• Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы

SPYWARE-RU.COM
Меню
  • Инструкции
    • Как использовать
      • Программы
    • Как удалить
      • Шпионское и рекламное ПО (adware и spyware)
      • Поддельное антиспайваре
      • Руткиты
      • Трояны
      • Кейлоггеры
  • Скачать программы
  • Вопросы и Ответы
  • Форумы
В начало
Adguard
 

Rizat

  • Профиль
  • Начатые темы
  • Созданные ответы
  • Engagements
  • Избранное

Созданные ответы форума

Просмотр 4 сообщений - с 1 по 4 (из 4 всего)
  • Автор
    Сообщения
  • 31 августа, 2016 в 2:21 дп в ответ на: Здравствуйте! Просто никак не удаляется стартовая страница time-to-read.ru #52187
    Rizat
    Participant
    • Темы:1
    • Сообщений:5
    • ☆

    ComboFix 16-08-31.01 — Rizat 31.08.2016 14:09:16.1.8 — x64
    Microsoft Windows 7 Максимальная 6.1.7601.1.1251.7.1049.18.16345.13533 [GMT 6:00]
    Running from: c:\users\Rizat\Downloads\ComboFix.exe
    AV: 360 Total Security *Disabled/Updated* {0371CA44-3F80-A1D3-BECE-910620B58D50}
    FW: COMODO Firewall *Enabled* {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
    SP: 360 Total Security *Disabled/Updated* {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}
    SP: Comodo Defense+ *Enabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\BD8F.tmp
    c:\programdata\ntuser.pol
    c:\users\Rizat\AppData\Local\Downloader.exe
    c:\users\Rizat\AppData\Roaming\DRPSu
    c:\users\Rizat\AppData\Roaming\DRPSu\diagnostics\hardware.json
    c:\users\Rizat\AppData\Roaming\DRPSu\diagnostics\localdiagnostics.json
    c:\users\Rizat\AppData\Roaming\DRPSu\diagnostics\soft
    c:\users\Rizat\AppData\Roaming\DRPSu\diagnostics\soft.json
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Acer-WinAll-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Atheros-FORCED-7×64-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Etron-FORCED-Allx64-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Genesys-FORCED-7×64-4.1.1.0-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-Chipset-NTx64-10.1.1.14-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-HECI-NTx64-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-Intel_1.0.10.255-FORCED-7×64-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-Intel_Chipset_9.3.0-FORCED-5×64-USB-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-Intel_Chipset_9.3.0-FORCED-8×64-USB-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-WinAll-Chipset-9.3.0.1011_HDA-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Intel-WinAll-Chipset-9.3.2.1020_NEW-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Logitech-FORCED-Allx64-SetPoint-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Nuvoton-FORCED-7×64-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\nVidia-FORCED-6Xx64-364.72-Display.Driver-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\nVidia-WinAll-nVidia_1.3.34.4-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\Realtek-FORCED-NTx64-51xx_10.0.10586.31222-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\DRIVERS\VIA-FORCED-7×64-6.0.11.1100-drp.zip
    c:\users\Rizat\AppData\Roaming\DRPSu\Logs\log___2016-05-08-18-06-23.html
    c:\users\Rizat\AppData\Roaming\DRPSu\Logs\log___2016-05-08-18-06-32.html
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_11914.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_16404.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_19804.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_27145.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_28109.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_32905.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_41346.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_42066.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_4784.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_48010.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_71425.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_786.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_85910.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_88239.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_90301.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_90947.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_95196.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\devcon_95402.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\installing_35405.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\installing_53569.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\installing_65119.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\installing_70385.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\installing_77869.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_11914.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_16404.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_19804.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_27145.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_28109.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_32905.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_41346.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_42066.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_4784.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_48010.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_71425.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_786.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_85910.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_88239.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_90301.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_90947.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_95196.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\log_zip_file_95402.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_11914.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_16404.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_19804.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_27145.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_28109.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_32905.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_41346.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_42066.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_4784.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_48010.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_71425.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_786.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_85910.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_88239.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_90301.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_90947.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_95196.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\unzipping_95402.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_11914.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_16404.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_1937.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_19804.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_27145.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_28109.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_32905.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_33962.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_3510.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_35405.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_3544.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_41346.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_42066.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_4784.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_48010.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_53569.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_56797.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_65119.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_65124.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_70385.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_71425.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_76175.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_77869.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_786.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_83092.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_85910.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_88239.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_90301.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_90947.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_95196.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_95402.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_finished_96143.txt
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_11914.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_16404.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_1937.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_19804.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_27145.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_28109.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_28293.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_32905.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_33962.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_3510.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_35405.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_3544.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_41346.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_42066.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_4784.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_48010.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_53569.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_56797.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_65119.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_65124.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_70385.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_71425.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_76175.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_77869.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_786.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_83092.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_85910.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_88239.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_90301.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_90947.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_95196.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_95402.log
    c:\users\Rizat\AppData\Roaming\DRPSu\temp\wget_log_96143.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-07-28 to 2016-08-31 )))))))))))))))))))))))))))))))
    .
    .
    2016-08-31 08:14 . 2016-08-31 08:14 ——— d——w- c:\users\Администратор\AppData\Local\temp
    2016-08-31 08:14 . 2016-08-31 08:14 ——— d——w- c:\users\Default\AppData\Local\temp
    2016-08-31 07:54 . 2016-08-31 07:56 ——— d——w- c:\users\Rizat\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
    2016-08-31 07:54 . 2016-08-31 08:04 ——— d——w- c:\program files\Plumbytes Software
    2016-08-30 20:00 . 2016-08-30 20:00 ——— d——w- c:\programdata\Mail.Ru
    2016-08-30 13:05 . 2016-08-30 13:05 ——— d——w- c:\users\Rizat\AppData\Local\Вoйти в Интeрнет
    2016-08-30 13:04 . 2016-08-30 19:58 ——— d——w- c:\program files (x86)\Mail.Ru
    2016-08-30 13:01 . 2016-08-30 13:01 ——— d——w- c:\users\Rizat\AppData\Local\Поиcк в Интeрнете
    2016-08-30 13:00 . 2016-08-30 19:59 ——— d——w- c:\users\Rizat\AppData\Roaming\GameLauncher
    2016-08-28 15:16 . 2016-08-28 15:16 ——— d——w- c:\program files (x86)\Skillbrains
    2016-08-23 15:08 . 2016-08-23 15:08 ——— d——w- c:\windows\Trend Micro
    2016-08-23 15:08 . 2016-08-23 15:08 ——— d——w- c:\programdata\Trend Micro
    2016-08-23 15:06 . 2016-08-23 15:07 316168 —-a-w- c:\windows\system32\drivers\tmcomm.sys
    2016-08-23 14:36 . 2016-08-26 10:34 ——— d——w- C:\FRST
    2016-08-23 13:58 . 2016-08-23 13:58 ——— d——w- c:\program files\HitmanPro
    2016-08-23 13:58 . 2016-08-23 14:02 ——— d——w- c:\programdata\HitmanPro
    2016-08-21 08:39 . 2016-08-21 08:41 ——— d——w- c:\users\Rizat\AppData\Roaming\DJIAssistant2
    2016-08-21 08:39 . 2016-08-21 08:39 ——— d——w- c:\users\Rizat\AppData\Roaming\Electron
    2016-08-21 08:39 . 2016-08-21 08:39 ——— d——w- c:\users\Rizat\AppData\Roaming\DJI Assistant 2
    2016-08-19 20:07 . 2016-08-19 20:07 165472 —-a-w- c:\windows\system32\drivers\rxfcv.sys
    2016-08-19 20:07 . 2016-08-19 20:11 ——— d——w- c:\program files\PrimoCache
    2016-08-19 20:00 . 2016-08-19 20:00 ——— d——w- c:\program files\VS Revo Group
    2016-08-19 12:28 . 2016-08-30 19:56 192216 —-a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-08-19 12:28 . 2016-08-19 12:28 ——— d——w- c:\program files (x86)\Malwarebytes Anti-Malware
    2016-08-19 12:28 . 2016-08-19 12:28 64896 —-a-w- c:\windows\system32\drivers\mwac.sys
    2016-08-19 12:28 . 2016-08-19 12:28 27008 —-a-w- c:\windows\system32\drivers\mbam.sys
    2016-08-19 12:28 . 2016-08-19 12:28 140672 —-a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-08-19 12:28 . 2016-08-19 12:28 ——— d——w- c:\programdata\Malwarebytes
    2016-08-19 11:55 . 2016-08-30 19:58 ——— d——w- C:\AdwCleaner
    2016-08-16 18:35 . 2016-08-30 13:04 ——— d——w- c:\users\Rizat\AppData\Local\Unity
    2016-08-09 06:53 . 2016-08-09 06:53 ——— d——w- c:\program files (x86)\UltraISO
    2016-08-09 06:53 . 2016-08-09 06:53 ——— d——w- c:\program files (x86)\Common Files\EZB Systems
    2016-08-05 13:31 . 2016-08-05 13:31 ——— d——w- c:\users\Rizat\AppData\Roaming\Artiom N
    2016-08-03 10:27 . 2016-08-03 10:27 ——— d——w- c:\program files (x86)\Common Files\Java
    2016-08-02 07:07 . 2016-08-02 07:07 ——— d——w- c:\users\Rizat\Tracing
    2016-08-02 07:07 . 2016-08-20 20:10 ——— d——w- c:\users\Rizat\AppData\Roaming\Skype
    2016-08-02 07:07 . 2016-08-02 07:07 ——— d——w- c:\program files (x86)\Common Files\Skype
    2016-08-02 07:07 . 2016-08-02 07:07 ——— d——r- c:\program files (x86)\Skype
    2016-08-02 07:07 . 2016-08-02 07:07 ——— d——w- c:\programdata\Skype
    2016-08-01 10:51 . 2016-08-01 10:51 ——— d——w- c:\users\Rizat\AppData\Roaming\Corel
    2016-08-01 10:49 . 2016-08-01 10:49 ——— d——w- c:\program files\Corel
    2016-08-01 10:41 . 2016-08-01 10:41 ——— d——w- c:\users\Rizat\AppData\Local\Disc_Soft_Ltd
    2016-08-01 09:25 . 2016-08-25 13:20 ——— d——w- c:\users\Rizat\ColorWheel Harmony
    2016-08-01 09:25 . 2016-08-01 09:25 ——— d——w- c:\users\Rizat\AppData\Roaming\CWH___
    2016-08-01 09:25 . 2016-08-01 09:25 ——— d——w- c:\program files (x86)\ColorWheel Harmony
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-08-21 08:41 . 2016-01-17 06:33 33280 —-a-w- c:\windows\system32\drivers\usbser.sys
    2016-08-08 06:04 . 2016-05-08 13:03 391392 —-a-w- c:\windows\system32\drivers\360fsflt.sys
    2016-08-08 06:04 . 2016-05-08 13:03 330472 —-a-w- c:\windows\system32\drivers\360Box64.sys
    2016-08-08 06:04 . 2016-05-08 13:03 190696 —-a-w- c:\windows\system32\drivers\BAPIDRV64.SYS
    2016-08-08 06:04 . 2016-05-08 13:03 86248 —-a-w- c:\windows\system32\drivers\360AvFlt.sys
    2016-08-05 12:12 . 2016-05-08 11:27 796352 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2016-08-05 12:12 . 2016-05-08 11:27 142528 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2016-08-03 10:27 . 2016-05-08 11:27 97856 —-a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2016-07-17 13:07 . 2012-07-17 12:12 62784 —-a-w- c:\windows\system32\drivers\HECIx64.sys
    2016-07-10 06:32 . 2016-06-15 01:12 116248 —-a-w- c:\windows\system32\drivers\inspect.sys
    2016-07-10 06:32 . 2016-06-15 01:12 56472 —-a-w- c:\windows\system32\drivers\cmdhlp.sys
    2016-07-10 06:32 . 2016-06-15 01:12 829600 —-a-w- c:\windows\system32\drivers\cmdguard.sys
    2016-07-10 06:32 . 2016-06-15 01:12 31648 —-a-w- c:\windows\system32\drivers\cmderd.sys
    2016-07-10 06:30 . 2016-06-15 01:08 51800 —-a-w- c:\windows\system32\cmdcsr.dll
    2016-07-10 06:30 . 2016-06-15 01:08 642976 —-a-w- c:\windows\SysWow64\guard32.dll
    2016-07-10 06:30 . 2016-06-15 01:08 813824 —-a-w- c:\windows\system32\guard64.dll
    2016-07-10 06:28 . 2016-06-15 01:04 365752 —-a-w- c:\windows\system32\cmdvrt64.dll
    2016-07-10 06:27 . 2016-06-15 01:02 51896 —-a-w- c:\windows\system32\cmdkbd64.dll
    2016-07-10 06:25 . 2016-06-15 00:58 296120 —-a-w- c:\windows\SysWow64\cmdvrt32.dll
    2016-07-10 06:24 . 2016-06-15 00:57 46776 —-a-w- c:\windows\SysWow64\cmdkbd32.dll
    2016-06-29 03:21 . 2016-05-08 13:03 77904 —-a-w- c:\windows\SysWow64\drivers\360AvFlt.sys
    2016-06-29 03:21 . 2016-05-08 13:03 151784 —-a-w- c:\windows\system32\drivers\360AntiHacker64.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @=»{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @=»{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @=»{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @=»{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @=»{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @=»{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @=»{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @=»{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 211264 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.34.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    «ecftmvavzj»=»explorer http://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816» [?]
    «CCleaner Monitoring»=»c:\program files\CCleaner\CCleaner64.exe» [2016-08-01 8698584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    «QHSafeTray»=»c:\program files (x86)\360\Total Security\safemon\QHSafeTray.exe» [2016-08-10 1840552]
    «Lightshot»=»c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe» [2016-08-28 225944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    «ConsentPromptBehaviorAdmin»= 0 (0x0)
    «ConsentPromptBehaviorUser»= 3 (0x3)
    «EnableLUA»= 0 (0x0)
    «EnableUIADesktopToggle»= 0 (0x0)
    «PromptOnSecureDesktop»= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    «LoadAppInit_DLLs»=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=»»
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=»»
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
    R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
    R3 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
    S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
    S1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
    S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
    .
    .
    Contents of the ‘Scheduled Tasks’ folder
    .
    2016-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    — c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-08 12:12]
    .
    2016-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    — c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-08-19 12:14]
    .
    2016-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    — c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-08-19 12:14]
    .
    2016-08-31 c:\windows\Tasks\update-S-1-5-21-3268784079-3559336630-2915385002-1000.job
    — c:\program files (x86)\Skillbrains\Updater\Updater.exe [2016-08-28 08:53]
    .
    2016-08-31 c:\windows\Tasks\update-sys.job
    — c:\program files (x86)\Skillbrains\Updater\Updater.exe [2016-08-28 08:53]
    .
    .
    ——— X64 Entries ————
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @=»{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @=»{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @=»{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @=»{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @=»{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @=»{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @=»{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @=»{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}»
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2016-06-13 20:10 255296 —-a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.34.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    «COMODO Internet Security»=»c:\program files\COMODO\COMODO Internet Security\cistray.exe» [2016-07-12 1610936]
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = hxxp://ovgorskiy.ru
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Экспорт в Microsoft Excel — c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.100.1
    FF — ProfilePath — c:\users\Rizat\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
    FF — prefs.js: browser.startup.homepage — hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816
    .
    .
    ——————— LOCKED REGISTRY KEYS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @=»FlashBroker»
    «LocalizedString»=»@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    «Enabled»=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @=»c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @=»IFlashBroker6″
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @=»{00020424-0000-0000-C000-000000000046}»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
    «Version»=»1.0″
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @=»FlashBroker»
    «LocalizedString»=»@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    «Enabled»=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @=»c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @=»Shockwave Flash Object»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @=»c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx»
    «ThreadingModel»=»Apartment»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @=»0″
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @=»ShockwaveFlash.ShockwaveFlash.22″
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @=»c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1″
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @=»{D27CDB6B-AE6D-11cf-96B8-444553540000}»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @=»1.0″
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @=»ShockwaveFlash.ShockwaveFlash»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @=»Macromedia Flash Factory Object»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @=»c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx»
    «ThreadingModel»=»Apartment»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @=»FlashFactory.FlashFactory.1″
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @=»c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1″
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @=»{D27CDB6B-AE6D-11cf-96B8-444553540000}»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @=»1.0″
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @=»FlashFactory.FlashFactory»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @=»IFlashBroker6″
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @=»{00020424-0000-0000-C000-000000000046}»
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @=»{FAB3E735-69C7-453B-A446-B6823C6DF1C9}»
    «Version»=»1.0»
    .
    [HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
    «SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmdAgent\Mode\Configurations]
    «SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmdAgent\Mode\Data]
    «SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmdAgent\Mode\Options]
    «SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog\System\RxDeliveryStamp\{57C7DD3D-2E9C-4F3B-A270-391E8AEDF0C4}\Parameter****0D411D579080]
    @Allowed: (B 1 4 5 6) (Administrators)
    «DataA»=hex:01,17,43,66,c0,ad,a4,01,0f,c5,35,b9,9e,38,ac,08,a9,51,cb,e7,82,ff,
    d1,01,bf,51,84,01,80,f8,ff,ff
    .
    [HKEY_LOCAL_MACHINE\system\Software\COMODO\Cam]
    «SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro]
    «SymbolicLinkValue»=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
    .
    Completion time: 2016-08-31 14:16:43
    ComboFix-quarantined-files.txt 2016-08-31 08:16
    .
    Pre-Run: 90 654 339 072 байт свободно
    Post-Run: 90 528 894 976 байт свободно
    .
    — — End Of File — — 792D407039EC8B1504BAECEED62B1175
    A36C5E4F47E84449FF07ED3517B43A31

    26 августа, 2016 в 4:39 дп в ответ на: Здравствуйте! Просто никак не удаляется стартовая страница time-to-read.ru #52039
    Rizat
    Participant
    • Темы:1
    • Сообщений:5
    • ☆

    Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
    Ran by Rizat (26-08-2016 16:29:29) Run:3
    Running from C:\Users\Rizat\Downloads
    Loaded Profiles: Rizat (Available Profiles: Rizat & Администратор)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    GroupPolicyScripts: Restriction < ======= ATTENTION
    FF Homepage: hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816
    CHR HomePage: Default -> hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=20160816
    CHR StartupUrls: Default -> «hxxp://tmutara.ru/?utm_content=49f4c593a4d99a0a30351a0448198d82&utm_source=startpm&utm_term=6B1CC39B212BFFC5CF9F18CE7540FC79&utm_d=2016081
    Task: {21B2627D-F789-43B9-9FD9-B6CD0C206AA3} — System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo «C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs»
    Task: {9D29E280-E661-48B8-805A-A706ED4EA617} — System32\Tasks\PrimoCacheTrialReset-System => D:\12\PrimoCache 2.2.0\medicine\FancyCtR.nolock.exe [2016-08-20] ()
    EmptyTemp:
    Reboot:
    *****************

    Restore point was successfully created.
    «C:\Windows\system32\GroupPolicy\Machine» => not found.
    Firefox «homepage» removed successfully
    Chrome HomePage => removed successfully
    Chrome StartupUrls => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21B2627D-F789-43B9-9FD9-B6CD0C206AA3} => key not found.
    C:\Windows\System32\Tasks\USER_ESRV_SVC_WILLAMETTE => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\USER_ESRV_SVC_WILLAMETTE => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D29E280-E661-48B8-805A-A706ED4EA617} => key not found.
    C:\Windows\System32\Tasks\PrimoCacheTrialReset-System => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PrimoCacheTrialReset-System => key not found.

    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13657416 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 0 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 8635600 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 0 B
    NetworkService => 0 B
    Rizat => 1189307 B
    Администратор => 0 B

    RecycleBin => 181036 B
    EmptyTemp: => 22.6 MB temporary data Removed.

    ================================

    The system needed a reboot.

    ==== End of Fixlog 16:29:37 ====

    Вложения:
    You must be logged in to view attached files.
    25 августа, 2016 в 4:09 дп в ответ на: Здравствуйте! Просто никак не удаляется стартовая страница time-to-read.ru #51990
    Rizat
    Participant
    • Темы:1
    • Сообщений:5
    • ☆

    Кстати, проблема осталась(((

    25 августа, 2016 в 3:56 дп в ответ на: Здравствуйте! Просто никак не удаляется стартовая страница time-to-read.ru #51986
    Rizat
    Participant
    • Темы:1
    • Сообщений:5
    • ☆

    C:\Users\Rizat\Downloads\jxpiinstall.exe => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\mbam-clean-2.3.0.1001.exe» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\mbam-clean-2.3.0.1001.exe => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\mbam-setup-2.2.1.1043(1).exe» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\mbam-setup-2.2.1.1043(1).exe => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\MultiPackFull.exe» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\MultiPackFull.exe => «:$CmdZnID» ADS removed successfully.
    C:\Users\Rizat\Downloads\preview (1).mp3 => «:$CmdZnID» ADS removed successfully.
    C:\Users\Rizat\Downloads\preview.mp3 => «:$CmdZnID» ADS removed successfully.
    C:\Users\Rizat\Downloads\PWN9zaHiLvY.jpg => «:$CmdZnID» ADS removed successfully.
    C:\Users\Rizat\Downloads\R.saver_2.5.1.zip => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\RecoveRx_v3.2.exe» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\RecoveRx_v3.2.exe => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\Resume1a.docx» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\Resume1a.docx => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\revosetup.exe» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\revosetup.exe => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\Runtime GetDataBack for NTFS — FAT v4.33 Final Ml_Rus.rar» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\Runtime GetDataBack for NTFS — FAT v4.33 Final Ml_Rus.rar => «:$CmdZnID» ADS removed successfully.
    C:\Users\Rizat\Downloads\Skrillex — Right In.mp3 => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\SkypeSetup.exe» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\SkypeSetup.exe => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\StoreJet Firmware Update utility.exe» => «:$CmdTcID» ADS not found.
    «C:\Users\Rizat\Downloads\StoreJet Firmware Update utility.zip» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\StoreJet Firmware Update utility.zip => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\TEAM FURY GAMING COMMUNITY.mp4» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\TEAM FURY GAMING COMMUNITY.mp4 => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\testdisk-7.0.win.zip» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\testdisk-7.0.win.zip => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\TranscendElite.exe» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\TranscendElite.exe => «:$CmdZnID» ADS removed successfully.
    C:\Users\Rizat\Downloads\Tritonal feat. Phoebe Ryan — Now Or Never (Original Mix).mp3 => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\UltraISO_XCV_Edition_9362750.exe» => «:$CmdTcID» ADS not found.
    «C:\Users\Rizat\Downloads\UltraISO_XCV_Edition_9362750.exe» => «:$CmdZnID» ADS not found.
    C:\Users\Rizat\Downloads\videoplayback (1).mp4 => «:$CmdZnID» ADS removed successfully.
    C:\Users\Rizat\Downloads\videoplayback.mp4 => «:$CmdZnID» ADS removed successfully.
    C:\Users\Rizat\Downloads\WhatsApp Image 2016-08-09 at 16.36.40.jpeg => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\Windows 7 Ultimate Ru x86-x64 Orig wBootMenu by OVGorskiy 04.2015.iso» => «:$CmdZnID» ADS not found.
    C:\Users\Rizat\Downloads\[torrentino]-adobe-after-effects-cc-v.13.5-pc.torrent => «:$CmdZnID» ADS removed successfully.
    C:\Users\Rizat\Downloads\ВремяиСтекло — Навернопотомучто.mp3 => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\Итоговый ролик BOOM — BOOM-2015 (NewNomad productions)(1).mp4» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\Итоговый ролик BOOM — BOOM-2015 (NewNomad productions)(1).mp4 => «:$CmdZnID» ADS removed successfully.
    «C:\Users\Rizat\Downloads\Итоговый ролик BOOM — BOOM-2015 (NewNomad productions).mp4» => «:$CmdTcID» ADS not found.
    C:\Users\Rizat\Downloads\Итоговый ролик BOOM — BOOM-2015 (NewNomad productions).mp4 => «:$CmdZnID» ADS removed successfully.
    C:\Users\Rizat\Downloads\Карим Масимов встретился с общественностью Талдыкоргана.mp4 => «:$CmdZnID» ADS removed successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25968337 B
    Java, Flash, Steam htmlcache => 710 B
    Windows/system/drivers => 32923936 B
    Edge => 0 B
    Chrome => 20478229 B
    Firefox => 373783034 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 16674 B
    systemprofile32 => 77546 B
    LocalService => 0 B
    NetworkService => 1242 B
    Rizat => 246912938 B
    Администратор => 95657 B

    RecycleBin => 12612161129 B
    EmptyTemp: => 12.4 GB temporary data Removed.

    ================================

    The system needed a reboot.

    ==== End of Fixlog 15:46:49 ====

    • Этот ответ был изменен 8 years, 3 months назад от Rizat.
    Вложения:
    You must be logged in to view attached files.
  • Автор
    Сообщения
Просмотр 4 сообщений - с 1 по 4 (из 4 всего)

Добро пожаловать

На нашем сайте размещены инструкции и программы, которые помогут вам абсолютно бесплатно и самостоятельно удалить навязчивую рекламу, вирусы и трояны.

Поиск

Важные инструкции

Установлено в соответствии с корпоративным правилом (Удалить из Хрома)
Нет доступа в интернет после удаления вируса — Как восстановить
Убрать рекламу в браузере (Chrome, Firefox, Opera, Yandex)
Этот параметр включен администратором
Какой лучший антивирус ? Как выбрать антивирус ?

СПАЙВАРЕ РУ

  • О Спайваре Ру
  • Контакты
  • Реклама на сайте
  • Политика конфиденциальности
  • Правила использования

Нужна помощь?

Задайте свой вопрос прямо сейчас кликнув по следующей ссылке Задать вопрос.

Или обратитесь на наш форум, где команда Spyware-ru поможет вам. Узнайте, как попросить о помощи здесь.

Ссылки

  • Инструкции
  • Скачать программы
  • Помощь в удалении вирусов
  • Как вылечить компьютер
Copyright © 2008 - 2024 Spyware-RU.com (en)