpdateGoogleUpdate.exe==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:UsersЮраDesktopИгрыStаr Wаrs — Thе Оld Rерubliс.lnk -> D:OldGAMESStar Wars-The Old Republiclauncher.bat ()
Shortcut: C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle ChromeGооglе Сhrоmе.lnk -> C:Program FilesGoogleChromechrome.bat ()ShortcutWithArgument: C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarGооglе Сhrоmе.lnk -> C:WindowsSystem32cmd.exe (Microsoft Corporation) -> /C «c:program filesgooglechromechrome.bat»
ShortcutWithArgument: C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarОреrа.lnk -> C:WindowsSystem32cmd.exe (Microsoft Corporation) -> /C «c:program filesoperalauncher.bat»==================== Loaded Modules (Whitelisted) ==============
2013-08-14 18:29 — 2015-10-13 18:47 — 00113840 _____ () C:Program FilesNVIDIA CorporationDisplayNvSmartMax.dll
2015-10-20 10:17 — 2015-10-20 10:17 — 00242176 _____ () C:Program Files4game3.5.8.180PocoUtil.dll
2015-10-20 10:18 — 2015-10-20 10:18 — 00714240 _____ () C:Program Files4game3.5.8.180PocoNet.dll
2015-10-20 10:16 — 2015-10-20 10:16 — 00394240 _____ () C:Program Files4game3.5.8.180PocoXML.dll
2013-06-17 12:35 — 2013-06-17 12:35 — 00478400 _____ () C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0dblite.dll
2013-05-08 14:52 — 2013-05-08 14:52 — 01270464 _____ () C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0kpcengine.2.3.dll
2015-06-06 14:31 — 2015-10-13 02:43 — 00080040 _____ () C:Program FilesMicrosoft Office 15ClientX86ApiClient.dll
2013-08-14 18:55 — 2012-10-22 10:21 — 01277952 _____ () C:Program FilesPANDORA.TVPanServiceavformat-53.dll
2013-08-14 18:55 — 2012-07-09 16:57 — 02090496 _____ () C:Program FilesPANDORA.TVPanServiceavcodec-53.dll
2013-08-14 18:55 — 2011-12-06 15:19 — 00133632 _____ () C:Program FilesPANDORA.TVPanServiceavutil-51.dll
2013-08-14 18:55 — 2012-03-23 09:07 — 00224768 _____ () C:Program FilesPANDORA.TVPanServicelibupnp.dll
2015-08-19 19:35 — 2015-08-27 02:37 — 00011896 _____ () C:Program FilesNVIDIA CorporationUpdate Coredetoured.dll
2016-03-07 19:08 — 2016-03-02 06:47 — 01675928 _____ () C:Program FilesGoogleChromeApplication49.0.2623.75libglesv2.dll
2016-03-07 19:08 — 2016-03-02 06:47 — 00086168 _____ () C:Program FilesGoogleChromeApplication49.0.2623.75libegl.dll==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The «AlternateShell» value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 — 2014-09-10 22:24 — 00000147 ____A C:Windowssystem32Driversetchosts
127.0.0.1 localhost
::1 localhost==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKUS-1-5-21-2060737710-1981992819-119070258-1000Control PanelDesktop\Wallpaper -> C:UsersЮраAppDataRoamingFastStoneFSIVFSViewerWallPaper.bmp
DNS Servers: 192.168.0.1
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIGstartupreg: DAEMON Tools Ultra Agent => «C:Program FilesDAEMON Tools UltraDTAgent.exe» -autorun
MSCONFIGstartupreg: GameCenterMailRu => «C:UsersЮраAppDataLocalMail.RuGameCenterGameCenter@Mail.Ru.exe» -autostart
MSCONFIGstartupreg: MailRuUpdater => C:UsersЮраAppDataLocalMailRuMailRuUpdater.exe
MSCONFIGstartupreg: NvBackend => «C:Program FilesNVIDIA CorporationUpdate CoreNvBackend.exe»
MSCONFIGstartupreg: ShadowPlay => C:Windowssystem32rundll32.exe C:Windowssystem32nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIGstartupreg: uTorrent => «C:UsersЮраAppDataRoaminguTorrentuTorrent.exe» /MINIMIZED==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1772360A-9CEC-4647-ACF0-435E75F3BD85}] => (Allow) C:Program FilesSkypePhoneSkype.exe
FirewallRules: [{44F2F6F4-6223-4E91-B8DC-B1462EDB5A35}] => (Allow) C:UsersЮраAppDataRoaminguTorrentuTorrent.exe
FirewallRules: [{BD133E9E-DA31-4949-9F0D-5CEA4FD983FE}] => (Allow) C:UsersЮраAppDataRoaminguTorrentuTorrent.exe
FirewallRules: [TCP Query User{5F0F1D45-7483-46D0-BD3B-A528201E6777}D:oldgameswotwotlauncher.exe] => (Allow) D:oldgameswotwotlauncher.exe
FirewallRules: [UDP Query User{7DB34485-8121-4D04-AD65-AA586799F42C}D:oldgameswotwotlauncher.exe] => (Allow) D:oldgameswotwotlauncher.exe
FirewallRules: [TCP Query User{EB79892E-1CDF-443C-A2FF-DE71CC86025D}D:oldgameswotworldoftanks.exe] => (Allow) D:oldgameswotworldoftanks.exe
FirewallRules: [UDP Query User{7B98D220-9BB2-43AC-9ABF-24DCD8A0D268}D:oldgameswotworldoftanks.exe] => (Allow) D:oldgameswotworldoftanks.exe
FirewallRules: [{CE8F322C-BD18-43A5-BC8B-6193C26C6C4F}] => (Allow) D:OldGAMESS.T.A.L.K.E.RbinXR_3DA.exe
FirewallRules: [{348DA8D1-691A-4121-BB40-905FD572974F}] => (Allow) D:OldGAMESS.T.A.L.K.E.RbinXR_3DA.exe
FirewallRules: [{BF908696-2CFE-427B-9920-F7D3E5CE734B}] => (Allow) D:OldGAMESS.T.A.L.K.E.RbindedicatedXR_3DA.exe
FirewallRules: [{11850CDD-A506-4657-B2D2-2FA6184EF455}] => (Allow) D:OldGAMESS.T.A.L.K.E.RbindedicatedXR_3DA.exe
FirewallRules: [{A39D26AA-2B20-49C2-886B-D48557A08D8F}] => (Allow) LPort=80
FirewallRules: [{213312B4-E7F3-4374-9750-308D9A5C6801}] => (Allow) LPort=443
FirewallRules: [{7337EBFA-E7E9-47D4-BF8C-6FB70862A6A1}] => (Allow) LPort=20010
FirewallRules: [{B795008D-961C-465C-B673-15F3C19BC8AE}] => (Allow) LPort=3478
FirewallRules: [{D7959262-A0E3-4EEC-9067-7149673BDF26}] => (Allow) LPort=7850
FirewallRules: [{52396DC1-5F6F-40B5-81E4-091C9820C0FE}] => (Allow) LPort=27022
FirewallRules: [{E1FB60DD-841C-4865-B163-011ACA18F2D8}] => (Allow) LPort=6881
FirewallRules: [{BB37AA97-6E24-459B-B6E1-4AB1CC88E7BE}] => (Allow) LPort=33333
FirewallRules: [{F3B64B56-AC75-49F4-9695-D6A161E06B17}] => (Allow) LPort=20443
FirewallRules: [{B9E2FB8B-54EF-4947-B104-C3B51D76FC47}] => (Allow) LPort=8090
FirewallRules: [{FC81A9F8-289B-429B-8E7C-0A8FC7C47E10}] => (Allow) C:WindowsMicrosoft.NETFrameworkv4.0.30319SMSvcHost.exe
FirewallRules: [{072E5EFA-5BB7-467E-AA2C-29443F082D81}] => (Allow) C:Program FilesNVIDIA CorporationNetServiceNvNetworkService.exe
FirewallRules: [{C6842AAE-D0DD-4C13-9095-4BD913CB5ABC}] => (Allow) C:Program FilesNVIDIA CorporationNetServiceNvNetworkService.exe
FirewallRules: [{E16911B8-2F77-4294-9D03-5D89F706256A}] => (Allow) C:UsersЮраAppDataRoaminguTorrentuTorrent.exe
FirewallRules: [{8BE38FFB-66F7-4629-A774-62C8DC88DF52}] => (Allow) C:UsersЮраAppDataRoaminguTorrentuTorrent.exe
FirewallRules: [{BFE76C14-57F8-4D8F-B3E5-8C11B0CBFE5A}] => (Allow) C:Program FilesSteamSteam.exe
FirewallRules: [{E236E922-384E-4A89-9FC1-2CAA82C06AD7}] => (Allow) C:Program FilesSteamSteam.exe
FirewallRules: [{8A933710-B3D6-4102-AF69-D707886AF541}] => (Allow) C:Program FilesSteambinsteamwebhelper.exe
FirewallRules: [{43B9173A-90BA-4E32-8699-B256881A0948}] => (Allow) C:Program FilesSteambinsteamwebhelper.exe
FirewallRules: [{1474FE40-8174-4FA4-A379-EE9E0B306EF2}] => (Allow) D:OldGAMESС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe
FirewallRules: [{79373CFD-987B-460B-9A67-715444BF1F44}] => (Allow) D:OldGAMESС.Т.А.Л.К.Е.Р. — Чистое НебоbinxrEngine.exe
FirewallRules: [{EA738FD9-B7F8-4DCD-BB1E-8F9B4D665CEA}] => (Allow) D:OldGAMESС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe
FirewallRules: [{3520A5E6-3D4B-4E7C-961A-11D2AC935B5C}] => (Allow) D:OldGAMESС.Т.А.Л.К.Е.Р. — Чистое НебоbindedicatedxrEngine.exe
FirewallRules: [{A0D5E14D-AAE8-4462-A86C-763DB3F30493}] => (Allow) D:OldGAMESStar Wars-The Old Republiclauncher.exe
FirewallRules: [{1854A6B6-6B91-4E13-AE97-22803B8E2A25}] => (Allow) D:OldGAMESStar Wars-The Old Republiclauncher.exe
FirewallRules: [{DCA7E6C5-D8F7-449F-B5F7-52347A3C974B}] => (Allow) D:OldGAMESStar Wars-The Old Republiclauncher.exe
FirewallRules: [{DD77B126-C485-473E-8A5B-80855683B70E}] => (Allow) D:OldGAMESStar Wars-The Old Republiclauncher.exe
FirewallRules: [{9DA46A95-7F6A-49F3-98C6-4707937F2F5C}] => (Allow) D:OldGAMESS.T.A.L.K.E.R. — Зов ПрипятиbinxrEngine.exe
FirewallRules: [{52296BD5-6C3C-473D-9228-986EDDFABDED}] => (Allow) D:OldGAMESS.T.A.L.K.E.R. — Зов ПрипятиbinxrEngine.exe
FirewallRules: [{254ACCDD-1914-4F37-857C-70B93761A8A3}] => (Allow) D:OldGAMESS.T.A.L.K.E.R. — Зов ПрипятиbindedicatedxrEngine.exe
FirewallRules: [{26C10028-C00A-47BA-A262-8D6F21BFCCF9}] => (Allow) D:OldGAMESS.T.A.L.K.E.R. — Зов ПрипятиbindedicatedxrEngine.exe
FirewallRules: [{5E66F231-F413-42C3-92E8-DCAEFC96DED8}] => (Allow) D:OldGAMESBattle.netBattle.net.exe
FirewallRules: [{CD8E5244-7658-427A-97C0-AEC23C46B65C}] => (Allow) D:OldGAMESBattle.netBattle.net.exe
FirewallRules: [{16C444B0-65B9-418B-AB3A-81CCC2013A58}] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15outlook.exe
FirewallRules: [{57240F46-E06D-4971-BBA4-E58907538B4F}] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15Lync.exe
FirewallRules: [{CEFF2905-CCDB-4AA2-95C7-54C7D8F22521}] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15UcMapi.exe
FirewallRules: [{B0F3761A-EC2A-4FFF-87D2-C44A791D9B41}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe
FirewallRules: [{D97F20FE-B732-4A2F-A4D6-A2D88FC51DC5}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamNetworkService.exe
FirewallRules: [{8C76C62D-A052-489C-8F9D-9EFC596C4668}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamUserAgent.exe
FirewallRules: [{64D58DAA-E8B6-430B-BEDA-52E6CFD06269}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe
FirewallRules: [{BF0FC037-C2F7-4506-A7BF-C1491948793F}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe
FirewallRules: [{12B8619E-5FF3-4ED6-85D8-91B00C13B639}] => (Allow) D:OldGAMESCommand & Conquer 3 Tiberium WarsRetailExe1.9cnc3game.dat
FirewallRules: [{DE58A5A3-8353-4C1B-AD05-A53FB46469C4}] => (Allow) D:OldGAMESDota 2 SteamSteamAppscommondota 2 betagamebinwin32dota2.exe
FirewallRules: [{40CA8E7F-BD4E-462F-9F26-AC05E7DE8B29}] => (Allow) D:OldGAMESDota 2 SteamSteamAppscommondota 2 betagamebinwin32dota2.exe
FirewallRules: [{FD009F82-865E-4A32-983A-D16C59DB2C2C}] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15Lync.exe
FirewallRules: [{000F65DA-5535-4D1D-97FF-EF6D0D235006}] => (Allow) C:Program FilesMicrosoft Office 15rootOffice15UcMapi.exe
FirewallRules: [{6EAA9D58-F4B7-4912-96A8-7D665236C058}] => (Allow) C:UsersЮраAppDataLocalMail.RuGameCenterGameCenter@Mail.Ru.exe
FirewallRules: [{0B502F38-99F2-42FC-A098-3B374A9E6F04}] => (Allow) C:UsersЮраAppDataLocalMail.RuGameCenterGameCenter@Mail.Ru.exe
FirewallRules: [{31862ECB-DEBE-4807-9B68-BA3A9B1AE323}] => (Allow) D:OldGAMES4gamePointBlankPointBlank.exe
FirewallRules: [{89CBB350-31BF-4621-BBE7-E626989EB51C}] => (Allow) D:OldGAMES4gamePointBlankPointBlank.exe
FirewallRules: [TCP Query User{AE1B5F53-C138-4867-AB55-C2088BACA397}D:oldgamesneed for speed — most wantedspeed.exe] => (Allow) D:oldgamesneed for speed — most wantedspeed.exe
FirewallRules: [UDP Query User{21C9C3C4-E49D-422E-B023-B988863C83D9}D:oldgamesneed for speed — most wantedspeed.exe] => (Allow) D:oldgamesneed for speed — most wantedspeed.exe
FirewallRules: [{DCA494F2-B32F-48A8-96B2-536DA0F743E6}] => (Allow) C:Program FilesPANDORA.TVPanServiceKMPProcess.exe
FirewallRules: [{3CECD703-DD74-4600-AB17-4712FCD578EC}] => (Allow) C:Program FilesPANDORA.TVPanServiceKMPProcess.exe
FirewallRules: [TCP Query User{65E8A07B-6FDF-4DA3-B011-952DC73622B1}D:oldgamesneed for speed — most wantedspeed.exe] => (Allow) D:oldgamesneed for speed — most wantedspeed.exe
FirewallRules: [UDP Query User{17C153F2-96DD-4E42-AD5B-6D30E1551420}D:oldgamesneed for speed — most wantedspeed.exe] => (Allow) D:oldgamesneed for speed — most wantedspeed.exe
FirewallRules: [{CC8FB11F-2903-4392-B1DB-C3429CAA60E3}] => (Allow) LPort=49170
FirewallRules: [{42DC9AC8-1F19-42D0-A236-05E39BE32128}] => (Allow) LPort=5000
FirewallRules: [{31055783-8BF5-4B44-9D6F-3118680B1926}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe
FirewallRules: [{1EB2E0F1-B88C-4621-9EBA-267BB554F087}] => (Allow) C:Program FilesPANDORA.TVPanServiceKMPProcess.exe
FirewallRules: [{4821E17B-12EE-4570-BEF8-F8F24BE8F111}] => (Allow) C:Program FilesPANDORA.TVPanServiceKMPProcess.exe==================== Restore Points =========================
07-03-2016 02:20:32 Операция восстановления
07-03-2016 19:14:21 Установлена Arc==================== Faulty Device Manager Devices =============
Name: PCI-контроллер Simple Communications
Description: PCI-контроллер Simple Communications
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click «Update Driver», which starts the Hardware Update wizard.Name: Microsoft PS/2 мышь
Description: Microsoft PS/2 мышь
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.Name: Мультимедиа контроллер
Description: Мультимедиа контроллер
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click «Update Driver», which starts the Hardware Update wizard.Name: Стандартная клавиатура PS/2
Description: Стандартная клавиатура PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Стандартные клавиатуры)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.Name: Teredo Tunneling Pseudo-Interface
Description: Туннельный адаптер Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click «Update Driver» to update the drivers for this device.
On the «General Properties» tab of the device, click «Troubleshoot» to start the troubleshooting wizard.==================== Event log errors: =========================
Application errors:
==================
Error: (03/07/2016 07:14:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Сбой служб шифрования в ходе обработки вызова OnIdentity() в объекте «Системный модуль записи».Details:
AddWin32ServiceFiles: Unable to back up image of service BitRaider Mini-Support Service Stub Loader since QueryServiceConfig API failedSystem Error:
Не удается найти указанный файл.
.Error: (03/07/2016 04:57:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Программа Explorer.EXE версии 6.1.7601.17567 прекратила взаимодействие с Windows и была закрыта. Чтобы узнать, имеются ли дополнительные сведения о проблеме, проверьте историю проблемы в Центре поддержки в панели управления.ИД процесса: 744
Время запуска: 01d1784cae12586c
Время завершения: 33846
Путь приложения: C:WindowsExplorer.EXE
ИД отчета: d7e9f818-e474-11e5-86f6-0026b91ef55f
Error: (03/07/2016 04:29:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Программа mspaint.exe версии 6.1.7600.16385 прекратила взаимодействие с Windows и была закрыта. Чтобы узнать, имеются ли дополнительные сведения о проблеме, проверьте историю проблемы в Центре поддержки в панели управления.ИД процесса: 1b6c
Время запуска: 01d1787d91acf50b
Время завершения: 188
Путь приложения: C:Windowssystem32mspaint.exe
ИД отчета: ef643d51-e470-11e5-86f6-0026b91ef55f
Error: (03/07/2016 02:58:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Ошибка при создании контекста активации для «Microsoft.Windows.Common-Controls,language=»*»,processorArchitecture=»amd64″,publicKeyToken=»6595b64144ccf1df»,type=»Win32″,version=»6.0.0.0″1″.
Не найдена зависимая сборка «Microsoft.Windows.Common-Controls,language=»*»,processorArchitecture=»amd64″,publicKeyToken=»6595b64144ccf1df»,type=»Win32″,version=»6.0.0.0″».
Используйте sxstrace.exe для подробной диагностики.Error: (03/07/2016 10:22:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: DiscSoftBusService.exe, версия: 1.1.0.103, отметка времени: 0x51c959aa
Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db96c5
Код исключения: 0xc0000005
Смещение ошибки: 0x00056018
Идентификатор сбойного процесса: 0x718
Время запуска сбойного приложения: 0xDiscSoftBusService.exe0
Путь сбойного приложения: DiscSoftBusService.exe1
Путь сбойного модуля: DiscSoftBusService.exe2
Код отчета: DiscSoftBusService.exe3Error: (03/07/2016 02:30:02 AM) (Source: System Restore) (EventID: 8206) (User: )
Description: Выбранная точка восстановления была повреждена или удалена в процессе восстановления (Центр обновления Windows).Error: (03/03/2016 10:48:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: l2.exe, версия: 0.0.0.0, отметка времени: 0x4ba86ca6
Имя сбойного модуля: NWindow.DLL, версия: 0.0.0.0, отметка времени 0x4ba86c73
Код исключения: 0xc0000005
Смещение ошибки: 0x00270472
Идентификатор сбойного процесса: 0x1288
Время запуска сбойного приложения: 0xl2.exe0
Путь сбойного приложения: l2.exe1
Путь сбойного модуля: l2.exe2
Код отчета: l2.exe3Error: (03/03/2016 07:25:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: l2.exe, версия: 0.0.0.0, отметка времени: 0x4ba86ca6
Имя сбойного модуля: NWindow.DLL, версия: 0.0.0.0, отметка времени 0x4ba86c73
Код исключения: 0xc0000005
Смещение ошибки: 0x00270472
Идентификатор сбойного процесса: 0x161c
Время запуска сбойного приложения: 0xl2.exe0
Путь сбойного приложения: l2.exe1
Путь сбойного модуля: l2.exe2
Код отчета: l2.exe3Error: (03/03/2016 03:30:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: l2.exe, версия: 0.0.0.0, отметка времени: 0x4ba86ca6
Имя сбойного модуля: NWindow.DLL, версия: 0.0.0.0, отметка времени 0x4ba86c73
Код исключения: 0xc0000005
Смещение ошибки: 0x00270472
Идентификатор сбойного процесса: 0x1790
Время запуска сбойного приложения: 0xl2.exe0
Путь сбойного приложения: l2.exe1
Путь сбойного модуля: l2.exe2
Код отчета: l2.exe3Error: (03/02/2016 09:23:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: l2.exe, версия: 0.0.0.0, отметка времени: 0x4ba86ca6
Имя сбойного модуля: NWindow.DLL, версия: 0.0.0.0, отметка времени 0x4ba86c73
Код исключения: 0xc0000005
Смещение ошибки: 0x00270472
Идентификатор сбойного процесса: 0xb90
Время запуска сбойного приложения: 0xl2.exe0
Путь сбойного приложения: l2.exe1
Путь сбойного модуля: l2.exe2
Код отчета: l2.exe3System errors:
=============
Error: (03/09/2016 01:41:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Служба «Группировка сетевых участников» является зависимой от службы «Протокол PNRP», которую не удалось запустить из-за ошибки
%%-2140993535Error: (03/09/2016 01:41:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Служба «Протокол PNRP» завершена из-за ошибки
%%-2140993535Error: (03/09/2016 01:41:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Служба «Группировка сетевых участников» является зависимой от службы «Протокол PNRP», которую не удалось запустить из-за ошибки
%%-2140993535Error: (03/09/2016 01:41:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Служба «Протокол PNRP» завершена из-за ошибки
%%-2140993535Error: (03/09/2016 01:41:27 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801Error: (03/09/2016 01:41:27 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801Error: (03/09/2016 01:41:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Служба «Группировка сетевых участников» является зависимой от службы «Протокол PNRP», которую не удалось запустить из-за ошибки
%%-2140993535Error: (03/09/2016 01:41:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Служба «Протокол PNRP» завершена из-за ошибки
%%-2140993535Error: (03/09/2016 01:41:16 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801Error: (03/09/2016 01:40:49 PM) (Source: ps7ajtsc) (EventID: 1) (User: )
Description: Protection Synchronization Driver detected an internal error, contact the customer support service.CodeIntegrity:
===================================
Date: 2016-03-07 14:54:53.808
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.806
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.804
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.797
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.795
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.792
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1WindowsELAMBKUPklelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.766
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0KLELAMX86klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.763
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0KLELAMX86klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.761
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0KLELAMX86klelam.sys because the set of per-page image hashes could not be found on the system.Date: 2016-03-07 14:54:53.754
Description: Code Integrity is unable to verify the image integrity of the file DeviceHarddiskVolume1Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0KLELAMX86klelam.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz
Percentage of memory in use: 39%
Total physical RAM: 3052.32 MB
Available physical RAM: 1848.93 MB
Total Virtual: 15050.61 MB
Available Virtual: 13577 MB==================== Drives ================================
Drive c: (Win 7) (Fixed) (Total:120.02 GB) (Free:72.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (User) (Fixed) (Total:345.73 GB) (Free:72.66 GB) NTFS==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B051B051)
Partition 1: (Active) — (Size=120 GB) — (Type=07 NTFS)
Partition 2: (Not Active) — (Size=345.7 GB) — (Type=05)==================== End of Addition.txt ============================
АдвКлинер:
# AdwCleaner v5.101 — Отчёт создан 09/03/2016 в 13:49:00
# Обновлено 07/03/2016 by Xplode
# База данных : 2016-03-08.1 [Сервер]
# Операционная система : Windows 7 Ultimate Service Pack 1 (x86)
# Пользователь : Юра — ЮРА-ПК
# Запущено из : C:UsersЮраDesktopadwcleaner_5.101.exe
# Настройка : Сканировать
# помощь : http://toolslib.net/forum***** [ Службы ] *****
Служба Найдено : PanService
***** [ Папки ] *****
Папка Найдено : C:Program FilesMail.Ru
Папка Найдено : C:Program FilesPANDORA.TV
Папка Найдено : C:Program FilesSearch Extensions
Папка Найдено : C:Program Fileswebget
Папка Найдено : C:Program FilesWinZip Registry Optimizer
Папка Найдено : C:ProgramDataapn
Папка Найдено : C:ProgramDataAskPartnerNetwork
Папка Найдено : C:ProgramDataDealPlyLive
Папка Найдено : C:ProgramDataMail.Ru
Папка Найдено : C:ProgramDatasimplitec
Папка Найдено : C:ProgramData102d5787-4813-1
Папка Найдено : C:ProgramData102d5787-6bd3-0
Папка Найдено : C:ProgramData811b4c8b-0403-1
Папка Найдено : C:ProgramData811b4c8b-0a11-0
Папка Найдено : C:ProgramData811b4c8b-0ea3-1
Папка Найдено : C:ProgramData811b4c8b-1035-1
Папка Найдено : C:ProgramData811b4c8b-19a3-0
Папка Найдено : C:ProgramData811b4c8b-1a87-1
Папка Найдено : C:ProgramData811b4c8b-1c63-0
Папка Найдено : C:ProgramData811b4c8b-2941-0
Папка Найдено : C:ProgramData811b4c8b-40f1-0
Папка Найдено : C:ProgramData811b4c8b-4c13-1
Папка Найдено : C:ProgramData811b4c8b-5b93-1
Папка Найдено : C:ProgramData811b4c8b-6827-0
Папка Найдено : C:ProgramData811b4c8b-7515-0
Папка Найдено : C:ProgramData811b4c8b-7c67-0
Папка Найдено : C:ProgramDatacfa54b68
Папка Найдено : C:ProgramData{008c7bcb-012c-1}
Папка Найдено : C:ProgramData{319c6ae5-112c-0}
Папка Найдено : C:UsersЮраmusicqtrax media library
Папка Найдено : C:UsersЮраQtrax
Папка Найдено : C:UsersЮраAppDataLocalAskPartnerNetwork
Папка Найдено : C:UsersЮраAppDataLocalDealPlyLive
Папка Найдено : C:UsersЮраAppDataLocalKometa
Папка Найдено : C:UsersЮраAppDataLocalMail.Ru
Папка Найдено : C:UsersЮраAppDataLocalMailRu
Папка Найдено : C:UsersЮраAppDataLocalNichrome
Папка Найдено : C:UsersЮраAppDataRoaming1H1Q
Папка Найдено : C:UsersЮраAppDataRoamingAppCloudUpdater
Папка Найдено : C:UsersЮраAppDataRoamingDSite
Папка Найдено : C:UsersЮраAppDataRoamingmediahit
Папка Найдено : C:UsersЮраAppDataRoamingnewSI_4396
Папка Найдено : C:UsersЮраAppDataRoamingMicrosoftWindowsStart MenuProgramsMail.Ru***** [ Файлы ] *****
Файл Найдено : C:END
Файл Найдено : C:WindowsReimage.ini
Файл Найдено : C:Windowssystem32roboot.exe***** [ DLL ] *****
***** [ Ярлыки ] *****
Ярлык Заражён : C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarGооglе Сhrоmе.lnk ( /C «c:program filesgooglechromechrome.bat» )
Ярлык Заражён : C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarОреrа.lnk ( /C «c:program filesoperalauncher.bat» )***** [ Запланированные задания ] *****
Задание Найдено : simplitec Power Suite (Tray)
***** [ Реестр ] *****
Ключ Найдено : HKLMSOFTWAREClassesAppIDREI_AxControl.DLL
Ключ Найдено : HKLMSOFTWAREMICROSOFTSYSTEMCERTIFICATESROOTCERTIFICATES26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{cfa54b68}
Ключ Найдено : HKLMSOFTWAREGoogleChromeExtensionspfjgibhmcgncmjhdodpaolfbjpjjajal
Ключ Найдено : HKLMSOFTWAREGoogleChromeExtensionsmfmjpfoggikolkfilofbpgcnhdcgahib
Ключ Найдено : HKLMSOFTWAREClassesAppID{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Ключ Найдено : HKLMSOFTWAREClassesCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Ключ Найдено : HKLMSOFTWAREClassesCLSID{4AA46D49-459F-4358-B4D1-169048547C23}
Ключ Найдено : HKLMSOFTWAREClassesCLSID{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Ключ Найдено : HKLMSOFTWAREClassesCLSID{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Ключ Найдено : HKLMSOFTWAREClassesInterface{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Ключ Найдено : HKLMSOFTWAREClassesInterface{80703783-E415-4EE3-AB60-D36981C5A6F1}
Ключ Найдено : HKLMSOFTWAREClassesInterface{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Ключ Найдено : HKLMSOFTWAREClassesInterface{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Ключ Найдено : HKLMSOFTWAREClassesInterface{BD51A48E-EB5F-4454-8774-EF962DF64546}
Ключ Найдено : HKLMSOFTWAREClassesInterface{0FEB2313-F89B-4AC6-8153-84025604A06A}
Ключ Найдено : HKLMSOFTWAREClassesInterface{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Ключ Найдено : HKLMSOFTWAREClassesInterface{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Ключ Найдено : HKLMSOFTWAREClassesInterface{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Ключ Найдено : HKLMSOFTWAREClassesInterface{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Ключ Найдено : HKLMSOFTWAREClassesInterface{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Ключ Найдено : HKLMSOFTWAREClassesInterface{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Ключ Найдено : HKLMSOFTWAREClassesInterface{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Ключ Найдено : HKLMSOFTWAREClassesInterface{762D463B-C45A-456D-A80D-8689C297C91E}
Ключ Найдено : HKLMSOFTWAREClassesInterface{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Ключ Найдено : HKLMSOFTWAREClassesInterface{803F550E-BAAE-42BB-8917-64BA0006AB17}
Ключ Найдено : HKLMSOFTWAREClassesInterface{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Ключ Найдено : HKLMSOFTWAREClassesInterface{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Ключ Найдено : HKLMSOFTWAREClassesInterface{A5ACC874-D943-483F-A2D1-14598D51F872}
Ключ Найдено : HKLMSOFTWAREClassesInterface{B0474212-0D9D-4361-90B3-B89D1A44275D}
Ключ Найдено : HKLMSOFTWAREClassesInterface{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Ключ Найдено : HKLMSOFTWAREClassesInterface{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Ключ Найдено : HKLMSOFTWAREClassesInterface{DD260902-9420-4055-A956-9152EB4F3E6A}
Ключ Найдено : HKLMSOFTWAREClassesInterface{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Ключ Найдено : HKLMSOFTWAREClassesInterface{F1912128-469A-4138-AA26-9699C15BB13E}
Ключ Найдено : HKLMSOFTWAREClassesInterface{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Ключ Найдено : HKLMSOFTWAREClassesInterface{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Ключ Найдено : HKLMSOFTWAREClassesInterface{884189CF-7C10-41E8-A014-F7B2BE40AADB}
Ключ Найдено : HKLMSOFTWAREClassesInterface{BD125908-5F10-409F-9C01-F2207CA18887}
Ключ Найдено : HKLMSOFTWAREClassesTypeLib{9945959C-AAD8-4312-8B57-2DE11927E770}
Ключ Найдено : HKLMSOFTWAREClassesTypeLib{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Ключ Найдено : HKLMSOFTWAREClassesTypeLib{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Ключ Найдено : HKLMSOFTWAREClassesTypeLib{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Ключ Найдено : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DEDAF650-12B8-48F5-A843-BBA100716106}
Ключ Найдено : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{10ECCE17-29B5-4880-A8F5-EAD298611484}
Ключ Найдено : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Ключ Найдено : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{D7949A66-D936-4028-9552-14F7DC50F38D}
Ключ Найдено : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
Ключ Найдено : HKCUSoftwareAPN PIP
Ключ Найдено : HKCUSoftwareAppCloudUpdater
Ключ Найдено : HKCUSoftwareDealPlyLive
Ключ Найдено : HKCUSoftwaredsiteproducts
Ключ Найдено : HKCUSoftwareIM
Ключ Найдено : HKCUSoftwareInstallCore
Ключ Найдено : HKCUSoftwareqtrax
Ключ Найдено : HKCUSoftwareReimage
Ключ Найдено : HKCUSoftwarerttasks
Ключ Найдено : HKCUSoftwareSearch Extensions
Ключ Найдено : HKCUSoftwareSoftonic
Ключ Найдено : HKCUSoftwareTNT2
Ключ Найдено : HKCUSoftwarewebget
Ключ Найдено : HKCUSoftwareLocal AppWizard-Generated ApplicationsReimage — Windows Problem Relief.
Ключ Найдено : HKCUSoftwareAppDataLowSoftwareCrossrider
Ключ Найдено : HKLMSOFTWAREReimage
Ключ Найдено : HKLMSOFTWARERocketTab
Ключ Найдено : HKLMSOFTWAREsimplitec
Ключ Найдено : HKLMSOFTWAREwebget
Ключ Найдено : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallAdobe Flash Player Packages
Ключ Найдено : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallAppCloudUpdater
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{E1527582-8509-4011-B922-29E3FB548882}_is1
Ключ Найдено : HKU.DEFAULTSoftwareAskPartnerNetwork
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8036C72171EF4ba46856BF57969F6A36
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components89BB7852687BDC34B9A81E01C7FF9173
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components89EA4F1B8FBCDEF47AE328E455E28AA0
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8CBC85D72B148084ABE8C2F072F781F4
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8CC5A38A64D6098468BC8395BA0EFF03
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8DF9A1AC557F56c49B56F6B83E293C15
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components97ECFF59EE08D4F47BB1464DEC37DA87
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA8CB937199A57E748B6AC433DA453EE2
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA97C590397DCC454AA8923563BAB10E4
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB08932C78B697C244BE7BA3E6FF09B62
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB4E78E12704AFCE408C7FBE501F1AA0A
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsC6A54B56C58C82a4688AFB93F42EA17B
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCFA51B44D54927c4E9B7BC1D3FD1E49F
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsD14A7F65792054F418578C78367D13F7
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDFE9F0BD163D827438CB6AD6B100EC48
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF0390A76D28822743A68D7F1AB22E6D0
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF739A19A8327dc64C9A8B641A9E89646
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components�A5AC497E6BBC8D45BE8AD6619DA8217
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components158D6D9E3FE81fa428925F22ACB3A965
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components15E6C514FEFC09f45BAFAAE1D7546ED4
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1DB42320A8525634AA089F0BEC86473B
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components22468B0D6050b2e46B9C4B67A8F59577
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2251BF05A2F606d43BB064BD63CBD87E
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components3255D95681398614190EDF0A4F3F77DB
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components3CDF313E9B28c944FBC7579CF4949414
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components71E54748EDD3dc1468548785DC856EDA
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components754590DD06DE8d249B526503432F99D4
Ключ Найдено : HKLMSOFTWAREClassesInstallerUpgradeCodes7AB5857A57A0687786597A857BFFFFFF
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUpgradeCodes7AB5857A57A0687786597A857BFFFFFF
Значение Найдено : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page] — hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
Значение Найдено : HKCUSoftwareMicrosoftInternet ExplorerMain [Default_Page_URL] — hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
Значение Найдено : HKLMSOFTWAREMicrosoftInternet ExplorerAboutURls [Tabs] — hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
Ключ Найдено : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0DBC05A7-B305-443E-AD9D-11984F226399}
Значение Найдено : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes [DefaultScope] — {0DBC05A7-B305-443E-AD9D-11984F226399}
Ключ Найдено : HKLMSOFTWAREMicrosoftShared ToolsMsConfigStartupRegMailRuUpdater***** [ Веб браузеры ] *****
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«keyword.URL», «hxxp://search.eshield.com/serp?guid={37D7589A-53CB-473B-8401-CE7EED431741}&action=default_search&k=»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«browser.search.defaultenginename», «eShield Safe Web»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«extensions.tnt.engine.name», «eShield Safe Web»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«extensions.tnt.engine.url», «hxxp://search.eshield.com/serp?guid={37D7589A-53CB-473B-8401-CE7EED431741}&action=default_search&k={searchTerms}»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«browser.startup.homepage», «hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«browser.newtab.url», «hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«extensions.tnt.newtaburl», «hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultuser.js] [Preference] Найдено : user_pref(«plugin.state.npconduitfirefoxplugin», 0);*************************
C:Program FilesAdwCleanerAdwCleaner[S1].txt — [17962 байт] — [09/03/2016 13:49:00]
########## EOF — C:Program FilesAdwCleanerAdwCleaner[S1].txt — [18053 байт] ##########
Запуск программ через bat делал не я. Это делали сам программы во время установки видимо.
Запустите AdwCleaner снова, выполните сканирование, а затем нажмите кнопку Очистка. Когда процесс удаления зловредов завершиться, перезагрузите компьютер и заново запустите эту программу. Выполните новую проверку. Откройте папку C:AdwCleaner и найдите файл AdwCleaner[S2]. Прикрепите этот отчет к своему следующему сообщению.
Скачайте программу Check Browsers LNK кликнув по этой ссылке.
Запустите. Когда сканирование будет завершено откроется каталог в котором находится лог файл Check_ Browsers_LNK. Щелкните по нему дважды и его содержимое откроется в Блокноте, скопируйте и вставьте его в ваше следующее сообщение.И заново проверьте компьютер программой FRST, получившийся лог то же добавьте к вашему ответу.
AdwCleaner[S2]
# AdwCleaner v5.101 — Отчёт создан 11/03/2016 в 20:12:44
# Обновлено 07/03/2016 by Xplode
# База данных : 2016-03-08.1 [Сервер]
# Операционная система : Windows 7 Ultimate Service Pack 1 (x86)
# Пользователь : Юра — ЮРА-ПК
# Запущено из : C:UsersЮраDesktopadwcleaner_5.101.exe
# Настройка : Сканировать
# помощь : http://toolslib.net/forum***** [ Службы ] *****
Служба Найдено : PanService
***** [ Папки ] *****
Папка Найдено : C:Program FilesMail.Ru
Папка Найдено : C:Program FilesPANDORA.TV
Папка Найдено : C:Program FilesSearch Extensions
Папка Найдено : C:Program Fileswebget
Папка Найдено : C:Program FilesWinZip Registry Optimizer
Папка Найдено : C:ProgramDataapn
Папка Найдено : C:ProgramDataAskPartnerNetwork
Папка Найдено : C:ProgramDataDealPlyLive
Папка Найдено : C:ProgramDataMail.Ru
Папка Найдено : C:ProgramDatasimplitec
Папка Найдено : C:ProgramData102d5787-4813-1
Папка Найдено : C:ProgramData102d5787-6bd3-0
Папка Найдено : C:ProgramData811b4c8b-0403-1
Папка Найдено : C:ProgramData811b4c8b-0a11-0
Папка Найдено : C:ProgramData811b4c8b-0ea3-1
Папка Найдено : C:ProgramData811b4c8b-1035-1
Папка Найдено : C:ProgramData811b4c8b-19a3-0
Папка Найдено : C:ProgramData811b4c8b-1a87-1
Папка Найдено : C:ProgramData811b4c8b-1c63-0
Папка Найдено : C:ProgramData811b4c8b-2941-0
Папка Найдено : C:ProgramData811b4c8b-40f1-0
Папка Найдено : C:ProgramData811b4c8b-4c13-1
Папка Найдено : C:ProgramData811b4c8b-5b93-1
Папка Найдено : C:ProgramData811b4c8b-6827-0
Папка Найдено : C:ProgramData811b4c8b-7515-0
Папка Найдено : C:ProgramData811b4c8b-7c67-0
Папка Найдено : C:ProgramDatacfa54b68
Папка Найдено : C:ProgramData{008c7bcb-012c-1}
Папка Найдено : C:ProgramData{319c6ae5-112c-0}
Папка Найдено : C:UsersЮраmusicqtrax media library
Папка Найдено : C:UsersЮраQtrax
Папка Найдено : C:UsersЮраAppDataLocalAskPartnerNetwork
Папка Найдено : C:UsersЮраAppDataLocalDealPlyLive
Папка Найдено : C:UsersЮраAppDataLocalKometa
Папка Найдено : C:UsersЮраAppDataLocalMail.Ru
Папка Найдено : C:UsersЮраAppDataLocalMailRu
Папка Найдено : C:UsersЮраAppDataLocalNichrome
Папка Найдено : C:UsersЮраAppDataRoaming1H1Q
Папка Найдено : C:UsersЮраAppDataRoamingAppCloudUpdater
Папка Найдено : C:UsersЮраAppDataRoamingDSite
Папка Найдено : C:UsersЮраAppDataRoamingmediahit
Папка Найдено : C:UsersЮраAppDataRoamingnewSI_4396
Папка Найдено : C:UsersЮраAppDataRoamingMicrosoftWindowsStart MenuProgramsMail.Ru***** [ Файлы ] *****
Файл Найдено : C:END
Файл Найдено : C:WindowsReimage.ini
Файл Найдено : C:Windowssystem32roboot.exe***** [ DLL ] *****
***** [ Ярлыки ] *****
Ярлык Заражён : C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarGооglе Сhrоmе.lnk ( /C «c:program filesgooglechromechrome.bat» )
Ярлык Заражён : C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarОреrа.lnk ( /C «c:program filesoperalauncher.bat» )***** [ Запланированные задания ] *****
Задание Найдено : simplitec Power Suite (Tray)
***** [ Реестр ] *****
Ключ Найдено : HKLMSOFTWAREClassesAppIDREI_AxControl.DLL
Ключ Найдено : HKLMSOFTWAREMICROSOFTSYSTEMCERTIFICATESROOTCERTIFICATES26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{cfa54b68}
Ключ Найдено : HKLMSOFTWAREGoogleChromeExtensionspfjgibhmcgncmjhdodpaolfbjpjjajal
Ключ Найдено : HKLMSOFTWAREGoogleChromeExtensionsmfmjpfoggikolkfilofbpgcnhdcgahib
Ключ Найдено : HKLMSOFTWAREClassesAppID{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Ключ Найдено : HKLMSOFTWAREClassesCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Ключ Найдено : HKLMSOFTWAREClassesCLSID{4AA46D49-459F-4358-B4D1-169048547C23}
Ключ Найдено : HKLMSOFTWAREClassesCLSID{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Ключ Найдено : HKLMSOFTWAREClassesCLSID{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Ключ Найдено : HKLMSOFTWAREClassesInterface{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Ключ Найдено : HKLMSOFTWAREClassesInterface{80703783-E415-4EE3-AB60-D36981C5A6F1}
Ключ Найдено : HKLMSOFTWAREClassesInterface{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Ключ Найдено : HKLMSOFTWAREClassesInterface{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Ключ Найдено : HKLMSOFTWAREClassesInterface{BD51A48E-EB5F-4454-8774-EF962DF64546}
Ключ Найдено : HKLMSOFTWAREClassesInterface{0FEB2313-F89B-4AC6-8153-84025604A06A}
Ключ Найдено : HKLMSOFTWAREClassesInterface{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Ключ Найдено : HKLMSOFTWAREClassesInterface{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Ключ Найдено : HKLMSOFTWAREClassesInterface{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Ключ Найдено : HKLMSOFTWAREClassesInterface{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Ключ Найдено : HKLMSOFTWAREClassesInterface{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Ключ Найдено : HKLMSOFTWAREClassesInterface{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Ключ Найдено : HKLMSOFTWAREClassesInterface{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Ключ Найдено : HKLMSOFTWAREClassesInterface{762D463B-C45A-456D-A80D-8689C297C91E}
Ключ Найдено : HKLMSOFTWAREClassesInterface{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Ключ Найдено : HKLMSOFTWAREClassesInterface{803F550E-BAAE-42BB-8917-64BA0006AB17}
Ключ Найдено : HKLMSOFTWAREClassesInterface{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Ключ Найдено : HKLMSOFTWAREClassesInterface{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Ключ Найдено : HKLMSOFTWAREClassesInterface{A5ACC874-D943-483F-A2D1-14598D51F872}
Ключ Найдено : HKLMSOFTWAREClassesInterface{B0474212-0D9D-4361-90B3-B89D1A44275D}
Ключ Найдено : HKLMSOFTWAREClassesInterface{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Ключ Найдено : HKLMSOFTWAREClassesInterface{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Ключ Найдено : HKLMSOFTWAREClassesInterface{DD260902-9420-4055-A956-9152EB4F3E6A}
Ключ Найдено : HKLMSOFTWAREClassesInterface{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Ключ Найдено : HKLMSOFTWAREClassesInterface{F1912128-469A-4138-AA26-9699C15BB13E}
Ключ Найдено : HKLMSOFTWAREClassesInterface{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Ключ Найдено : HKLMSOFTWAREClassesInterface{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Ключ Найдено : HKLMSOFTWAREClassesInterface{884189CF-7C10-41E8-A014-F7B2BE40AADB}
Ключ Найдено : HKLMSOFTWAREClassesInterface{BD125908-5F10-409F-9C01-F2207CA18887}
Ключ Найдено : HKLMSOFTWAREClassesTypeLib{9945959C-AAD8-4312-8B57-2DE11927E770}
Ключ Найдено : HKLMSOFTWAREClassesTypeLib{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Ключ Найдено : HKLMSOFTWAREClassesTypeLib{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Ключ Найдено : HKLMSOFTWAREClassesTypeLib{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Ключ Найдено : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DEDAF650-12B8-48F5-A843-BBA100716106}
Ключ Найдено : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{10ECCE17-29B5-4880-A8F5-EAD298611484}
Ключ Найдено : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Ключ Найдено : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{D7949A66-D936-4028-9552-14F7DC50F38D}
Ключ Найдено : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
Ключ Найдено : HKCUSoftwareAPN PIP
Ключ Найдено : HKCUSoftwareAppCloudUpdater
Ключ Найдено : HKCUSoftwareDealPlyLive
Ключ Найдено : HKCUSoftwaredsiteproducts
Ключ Найдено : HKCUSoftwareIM
Ключ Найдено : HKCUSoftwareInstallCore
Ключ Найдено : HKCUSoftwareqtrax
Ключ Найдено : HKCUSoftwareReimage
Ключ Найдено : HKCUSoftwarerttasks
Ключ Найдено : HKCUSoftwareSearch Extensions
Ключ Найдено : HKCUSoftwareSoftonic
Ключ Найдено : HKCUSoftwareTNT2
Ключ Найдено : HKCUSoftwarewebget
Ключ Найдено : HKCUSoftwareLocal AppWizard-Generated ApplicationsReimage — Windows Problem Relief.
Ключ Найдено : HKCUSoftwareAppDataLowSoftwareCrossrider
Ключ Найдено : HKLMSOFTWAREReimage
Ключ Найдено : HKLMSOFTWARERocketTab
Ключ Найдено : HKLMSOFTWAREsimplitec
Ключ Найдено : HKLMSOFTWAREwebget
Ключ Найдено : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallAdobe Flash Player Packages
Ключ Найдено : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallAppCloudUpdater
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{E1527582-8509-4011-B922-29E3FB548882}_is1
Ключ Найдено : HKU.DEFAULTSoftwareAskPartnerNetwork
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8036C72171EF4ba46856BF57969F6A36
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components89BB7852687BDC34B9A81E01C7FF9173
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components89EA4F1B8FBCDEF47AE328E455E28AA0
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8CBC85D72B148084ABE8C2F072F781F4
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8CC5A38A64D6098468BC8395BA0EFF03
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8DF9A1AC557F56c49B56F6B83E293C15
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components97ECFF59EE08D4F47BB1464DEC37DA87
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA8CB937199A57E748B6AC433DA453EE2
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA97C590397DCC454AA8923563BAB10E4
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB08932C78B697C244BE7BA3E6FF09B62
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB4E78E12704AFCE408C7FBE501F1AA0A
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsC6A54B56C58C82a4688AFB93F42EA17B
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCFA51B44D54927c4E9B7BC1D3FD1E49F
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsD14A7F65792054F418578C78367D13F7
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDFE9F0BD163D827438CB6AD6B100EC48
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF0390A76D28822743A68D7F1AB22E6D0
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF739A19A8327dc64C9A8B641A9E89646
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components�A5AC497E6BBC8D45BE8AD6619DA8217
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components158D6D9E3FE81fa428925F22ACB3A965
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components15E6C514FEFC09f45BAFAAE1D7546ED4
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1DB42320A8525634AA089F0BEC86473B
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components22468B0D6050b2e46B9C4B67A8F59577
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2251BF05A2F606d43BB064BD63CBD87E
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components3255D95681398614190EDF0A4F3F77DB
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components3CDF313E9B28c944FBC7579CF4949414
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components71E54748EDD3dc1468548785DC856EDA
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components754590DD06DE8d249B526503432F99D4
Ключ Найдено : HKLMSOFTWAREClassesInstallerUpgradeCodes7AB5857A57A0687786597A857BFFFFFF
Ключ Найдено : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUpgradeCodes7AB5857A57A0687786597A857BFFFFFF
Значение Найдено : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page] — hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
Значение Найдено : HKCUSoftwareMicrosoftInternet ExplorerMain [Default_Page_URL] — hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
Значение Найдено : HKLMSOFTWAREMicrosoftInternet ExplorerAboutURls [Tabs] — hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=
Ключ Найдено : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0DBC05A7-B305-443E-AD9D-11984F226399}
Значение Найдено : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes [DefaultScope] — {0DBC05A7-B305-443E-AD9D-11984F226399}
Ключ Найдено : HKLMSOFTWAREMicrosoftShared ToolsMsConfigStartupRegMailRuUpdater***** [ Веб браузеры ] *****
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«keyword.URL», «hxxp://search.eshield.com/serp?guid={37D7589A-53CB-473B-8401-CE7EED431741}&action=default_search&k=»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«browser.search.defaultenginename», «eShield Safe Web»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«extensions.tnt.engine.name», «eShield Safe Web»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«extensions.tnt.engine.url», «hxxp://search.eshield.com/serp?guid={37D7589A-53CB-473B-8401-CE7EED431741}&action=default_search&k={searchTerms}»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«browser.startup.homepage», «hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«browser.newtab.url», «hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultprefs.js] [Preference] Найдено : user_pref(«extensions.tnt.newtaburl», «hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11467&guid={37D7589A-53CB-473B-8401-CE7EED431741}&i=»);
[C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultuser.js] [Preference] Найдено : user_pref(«plugin.state.npconduitfirefoxplugin», 0);*************************
C:Program FilesAdwCleanerAdwCleaner[S1].txt — [18150 байт] — [09/03/2016 13:49:00]
C:Program FilesAdwCleanerAdwCleaner[S2].txt — [18053 байт] — [11/03/2016 20:12:44]########## EOF — C:Program FilesAdwCleanerAdwCleaner[S2].txt — [18144 байт] ##########
Check_ Browsers_LNK.
Check Browsers’ LNK by Alex Dragokas & regist ver. 2.0.0.12 ( Beta )
OS: x32 Windows 7 Ultimate, 6.1.7601, Service Pack: 1
Time: 11.03.2016 — 20:19
Language: OS: Russian (0x419). Display: Russian (0x419). Non-Unicode: Russian (0x419)
Elevated: Yes
User: Юра (group: Administrator)* Подозрительные объекты будут отмечены префиксом >>>
=========================================================================
(((((( БРАУЗЕРНЫЕ ярлыки ))))))
=========================================================================_______________________ Имя браузера неверное _________________________
>>> [MASK] «C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarGооglе Сhrоmе.lnk» -> [«C:WindowsSystem32cmd.exe»] -> (302592 байт) (MD5: AD7B9C14083B52BC532FBA5948342B98) -> (PE EXE) -> (Автор: Microsoft Corporation) (ЭЦП: сертификат. Легитимна? да)
>>> [MASK] «C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarОреrа.lnk» -> [«C:WindowsSystem32cmd.exe»] -> (302592 байт) (MD5: AD7B9C14083B52BC532FBA5948342B98) -> (PE EXE) -> (Автор: Microsoft Corporation) (ЭЦП: сертификат. Легитимна? да)___________________________ С аргументами _____________________________
>>> «C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts82611cbc96a3da90Визуальные Закладки Mail.Ru.lnk» -> [«C:Program FilesGoogleChromeApplicationchrome.exe» =>> —profile-directory=Default —app-id=pnooffjhclkocplopffdbcdghmiffhji]
_____________ Подозрительные ( >>> ВЫСОКИЙ риск <<< ) _________________ >>> [script][MASK] «C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle ChromeGооglе Сhrоmе.lnk» -> [«C:Program FilesGoogleChromechrome.bat»] -> start «» /I /B /D «c:PROGRA~1googlechromeAPPLIC~1» «c:PROGRA~1googlechromeAPPLIC~1chrome.exe» hxxp://searclhs-pak.ru (MD5:724A7F52E1042D94E966F936A52E9A52)
_________________________ Цель не существует __________________________
— «C:UsersЮраAppDataRoamingMicrosoftWindowsSendToМойМир@Mail.ru.lnk» -> [«C:UsersЮраAppDataLocalMail.RuGameCenterGameCenter@Mail.Ru.exe» =>> -upload]
-[MASK] «C:ProgramDataMicrosoftWindowsStart MenuProgramsОреrа.lnk» -> [«C:Program FilesOperalauncher.exe»]=========================================================================
(((((( Прочие ярлыки ))))))
=========================================================================___________________ Подозрительные ( низкий риск ) ____________________
>>> [script] «C:UsersЮраDesktopИгрыStаr Wаrs — Thе Оld Rерubliс.lnk» -> [«D:OldGAMESStar Wars-The Old Republiclauncher.bat»] -> start «» /I /B /D «d:oldgamesSTARWA~1» «d:oldgamesSTARWA~1launcher.exe» hxxp://searclhs-pak.ru (MD5:11DC6C92A00BC8A58FF72D7195CE1E8D)
>>> [script] «C:ProgramDataMicrosoftWindowsStart MenuProgramsEABioWareStar Wars — The Old RepublicStаr Wаrs — Thе Оld Rерubliс.lnk» -> [«D:OldGAMESStar Wars-The Old Republiclauncher.bat»] -> start «» /I /B /D «d:oldgamesSTARWA~1» «d:oldgamesSTARWA~1launcher.exe» hxxp://searclhs-pak.ru (MD5:11DC6C92A00BC8A58FF72D7195CE1E8D)
-[HTTP] «C:UsersЮраAppDataLocalMicrosoftWindowsGameExplorer{E95E41B2-6E69-40EB-A4D6-913001179395}SupportTasks�Игры от Майкрософт.lnk» -> [«(Internet Explorer)» =>> hxxp://vvv.enclavegame.com/]
-[HTTP] «C:UsersЮраAppDataLocalMicrosoftWindowsGameExplorer{E95E41B2-6E69-40EB-A4D6-913001179395}SupportTasks1Поддержка.lnk» -> [«(Internet Explorer)» =>> hxxp://support.vugames.com/]
-[HTTP] «C:UsersЮраAppDataLocalMicrosoftWindowsGameExplorer{F31BDAC1-0BBC-4A29-AB88-A37DAD5C0F79}SupportTasks�Игры от Майкрософт.lnk» -> [«(Internet Explorer)» =>> hxxp://vvv.ightandmagic.com/]
-[HTTP] «C:UsersЮраAppDataLocalMicrosoftWindowsGameExplorer{F31BDAC1-0BBC-4A29-AB88-A37DAD5C0F79}SupportTasks1Поддержка.lnk» -> [«(Internet Explorer)» =>> hxxp://support.ubi.com/]
-[HTTP] «C:UsersЮраAppDataRoamingMicrosoftWindowsStart MenuProgramsLineage 2 — Lineage 2СайтРегистрация.lnk» -> [«(Internet Explorer)» =>> hxxp://lineage-2.ru/index.php?cmd=account]
-[HTTP] «C:UsersЮраAppDataRoamingMicrosoftWindowsStart MenuProgramsLineage 2 — Lineage 2СайтСтатистика.lnk» -> [«(Internet Explorer)» =>> hxxp://lineage-2.ru/index.php?cmd=ratings]
-[HTTP] «C:UsersЮраAppDataRoamingMicrosoftWindowsStart MenuProgramsLineage 2 — Lineage 2СайтФорум.lnk» -> [«(Internet Explorer)» =>> hxxp://forum.lineage-2.ru/]
-[HTTP] «C:UsersЮраDesktopИгрыPoint Blank.lnk» -> [«(Internet Explorer)» =>> hxxps://ru.4game.com/pointblank/]
-[HTTP] «C:ProgramDataMicrosoftWindowsGameExplorer{E58EE463-0FCB-4735-B081-F01C9D89989D}SupportTasks�Visit the Hellgate London Home Page.lnk» -> [«(Internet Explorer)» =>> hxxp://hellgate.hanbiton.com/]
-[HTTP] «C:ProgramDataMicrosoftWindowsGameExplorer{E58EE463-0FCB-4735-B081-F01C9D89989D}SupportTasks1Visit the Redbana US Home Page.lnk» -> [«(Internet Explorer)» =>> hxxp://vvv.flagshipstudios.com/]
-[HTTP] «C:ProgramDataMicrosoftWindowsGameExplorer{E58EE463-0FCB-4735-B081-F01C9D89989D}SupportTasks2Check out Mythos, another great game by Redbana US.lnk» -> [«(Internet Explorer)» =>> hxxp://vvv.mythos.com/]
-[HTTP] «C:ProgramDataMicrosoftWindowsStart MenuPrograms4game4game.lnk» -> [«(Internet Explorer)» =>> hxxp://4game.com/?client-app=v2]
-[HTTP] «C:ProgramDataMicrosoftWindowsStart MenuPrograms4gamePoint Blank.lnk» -> [«(Internet Explorer)» =>> hxxp://ru.4game.com/pointblank]_________________________ Цель не существует __________________________
— «C:ProgramDataMicrosoftWindowsGameExplorer{E58EE463-0FCB-4735-B081-F01C9D89989D}PlayTasks�Play.lnk» -> [«D:OldGAMESHellgate GlobalLauncher.exe»]
— «C:ProgramDataMicrosoftWindowsGameExplorer{E58EE463-0FCB-4735-B081-F01C9D89989D}PlayTasks1readme.txt.lnk» -> [«D:OldGAMESHellgate Globalreadme.txt»]
— «C:ProgramDataMicrosoftWindowsStart MenuProgramsPANDORATVPanServiceUninstall Service.lnk» -> [«C:Program FilesPANDORA.TVPanServiceunins000.exe»]
— «C:ProgramDataMicrosoftWindowsStart MenuProgramsStar Wars — Battlefront 2Star Wars — Battlefront 2.lnk» -> [«D:GamesStar Wars — Battlefront 2BattlefrontII.exe»]
— «C:ProgramDataMicrosoftWindowsStart MenuProgramsStar Wars — Battlefront 2Деинсталлировать Star Wars — Battlefront 2.lnk» -> [«D:GamesStar Wars — Battlefront 2unins000.exe»]=========================================================================
(((((( Интернет-ярлыки ))))))
=========================================================================— «C:UsersЮраDesktopИгрыDota 2.url» -> steam://rungameid/570
— «C:UsersЮраDesktopИгрыWarface.url» -> mailrugames://play/0.1177
— «C:UsersЮраFavoritesMail.Ru Агент — используй для общения!.url» -> hxxp://agent.mail.ru/ru/download/agent_windows/download.html?sputnik=1
— «C:ProgramDataMicrosoftWindowsStart MenuProgramsWorld of TanksWorld of Tanks — Руководство пользователя.url» -> hxxp://worldoftanks.ru/content/guide/
— «C:ProgramDataMicrosoftWindowsStart MenuProgramsWorld of TanksСайт World of Tanks в Интернете.url» -> hxxp://vvv.worldoftanks.ru________________ Браузер по-умолчанию _______________
— [OK] http = «C:Program FilesGoogleChromeApplicationchrome.exe» — «%1» (Google Chrome)
— [OK] https = «C:Program FilesGoogleChromeApplicationchrome.exe» — «%1» (Google Chrome)
— [OK] ftp = «C:Program FilesGoogleChromeApplicationchrome.exe» — «%1» (Google Chrome)
— [OK] .htm = «C:Program FilesGoogleChromeApplicationchrome.exe» — «%1» (Google Chrome)
— [OK] .html = «C:Program FilesGoogleChromeApplicationchrome.exe» — «%1» (Google Chrome)
— [OK] .url = «C:WindowsSystem32rundll32.exe» «C:WindowsSystem32ieframe.dll»,OpenURL %l (Браузер)_____________________ Статистика ____________________
Найдено угроз: 6
Снято атрибутов RO: 0 из 0
Режим запуска: Normal
Затрачено времени: 36 сек. (поиск: 19 сек.)
Пройдено папок: 2113
Пройдено файлов: 10708 (ярлыков: 350)Проверены:
C:UsersЮра
C:UsersDefault
C:UsersPublic
C:ProgramData
______________________________ Конец лога _____________________________________________________ Максимум файловых объектов _______________________
1862 ( 1894 ) — C:UsersЮраAppDataLocalLowraidcallImageCache
3298 ( 3298 ) — C:UsersЮраAppDataLocalLowraidcallRCTemp
12 ( 5210 ) — C:UsersЮраAppDataLocalLowraidcall_________________________________________________________________________18358 bytes, CRC32: FFFFFFFF. Sign: 碊둞
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Юра (administrator) on ЮРА-ПК (11-03-2016 20:21:30)
Running from C:UsersЮраDesktop
Loaded Profiles: Юра (Available Profiles: Юра)
Platform: Microsoft Windows 7 Максимальная Service Pack 1 (X86) Language: Русский (Россия)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forums/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(NVIDIA Corporation) C:Program FilesNVIDIA Corporation3D VisionnvSCPAPISvr.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
(NVIDIA Corporation) C:WindowsSystem32nvvsvc.exe
(Innova Co S.a r.l.) C:Program Files4game3.5.8.1804game-service.exe
(Kaspersky Lab ZAO) C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0avp.exe
(Microsoft Corporation) C:Program FilesMicrosoft Office 15ClientX86officeclicktorun.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationNetServiceNvNetworkService.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplaynvtray.exe
(Kaspersky Lab ZAO) C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0avpui.exe
(NVIDIA Corporation) C:Program FilesNVIDIA CorporationUpdate CoreNvBackend.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe
(Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKUS-1-5-21-2060737710-1981992819-119070258-1000…Run: [uTorrent] => C:UsersЮраAppDataRoaminguTorrentuTorrent.exe [2094080 2016-03-07] (BitTorrent Inc.)
HKUS-1-5-21-2060737710-1981992819-119070258-1000…MountPoints2: G — G:setup.exe
HKUS-1-5-21-2060737710-1981992819-119070258-1000…MountPoints2: {d414f997-050c-11e3-a5d6-001cc079f9a0} — F:setup.exe
HKUS-1-5-21-2060737710-1981992819-119070258-1000…MountPoints2: {d414f9b0-050c-11e3-a5d6-001cc079f9a0} — H:setup.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
TcpipParameters: [DhcpNameServer] 192.168.0.1
Tcpip..Interfaces{2819289A-8805-4D65-9465-A3277B00F999}: [DhcpNameServer] 192.168.0.1Internet Explorer:
==================
URLSearchHook: [S-1-5-21-2060737710-1981992819-119070258-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKUS-1-5-21-2060737710-1981992819-119070258-1000 -> {96C61647-90DD-4B4C-A20D-8159B39342FA} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft Office 15rootOffice15OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtContentBlockerie_content_blocker_plugin.dll [2014-12-14] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtVirtualKeyboardie_virtual_keyboard_plugin.dll [2014-12-19] (Kaspersky Lab ZAO)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:OldGAMESArcPluginsArcPluginIE.dll [2016-02-24] (Perfect World Entertainment Inc)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtOnlineBankingonline_banking_bho.dll [2014-12-14] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:Program FilesMicrosoft Office 15rootOffice15URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:Program FilesMicrosoft Office 15rootOffice15GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0IEExtUrlAdvisorklwtbbho.dll [2014-12-14] (Kaspersky Lab ZAO)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf — {D924BDC6-C83A-4BD5-90D0-095128A113D1} — C:Program FilesMicrosoft Office 15rootOffice15MSOSB.DLL [2015-06-06] (Microsoft Corporation)
Handler: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:Program FilesCommon FilesSkypeSkype4COM.dll [2014-05-02] (Skype Technologies)FireFox:
========
FF ProfilePath: C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.default
FF Plugin: @4game.com/plugin -> C:Program Files4game3.5.8.180npplugin4game.dll [2015-12-25] (Innova Co S.a r.l.)
FF Plugin: @adobe.com/FlashPlayer -> D:OldGAMESArcpluginsNPSWF32.dll [2016-02-24] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft Office 15rootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:Program FilesMicrosoft Silverlight5.1.20513.0npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:PROGRA~1MICROS~3Office14NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft Office 15rootOffice15NPSPWRAP.DLL [2015-06-06] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:Program FilesNVIDIA Corporation3D Visionnpnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:Program FilesNVIDIA Corporation3D Visionnpnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:OldGAMESArcPluginsnpArcPluginFF.dll [2016-02-24] (Perfect World Entertainment Inc)
FF Plugin: @raidcall.en/RCplugin -> C:UsersЮраAppDataRoamingraidcallpluginsnprcplugin.dll [2014-03-04] (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:Program FilesGoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:Program FilesGoogleUpdate1.3.29.5npGoogleUpdate3.dll [2016-03-07] (Google Inc.)
FF Plugin: Adobe Reader -> C:Program FilesAdobeReader 11.0ReaderAIRnppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKUS-1-5-21-2060737710-1981992819-119070258-1000: @mail.ru/GameCenter -> C:UsersЮраAppDataLocalMail.RuGameCenterNPDetector.dll [No File]
FF user.js: detected! => C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultuser.js [2016-03-11]
FF Extension: eShield — C:UsersЮраAppDataRoamingMozillaFirefoxProfilesnahd6ha2.defaultExtensionstoolbar11467@eshield.com.xpi [2015-12-18] [not signed]
FF HKLM…FirefoxExtensions: [url_advisor@kaspersky.com] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExturl_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExturl_advisor@kaspersky.com [2014-12-19] [not signed]
FF HKLM…FirefoxExtensions: [virtual_keyboard@kaspersky.com] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtvirtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtvirtual_keyboard@kaspersky.com [2014-12-19] [not signed]
FF HKLM…FirefoxExtensions: [content_blocker@kaspersky.com] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtcontent_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0FFExtcontent_blocker@kaspersky.com [2014-12-19] [not signed]Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636
CHR DefaultSearchURL: Default -> hxxp://go.mail.ru/search?q={searchTerms}&fr=xtn10
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:UsersЮраAppDataLocalGoogleChromeUser DataDefault
CHR Extension: (Google Презентации) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2016-03-07]
CHR Extension: (Документы Google) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2016-03-07]
CHR Extension: (Диск Google) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2016-03-07]
CHR Extension: (Kaspersky Protection) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsblbkdnmdcafmfhinpmnlhhddbepgkeaa [2016-03-07]
CHR Extension: (YouTube) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-07]
CHR Extension: (Модуль проверки ссылок) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsdchlnpcodkpfdpacogkljefecpegganj [2016-03-07]
CHR Extension: (eShield) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsdkmjljdbbgogihjcapfhgkonfmccbffp [2016-03-07]
CHR Extension: (Google Таблицы) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2016-03-07]
CHR Extension: (Google Документы офлайн) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-07]
CHR Extension: (Модуль блокирования опасных веб-сайтов) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionshghkgaeecgjhjkannahfamoehjmkjail [2016-03-07]
CHR Extension: (Mail.Ru) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsilamgbdaebkbpkkmfmmfbnaamkhijdek [2016-03-07]
CHR Extension: (Платежная система Интернет-магазина Chrome) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2016-03-07]
CHR Extension: (Домашняя страница Mail.Ru) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionsofdgafmdegfkhfdfkmllfefmcmcjllec [2016-03-07]
CHR Extension: (Gmail) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2016-03-07]
CHR Extension: (Визуальные Закладки Mail.Ru) — C:UsersЮраAppDataLocalGoogleChromeUser DataDefaultExtensionspnooffjhclkocplopffdbcdghmiffhji [2016-03-07]
CHR HKLM…ChromeExtension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] — hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM…ChromeExtension: [dchlnpcodkpfdpacogkljefecpegganj] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0ChromeExturladvisor.crx [2013-10-11]
CHR HKLM…ChromeExtension: [dkmjljdbbgogihjcapfhgkonfmccbffp] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [hghkgaeecgjhjkannahfamoehjmkjail] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0ChromeExtcontent_blocker_chrome.crx [2013-10-11]
CHR HKLM…ChromeExtension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [jagncdcchgajhfhijbbhecadmaiegcmh] — C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0ChromeExtvirtkbd.crx [2014-12-19]
CHR HKLM…ChromeExtension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [pgaidlfgjkmeendhknafahppllbniejm] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM…ChromeExtension: [pnooffjhclkocplopffdbcdghmiffhji] — hxxps://clients2.google.com/service/update2/crxOpera:
=======
OPR StartupUrls: «hxxp://mail.ru/cnt/10445»
OPR Session Restore: -> is enabled.==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 4game-service; C:Program Files4game3.5.8.1804game-service.exe [1561312 2015-12-25] (Innova Co S.a r.l.)
S3 appdrvrem01; C:WindowsSystem32appdrvrem01.exe [316816 2014-08-21] (Protection Technology)
S3 ArcService; D:OldGAMESArcArcService.exe [88024 2016-02-24] (Perfect World Entertainment Inc)
R2 AVP; C:Program FilesKaspersky LabKaspersky Anti-Virus 14.0.0avp.exe [214512 2013-10-11] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:Program FilesMicrosoft Office 15ClientX86OfficeClickToRun.exe [1904368 2016-01-20] (Microsoft Corporation)
S3 defragsvc; C:WindowsSystem32defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт)
S3 GfExperienceService; C:Program FilesNVIDIA CorporationGeForce Experience ServiceGfExperienceService.exe [921208 2015-08-27] (NVIDIA Corporation)
R2 NvNetworkService; C:Program FilesNVIDIA CorporationNetServiceNvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
S3 NvStreamSvc; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamService.exe [4305016 2015-08-27] (NVIDIA Corporation)
S2 pr2ajtsc; C:Windowssystem32pr2ajtsc.exe [411000 2008-03-07] (1C: Multimedia)
R2 WinDefend; C:Program FilesWindows Defendermpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:WindowsSystem32wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 appdrv01; C:WindowsSystem32Driversappdrv01.sys [3110512 2014-08-21] (Protection Technology)
S3 hamachi; C:WindowsSystem32DRIVERShamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 inpout32; C:WindowsSystem32Driversinpout32.sys [11936 2016-02-03] (Highresolution Enterprises [www.highrez.co.uk])
R1 ISODrive; C:Program FilesUltraISOdriversISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
R0 kl1; C:WindowsSystem32DRIVERSkl1.sys [135776 2014-12-14] (Kaspersky Lab ZAO)
S4 klflt; C:WindowsSystem32DRIVERSklflt.sys [94304 2014-12-14] (Kaspersky Lab ZAO)
R1 KLIF; C:WindowsSystem32DRIVERSklif.sys [576608 2014-12-14] (Kaspersky Lab ZAO)
R1 KLIM6; C:WindowsSystem32DRIVERSklim6.sys [25696 2013-10-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:WindowsSystem32DRIVERSklkbdflt.sys [25184 2014-12-14] (Kaspersky Lab ZAO)
R3 klmouflt; C:WindowsSystem32DRIVERSklmouflt.sys [25696 2013-10-11] (Kaspersky Lab ZAO)
R1 klpd; C:WindowsSystem32DRIVERSklpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:WindowsSystem32DRIVERSkltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:WindowsSystem32DRIVERSkneps.sys [144992 2014-12-14] (Kaspersky Lab ZAO)
R0 mountmgr; C:WindowsSystem32driversmountmgr.sys [78208 2010-11-20] (Корпорация Майкрософт)
S3 NvStreamKms; C:Program FilesNVIDIA CorporationNvStreamSrvNvStreamKms.sys [18552 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:WindowsSystem32driversnvvad32v.sys [44840 2015-08-11] (NVIDIA Corporation)
R0 pe3ajtsc; C:WindowsSystem32driverspe3ajtsc.sys [64640 2008-03-07] (1C: Multimedia)
R3 phaudlwr; C:WindowsSystem32DRIVERSphaudlwr.sys [89648 2009-10-20] (Philips Applied Technologies)
R0 ps7ajtsc; C:WindowsSystem32driversps7ajtsc.sys [68744 2008-03-07] (1C: Multimedia)
R3 SPC520; C:WindowsSystem32driversSPC520.sys [483328 2007-10-01] (Philips )
R3 SPC520m; C:WindowsSystem32driversSPC520m.sys [7680 2007-10-01] (Philips )
S3 ssudserd; C:WindowsSystem32DRIVERSssudserd.sys [182680 2013-08-20] (DEVGURU Co., LTD.(http://www.devguru.co.kr))
R0 volmgrx; C:WindowsSystem32driversvolmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт)
S3 BRDriver_1_3_3_E02B25FC; ??C:ProgramDataBitRaidersupport1.3.3E02B25FCBRDriver.sys [X]==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-11 20:19 — 2016-03-11 20:19 — 00000000 ____D C:UsersЮраDesktopLOG
2016-03-11 19:30 — 2016-03-11 19:31 — 00000000 ____D C:UsersЮраDesktopниндзя
2016-03-11 15:15 — 2016-03-11 15:15 — 00610416 _____ (Alex Dragokas) C:UsersЮраDesktopcheck-browsers-lnk_2.0.0.12.exe
2016-03-09 13:52 — 2016-03-09 13:46 — 00043838 _____ C:UsersЮраDesktopAddition_09-03-2016_13-46-03.txt
2016-03-09 13:52 — 2016-03-09 13:39 — 00009274 _____ C:UsersЮраDesktopFixlog_09-03-2016_13-39-59.txt
2016-03-09 13:51 — 2016-03-09 13:49 — 00018150 _____ C:UsersЮраDesktopAdwCleaner[S1].txt
2016-03-09 13:48 — 2016-03-11 20:14 — 00000000 ____D C:Program FilesAdwCleaner
2016-03-09 13:44 — 2016-03-09 13:44 — 01524224 _____ C:UsersЮраDesktopadwcleaner_5.101.exe
2016-03-09 13:39 — 2016-03-09 13:39 — 00009274 _____ C:UsersЮраDesktopFixlog.txt
2016-03-08 10:45 — 2016-03-09 13:46 — 00043838 _____ C:UsersЮраDesktopAddition.txt
2016-03-08 10:44 — 2016-03-11 20:21 — 00017957 _____ C:UsersЮраDesktopFRST.txt
2016-03-08 10:44 — 2016-03-11 20:21 — 00000000 ____D C:FRST
2016-03-08 10:43 — 2016-03-08 10:43 — 01725440 _____ (Farbar) C:UsersЮраDesktopFRST.exe
2016-03-07 19:30 — 2016-03-07 19:35 — 00000000 ____D C:UsersВсе пользователиBitRaider
2016-03-07 19:30 — 2016-03-07 19:35 — 00000000 ____D C:ProgramDataBitRaider
2016-03-07 19:30 — 2016-03-07 19:30 — 00000000 ____D C:Usersް܁ppData
2016-03-07 19:14 — 2016-03-07 19:18 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsPerfect World Entertainment
2016-03-07 19:14 — 2016-03-07 19:16 — 00000000 ____D C:UsersЮраAppDataRoamingArc
2016-03-07 19:13 — 2016-03-07 19:13 — 00999096 _____ (Perfect World Entertainment) C:UsersЮраDownloadsNeverwinter_ArcSetup.exe
2016-03-07 19:13 — 2016-03-07 19:13 — 00000000 ____D C:UsersЮраDownloadsLog
2016-03-07 19:13 — 2016-02-05 20:43 — 10478336 _____ (Perfect World Entertainment) C:UsersЮраDownloadsArcInstall_NW_20151009a.exe
2016-03-07 19:08 — 2016-03-07 19:08 — 00002214 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2016-03-07 19:08 — 2016-03-07 19:08 — 00002202 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2016-03-07 19:07 — 2016-03-11 20:16 — 00000946 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job
2016-03-07 19:07 — 2016-03-11 20:12 — 00000950 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job
2016-03-07 18:20 — 2016-03-07 18:20 — 00000000 ____D C:UsersЮраDownloadsbackups
2016-03-07 17:42 — 2016-03-07 17:42 — 00388608 _____ (Trend Micro Inc.) C:UsersЮраDownloadsHijackThis.exe
2016-03-07 17:06 — 2016-03-07 17:06 — 00987728 _____ (Google Inc.) C:UsersЮраDownloadsChromeSetup.exe
2016-03-07 10:24 — 2016-03-07 10:24 — 00000970 _____ C:UsersЮраDesktopUltraISO.lnk
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:UsersЮраDocumentsMy ISO Files
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsUltraISO
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:Program FilesUltraISO
2016-03-07 10:24 — 2016-03-07 10:24 — 00000000 ____D C:Program FilesCommon FilesEZB Systems
2016-03-07 03:49 — 2016-03-07 10:38 — 00000958 _____ C:WindowsTasksAdobe Flash Player PPAPI Notifier.job
2016-03-07 03:49 — 2016-03-07 10:38 — 00000896 _____ C:WindowsTasksAdobe Flash Player Updater.job
2016-03-07 03:47 — 2016-03-07 04:00 — 00112640 _____ C:UsersЮраAppDataLocalGDIPFONTCACHEV1.DAT
2016-03-07 03:46 — 2016-03-07 03:46 — 00001410 _____ C:UsersЮраAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk
2016-03-06 22:27 — 2016-03-07 10:38 — 00440560 _____ C:Windowssystem32FNTCACHE.DAT
2016-02-20 15:39 — 2016-02-20 15:39 — 00000000 ____D C:UsersЮраAppDataRoamingAC3Filter
2016-02-20 14:19 — 2016-02-20 14:19 — 00000000 ____D C:UsersЮраDocumentsCriterion Games
2016-02-20 13:39 — 2016-02-20 13:39 — 00000000 ___HD C:Program FilesCommon FilesEAInstaller
2016-02-20 12:27 — 2016-03-06 22:39 — 00000000 ____D C:UsersВсе пользователиElectronic Arts
2016-02-20 12:27 — 2016-03-06 22:39 — 00000000 ____D C:ProgramDataElectronic Arts
2016-02-14 09:04 — 2015-11-12 11:50 — 00027040 ____H (LogMeIn, Inc.) C:Windowssystem32hamachi.sys
2016-02-14 09:03 — 2016-02-18 14:48 — 00000000 ____D C:UsersЮраAppDataLocalLogMeIn Hamachi
2016-02-14 09:03 — 2016-02-14 09:03 — 00000000 ____D C:UsersЮраAppDataLocalLogMeIn
2016-02-14 09:03 — 2016-02-14 09:03 — 00000000 ____D C:UsersВсе пользователиLogMeIn
2016-02-14 09:03 — 2016-02-14 09:03 — 00000000 ____D C:ProgramDataLogMeIn
2016-02-14 00:25 — 2016-02-14 00:25 — 00000000 ____D C:UsersЮраAppDataRoamingEurekaLog
2016-02-14 00:25 — 2016-02-14 00:25 — 00000000 _____ C:Windowssystem32Access.dat
2016-02-14 00:23 — 2015-12-21 17:01 — 00043568 _____ (Tunngle.net) C:Windowssystem32Driverstap0901t.sys
2016-02-14 00:12 — 2016-02-20 12:28 — 00000000 ____D C:UsersЮраAppDataRoamingOrigin
2016-02-14 00:11 — 2016-03-06 22:39 — 00000000 ____D C:UsersВсе пользователиOrigin
2016-02-14 00:11 — 2016-03-06 22:39 — 00000000 ____D C:ProgramDataOrigin
2016-02-13 20:15 — 2016-02-13 20:16 — 00000000 ____D C:UsersЮраDocumentsNFS Most Wanted
2016-02-13 20:12 — 2016-02-13 20:12 — 00000000 ____D C:UsersЮраAppDataRoamingNeed for Speed — Most Wanted
2016-02-13 20:12 — 2016-02-13 20:12 — 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsR.G. Mechanics
2016-02-13 12:49 — 2016-02-13 18:56 — 00000000 ____D C:UsersЮраDesktopМаша==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-11 20:18 — 2013-08-14 19:59 — 00000000 ____D C:UsersВсе пользователиKaspersky Lab
2016-03-11 20:18 — 2013-08-14 19:59 — 00000000 ____D C:ProgramDataKaspersky Lab
2016-03-11 20:18 — 2013-08-14 18:54 — 00000000 ____D C:UsersЮраAppDataRoaminguTorrent
2016-03-11 20:16 — 2013-08-14 18:29 — 00000000 ____D C:UsersВсе пользователиNVIDIA
2016-03-11 20:16 — 2013-08-14 18:29 — 00000000 ____D C:ProgramDataNVIDIA
2016-03-11 20:16 — 2009-07-14 06:53 — 00000006 ____H C:WindowsTasksSA.DAT
2016-03-11 20:14 — 2013-08-14 18:23 — 00000000 ____D C:UsersЮра
2016-03-11 20:06 — 2013-08-14 18:59 — 00000000 ____D C:UsersЮраAppDataRoamingAIMP3
2016-03-11 15:44 — 2013-08-14 18:51 — 00000000 ____D C:UsersЮраAppDataRoamingSkype
2016-03-11 13:33 — 2009-07-14 06:34 — 00026256 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-11 13:33 — 2009-07-14 06:34 — 00026256 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-10 22:07 — 2014-02-22 20:51 — 00000000 ____D C:UsersЮраAppDataRoamingMumble
2016-03-09 13:39 — 2013-08-15 09:40 — 00000000 ____D C:UsersЮраAppDataLocalLowTemp
2016-03-07 19:39 — 2009-07-14 04:37 — 00000000 ____D C:Windowsinf
2016-03-07 19:18 — 2013-08-14 19:45 — 00000000 ___RD C:UsersЮраDesktopИгры
2016-03-07 19:14 — 2014-04-09 15:02 — 00000000 ___HD C:Program FilesInstallShield Installation Information
2016-03-07 19:08 — 2013-08-14 18:52 — 00000000 ____D C:UsersЮраAppDataLocalGoogle
2016-03-07 19:07 — 2014-05-07 13:54 — 00000000 ____D C:Program FilesGoogle
2016-03-07 17:01 — 2014-07-01 15:27 — 00000000 ____D C:Program FilesSteam
2016-03-07 16:52 — 2013-08-14 18:32 — 00000000 ____D C:UsersЮраAppDataLocalOpera Software
2016-03-07 16:52 — 2013-08-14 18:32 — 00000000 ____D C:Program FilesOpera
2016-03-07 14:59 — 2013-09-07 22:09 — 00000000 ____D C:UsersЮраAppDataLocalElevatedDiagnostics
2016-03-07 03:49 — 2014-08-20 12:34 — 00000000 ____D C:UsersЮраAppDataLocalAdobe
2016-03-07 03:49 — 2013-08-14 19:28 — 00796864 _____ (Adobe Systems Incorporated) C:Windowssystem32FlashPlayerApp.exe
2016-03-07 03:49 — 2013-08-14 19:28 — 00142528 _____ (Adobe Systems Incorporated) C:Windowssystem32FlashPlayerCPLApp.cpl
2016-03-06 22:43 — 2014-11-12 16:28 — 00000000 ____D C:Program Files360
2016-03-06 22:35 — 2009-07-14 06:52 — 00000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsGames
2016-03-06 21:35 — 2015-09-09 11:10 — 00000000 ____D C:Program FilesCommon FilesAV
2016-03-05 17:38 — 2015-06-03 22:17 — 00000000 ____D C:UsersЮраAppDataLocalBattle.net
2016-03-04 14:12 — 2015-12-28 20:37 — 00000133 _____ C:UsersЮраDesktopцитаты.txt
2016-03-04 13:49 — 2013-08-14 18:51 — 00000000 ____D C:UsersВсе пользователиSkype
2016-03-04 13:49 — 2013-08-14 18:51 — 00000000 ____D C:ProgramDataSkype
2016-03-02 08:16 — 2015-06-03 22:17 — 00000000 ____D C:UsersЮраAppDataRoamingBattle.net
2016-03-02 08:16 — 2015-06-03 22:15 — 00000000 ____D C:UsersВсе пользователиBattle.net
2016-03-02 08:16 — 2015-06-03 22:15 — 00000000 ____D C:ProgramDataBattle.net
2016-02-27 13:20 — 2009-07-14 04:37 — 00000000 ____D C:Windowssystem32NDF
2016-02-23 04:50 — 2015-06-06 14:33 — 00000000 ____D C:UsersВсе пользователиregid.1991-06.com.microsoft
2016-02-23 04:50 — 2015-06-06 14:33 — 00000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2016-02-23 04:50 — 2013-08-25 23:10 — 00000000 ____D C:UsersВсе пользователиMicrosoft Help
2016-02-23 04:48 — 2015-06-06 14:31 — 00000000 ____D C:Program FilesMicrosoft Office 15
2016-02-20 15:36 — 2013-08-14 19:16 — 00000000 ____D C:UsersЮраAppDataRoamingMicrosoftWindowsStart MenuProgramsGames
2016-02-18 14:48 — 2014-11-12 17:46 — 00000000 __SHD C:UsersВсе пользователи360Quarant
2016-02-18 14:48 — 2014-11-12 17:46 — 00000000 __SHD C:ProgramData360Quarant
2016-02-18 14:48 — 2014-11-12 16:45 — 00000000 __SHD C:$360Section
2016-02-15 08:15 — 2014-11-12 16:41 — 00000000 ____D C:WindowsTasks360Disabled
2016-02-14 09:36 — 2015-11-19 17:56 — 00000000 ____D C:UsersЮраAppDataRoamingTunngle
2016-02-14 00:11 — 2014-02-23 23:15 — 00000000 ____D C:UsersВсе пользователиPackage Cache
2016-02-14 00:11 — 2014-02-23 23:15 — 00000000 ____D C:ProgramDataPackage Cache
2016-02-13 12:53 — 2013-08-14 18:28 — 01648658 _____ C:Windowssystem32PerfStringBackup.INI
2016-02-13 12:53 — 2009-07-14 10:41 — 00724852 _____ C:Windowssystem32perfh019.dat
2016-02-13 12:53 — 2009-07-14 10:41 — 00149680 _____ C:Windowssystem32perfc019.dat==================== Files in the root of some directories =======
2014-08-12 22:01 — 2014-08-12 22:01 — 0000040 _____ () C:Program Files{AACE8122-B27D-421C-A5BB-95060941AFD7}.sys
2013-12-19 00:52 — 2015-03-24 02:52 — 0000107 _____ () C:UsersЮраAppDataRoamingWB.CFG
2014-02-23 23:19 — 2014-02-23 23:19 — 0000000 ___SH () C:UsersЮраAppDataLocalLumaEmu
2015-07-08 11:48 — 2015-07-08 11:48 — 0000017 _____ () C:UsersЮраAppDataLocalresmon.resmoncfgSome files in TEMP:
====================
C:UsersЮраAppDataLocalTempsqlite3.dll==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:Windowsexplorer.exe => File is digitally signed
C:Windowssystem32winlogon.exe => File is digitally signed
C:Windowssystem32wininit.exe => File is digitally signed
C:Windowssystem32svchost.exe => File is digitally signed
C:Windowssystem32services.exe => File is digitally signed
C:Windowssystem32User32.dll => File is digitally signed
C:Windowssystem32userinit.exe => File is digitally signed
C:Windowssystem32rpcss.dll => File is digitally signed
C:Windowssystem32dnsapi.dll => File is digitally signed
C:Windowssystem32Driversvolsnap.sys => File is digitally signedLastRegBack: 2016-03-09 13:32
==================== End of FRST.txt ============================
Запустите AdwCleaner снова. Выполните сканирование, когда этот процесс завершиться нажмите Очистка.
После окончания очистки закройте программу.Перезагрузите компьютер. Запустите AdwCleaner, кликнув по ней правой клавишей мыши и выбрав «Запустить от имени администратора».
Нажмите кнопку «Сканировать» и дождитесь окончания процесса. Когда сканирование закончиться, закройте программу и найдите отчет о сканировании.
Он находиться в папке C:AdwCleaner и имеет имя AdwCleaner[S3]. Так же в папке будет находиться файл с результатами лечения компьютера. Он имеет имя вида AdwCleaner[C1].
Прикрепите оба отчета к своему следующему сообщению.Скачайте программу ClearLNK кликнув по этой ссылке.
Скопируйте в буфер обмена следующий текст (выделите его и нажмите CTRL + C)
>>> [MASK] "C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarGооglе Сhrоmе.lnk" -> ["C:WindowsSystem32cmd.exe"] -> (302592 байт) (MD5: AD7B9C14083B52BC532FBA5948342B98) -> (PE EXE) -> (Автор: Microsoft Corporation) (ЭЦП: сертификат. Легитимна? да)
>>> [MASK] "C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarОреrа.lnk" -> ["C:WindowsSystem32cmd.exe"] -> (302592 байт) (MD5: AD7B9C14083B52BC532FBA5948342B98) -> (PE EXE) -> (Автор: Microsoft Corporation) (ЭЦП: сертификат. Легитимна? да)
>>> [script][MASK] "C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle ChromeGооglе Сhrоmе.lnk" -> ["C:Program FilesGoogleChromechrome.bat"] -> start "" /I /B /D "c:PROGRA~1googlechromeAPPLIC~1" "c:PROGRA~1googlechromeAPPLIC~1chrome.exe" hxxp://searclhs-pak.ru (MD5:724A7F52E1042D94E966F936A52E9A52)
>>> [script] "C:UsersЮраDesktopИгрыStаr Wаrs - Thе Оld Rерubliс.lnk" -> ["D:OldGAMESStar Wars-The Old Republiclauncher.bat"] -> start "" /I /B /D "d:oldgamesSTARWA~1" "d:oldgamesSTARWA~1launcher.exe" hxxp://searclhs-pak.ru (MD5:11DC6C92A00BC8A58FF72D7195CE1E8D)
>>> [script] "C:ProgramDataMicrosoftWindowsStart MenuProgramsEABioWareStar Wars - The Old RepublicStаr Wаrs - Thе Оld Rерubliс.lnk" -> ["D:OldGAMESStar Wars-The Old Republiclauncher.bat"] -> start "" /I /B /D "d:oldgamesSTARWA~1" "d:oldgamesSTARWA~1launcher.exe" hxxp://searclhs-pak.ru (MD5:11DC6C92A00BC8A58FF72D7195CE1E8D)
Запустите ClearLNK и нажмите кнопку Вставить из буфера обмена. Затем нажмите кнопку Лечить. Когда лечение ярлыков будет завершено откроется каталог в котором находится лог файл ClearLNK-[Дата-время]. Щелкните по нему дважды и его содержимое откроется в Блокноте, скопируйте и вставьте его в ваше следующее сообщение.
ClearLNK by Alex Dragokas ver. 2.9.0.1 Alpha
OS: x32 Windows 7 Ultimate, 6.1.7601, Service Pack: 1
Time: 13.03.2016 — 10:49
Language: OS: RU (0x419). Display: RU (0x419). Non-Unicode: RU (0x419)
Elevated: Yes
User: Юра (group: Administrator)_____________________________ Начало лога ______________________________
[ OK ] 2 «c:UsersЮраAppDataRoamingmicrosoftinternet explorerquick launchuser pinnedTaskBarGoogle Chrome.LNK» -> [ «C:Program FilesGoogleChromeApplicationchrome.exe» ] (иконка восстановлена)
[ OK ] 4 «c:programdatamicrosoftWindowsstart menuProgramsgoogle chromeGoogle Chrome.LNK» -> [ «C:Program FilesGoogleChromeApplicationchrome.exe» ] (Метод R5-A2) (ОК)
[ OK ] 5 «C:UsersЮраDesktopИгрыStаr Wаrs — Thе Оld Rерubliс.lnk» -> [ «D:OldGAMESStar Wars-The Old Republiclauncher.exe» ] (Метод R4.2-S) (ОК)
[ OK ] 6 «C:ProgramDataMicrosoftWindowsStart MenuProgramsEABioWareStar Wars — The Old RepublicStаr Wаrs — Thе Оld Rерubliс.lnk» -> [ «D:OldGAMESStar Wars-The Old Republiclauncher.exe» ] (Метод R4.2-S) (ОК)
[DEL ] 1 «C:UsersЮраAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarGооglе Сhrоmе.lnk» (уже существует под именем: Google Chrome.LNK)
[DEL ] 3 «c:usersюраappdataroamingmicrosoftinternet explorerquick launchuser pinnedtaskbarOpera.LNK» (цель не восстановлена)_________________________ Расположение иконок ________________________
[ OK ] «c:usersюраappdataroamingmicrosoftinternet explorerquick launchuser pinnedtaskbarGoogle Chrome.LNK» -> [ «.», index=1 ] <- "C:Program FilesGoogleChromeApplicationchrome.exe", index=0 (Метод: 6)
КлинерЛК[ OK ] «c:programdatamicrosoftwindowsstart menuprogramsgoogle chromeGoogle Chrome.LNK» -> [ «.», index=1 ] <- "C:UsersЮраAppDataRoamingHomepagericonsсhrоmе.ехе", index=0 (Метод: 1)
[ OK ] «C:UsersЮраDesktopИгрыStаr Wаrs — Thе Оld Rерubliс.lnk» -> [ «.», index=1 ] <- "C:UsersЮраAppDataRoamingHomepagericonslаunсhеr.ехе", index=0 (Метод: 1)
[ OK ] «C:ProgramDataMicrosoftWindowsStart MenuProgramsEABioWareStar Wars — The Old RepublicStаr Wаrs — Thе Оld Rерubliс.lnk» -> [ «.», index=1 ] <- "C:UsersЮраAppDataRoamingHomepagericonslаunсhеr.ехе", index=0 (Метод: 1) ______________________________ Статистика ______________________________
Лечение запущено: 1 раз за сегодня.Всего обработано: 5
Исправлено: 4
Удалено: 2
Переименовано: 2
____________________________ Конец отчета ____________________________CRC32: 431F68C4АдвКлинер не нашел никаких вредоносных программ
@Mertyk4917 wrote:
АдвКлинер не нашел никаких вредоносных программ
Вы в этой программе нажимали кнопку Очистить ?
Как сейчас работает компьютер ?
после сканирования там даже не высветилась кнопка очистить.
Реклама ушла, но комп стал тяжелее думать.@Mertyk4917 wrote:
после сканирования там даже не высветилась кнопка очистить.
Откройте папку C:AdwCleaner, если там есть файл AdwCleaner[C1], то вставьте его в ваш ответ.
@Mertyk4917 wrote:
Реклама ушла, но комп стал тяжелее думать.
Как это проявляется ?
Скачайте программу Malwarebytes Anti-malware (MBAM). Запустите и выполните сканирование вашего компьютера. Когда сканирование будет завершено не нажимайте кнопку Удалить выбранное. Справа от неё кликните по надписи Сохранить результаты, откроется небольшое меню. Выберите Текстовой файл. Введите имя файла и сохраните его на ваш рабочий стол. Содержимое этого файла вставьте в ваше следующее сообщение.
- Для ответа в этой теме необходимо авторизоваться.
