FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by Администратор (administrator) on MICROSOF-1FA620 on 20-04-2015 21:50:06
Running from C:\Documents and Settings\Администратор\Мои документы\Загрузки
Loaded Profiles: Администратор (Available profiles: Администратор)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Русский
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Корпорация Майкрософт) C:\WINDOWS\system32\smss.exe
(Корпорация Майкрософт) C:\WINDOWS\system32\winlogon.exe
(Корпорация Майкрософт) C:\WINDOWS\system32\services.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Корпорация Майкрософт) C:\WINDOWS\explorer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Корпорация Майкрософт) C:\WINDOWS\system32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\VistaDriveIcon\VistaDrv.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2274600 2011-06-23] (Synaptics Incorporated)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [59936 2009-12-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5075104 2014-02-24] (ESET)
HKLM\...\Run: [] => C:\DOCUME~1\9335~1\LOCALS~1\Temp\tidacjm.exe <===== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [26624 2008-04-15] (Корпорация Майкрософт)
HKLM\...\Winlogon: [Shell] Explorer.exe [1034240 2008-07-03] (Корпорация Майкрософт)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [7757824 2008-06-25] (Корпорация Майкрософт)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll [2009-03-19] (Корпорация Майкрософт)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll [2008-04-15] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll [2008-06-25] (Корпорация Майкрософт)
Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll [2008-04-15] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Корпорация Майкрософт)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Корпорация Майкрософт)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll [2008-04-15] (Корпорация Майкрософт)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll [2008-04-15] (Корпорация Майкрософт)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Корпорация Майкрософт)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Корпорация Майкрософт)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKU\S-1-5-19\...\Run: [VistaIcon] => C:\Program Files\VistaDriveIcon\VistaDrv.exe [132096 2008-03-23] ()
HKU\S-1-5-19\...\RunOnce: [ZZZZ1_FirstLogonSetting] => %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0
HKU\S-1-5-19\...\RunOnce: [ZZZZ2_FirstLogonSetting] => %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0
HKU\S-1-5-19\...\RunOnce: [IE7_011] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-19\...\RunOnce: [IE7_012] => rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N
HKU\S-1-5-19\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\logon.scr
HKU\S-1-5-20\...\Run: [VistaIcon] => C:\Program Files\VistaDriveIcon\VistaDrv.exe [132096 2008-03-23] ()
HKU\S-1-5-20\...\RunOnce: [ZZZZ1_FirstLogonSetting] => %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0
HKU\S-1-5-20\...\RunOnce: [ZZZZ2_FirstLogonSetting] => %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0
HKU\S-1-5-20\...\RunOnce: [IE7_011] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-20\...\RunOnce: [IE7_012] => rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N
HKU\S-1-5-20\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\logon.scr
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Run: [VistaIcon] => C:\Program Files\VistaDriveIcon\VistaDrv.exe [132096 2008-03-23] ()
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1482476501-764733703-1801674531-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [773120 2006-03-01] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [VistaIcon] => C:\Program Files\VistaDriveIcon\VistaDrv.exe [132096 2008-03-23] ()
HKU\S-1-5-18\...\RunOnce: [ZZZZ2_FirstLogonSetting] => %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0
HKU\S-1-5-18\...\RunOnce: [IE7_011] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-18\...\RunOnce: [IE7_012] => rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N
HKU\S-1-5-18\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> logon.scr
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Корпорация Майкрософт)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Корпорация Майкрософт)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll [2008-06-25] (Корпорация Майкрософт)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = Íîâûå áåñïëàòíûå ïðîãðàììû äëÿ Windows 7, 8 è XP íà ðóññêîì ÿçûêå.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = Íîâûå áåñïëàòíûå ïðîãðàììû äëÿ Windows 7, 8 è XP íà ðóññêîì ÿçûêå.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = Íîâûå áåñïëàòíûå ïðîãðàììû äëÿ Windows 7, 8 è XP íà ðóññêîì ÿçûêå.
HKU\S-1-5-21-1482476501-764733703-1801674531-500\Software\Microsoft\Internet Explorer\Main,Start Page = MSN ??????: ???????, ??????, ?????, ????, ?????
HKU\S-1-5-21-1482476501-764733703-1801674531-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Íîâûå áåñïëàòíûå ïðîãðàììû äëÿ Windows 7, 8 è XP íà ðóññêîì ÿçûêå.
SearchScopes: HKU\.DEFAULT -> DefaultScope {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\.DEFAULT -> {058C66B2-4CB7-4EFD-BC18-D2ACA9E04F73} URL = hxxp://ru.wikipedia.org/wiki/{searchTerms}
SearchScopes: HKU\.DEFAULT -> {399C4D3F-AB20-4D91-A26A-06F47F9EA438} URL = hxxp://www.rambler.ru/srch?set=www&words={searchTerms}&btnG=%CD%E0%E9%F2%E8%21
SearchScopes: HKU\.DEFAULT -> {95F663C0-C370-4955-8B39-63069DB1F6C0} URL = hxxp://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}
SearchScopes: HKU\.DEFAULT -> {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\.DEFAULT -> {FA6CC280-3AEA-4DC3-9C5B-9B729779EC31} URL = hxxp://search.microsoft.com/results.aspx?mkt=ru-RU&setlang=ru-RU&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\S-1-5-19 -> {058C66B2-4CB7-4EFD-BC18-D2ACA9E04F73} URL = hxxp://ru.wikipedia.org/wiki/{searchTerms}
SearchScopes: HKU\S-1-5-19 -> {399C4D3F-AB20-4D91-A26A-06F47F9EA438} URL = hxxp://www.rambler.ru/srch?set=www&words={searchTerms}&btnG=%CD%E0%E9%F2%E8%21
SearchScopes: HKU\S-1-5-19 -> {95F663C0-C370-4955-8B39-63069DB1F6C0} URL = hxxp://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\S-1-5-19 -> {FA6CC280-3AEA-4DC3-9C5B-9B729779EC31} URL = hxxp://search.microsoft.com/results.aspx?mkt=ru-RU&setlang=ru-RU&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\S-1-5-20 -> {058C66B2-4CB7-4EFD-BC18-D2ACA9E04F73} URL = hxxp://ru.wikipedia.org/wiki/{searchTerms}
SearchScopes: HKU\S-1-5-20 -> {399C4D3F-AB20-4D91-A26A-06F47F9EA438} URL = hxxp://www.rambler.ru/srch?set=www&words={searchTerms}&btnG=%CD%E0%E9%F2%E8%21
SearchScopes: HKU\S-1-5-20 -> {95F663C0-C370-4955-8B39-63069DB1F6C0} URL = hxxp://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\S-1-5-20 -> {FA6CC280-3AEA-4DC3-9C5B-9B729779EC31} URL = hxxp://search.microsoft.com/results.aspx?mkt=ru-RU&setlang=ru-RU&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {058C66B2-4CB7-4EFD-BC18-D2ACA9E04F73} URL = hxxp://ru.wikipedia.org/wiki/{searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {399C4D3F-AB20-4D91-A26A-06F47F9EA438} URL = hxxp://www.rambler.ru/srch?set=www&words={searchTerms}&btnG=%CD%E0%E9%F2%E8%21
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {95F663C0-C370-4955-8B39-63069DB1F6C0} URL = hxxp://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {FA6CC280-3AEA-4DC3-9C5B-9B729779EC31} URL = hxxp://search.microsoft.com/results.aspx?mkt=ru-RU&setlang=ru-RU&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26] (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25] (Sun Microsystems, Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll [2008-04-15] (Корпорация Майкрософт)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll [2008-04-15] (Корпорация Майкрософт)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll [2009-07-28] (Корпорация Майкрософт)
Winsock: Catalog5 01 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog5 03 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 01 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 02 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 03 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 06 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 07 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 08 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 09 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 10 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 11 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 12 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 13 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 14 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 15 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 16 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 17 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 18 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 19 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 20 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 21 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Администратор\Application Data\Mozilla\Firefox\Profiles\khm8pkl9.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Администратор\Application Data\Mozilla\Firefox\Profiles\khm8pkl9.default\searchplugins\bingp.xml [2014-09-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mailru.xml [2015-01-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml [2015-01-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml [2015-01-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml [2015-01-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml [2015-01-17]
FF Extension: Рамблер-Ассистент - C:\Documents and Settings\Администратор\Application Data\Mozilla\Firefox\Profiles\khm8pkl9.default\Extensions\rambler_toolbar@rambler.ru [2014-01-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-07-08]
Chrome:
=======
CHR Profile: C:\Documents and Settings\Администратор\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [171008 2008-04-15] (Корпорация Майкрософт)
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-15] (Корпорация Майкрософт)
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [41984 2008-06-25] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126464 2008-06-03] (Корпорация Майкрософт)
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-15] (Корпорация Microsoft и VERITAS Software)
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [24064 2008-04-15] (Корпорация Майкрософт)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-05-22] (Корпорация Майкрософт)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1343408 2014-02-24] (ESET)
R2 Eventlog; C:\WINDOWS\system32\services.exe [111104 2009-12-24] (Корпорация Майкрософт)
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Корпорация Майкрософт)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-15] (Корпорация Майкрософт)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-15] (Корпорация Майкрософт)
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [11776 2008-06-25] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [125952 2008-06-25] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [113664 2008-04-15] (Корпорация Майкрософт)
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [113664 2008-04-15] (Корпорация Майкрософт)
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-15] (Корпорация Майкрософт)
R3 Nla; C:\WINDOWS\System32\mswsock.dll [247296 2008-07-28] (Корпорация Майкрософт)
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [436736 2008-04-15] (Корпорация Майкрософт)
R2 PlugPlay; C:\WINDOWS\system32\services.exe [111104 2009-12-24] (Корпорация Майкрософт)
S4 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141824 2008-04-15] (Корпорация Майкрософт)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [173616 2007-02-07] ()
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [96768 2008-04-15] (Корпорация Майкрософт)
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [193024 2008-04-15] (Корпорация Майкрософт)
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-15] (Корпорация Майкрософт)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [330752 2008-06-25] (Корпорация Майкрософт)
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Корпорация Майкрософт)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771456 2015-04-17] (Enigma Software Group USA, LLC.)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-15] (Корпорация Майкрософт)
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-15] (Корпорация Майкрософт)
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [91648 2008-04-15] (Корпорация Майкрософт)
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-08-06] (Корпорация Майкрософт)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R3 TermService; C:\WINDOWS\System32\termsrv.dll [297472 2009-05-18] (Корпорация Майкрософт)
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Корпорация Майкрософт)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-15] (Корпорация Майкрософт)
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [186368 2008-04-15] (Корпорация Майкрософт)
S3 VSS; C:\WINDOWS\System32\vssvc.exe [290304 2008-04-15] (Корпорация Майкрософт)
R2 W32Time; C:\WINDOWS\system32\w32time.dll [176128 2008-07-04] (Корпорация Майкрософт)
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [145408 2008-04-15] (Корпорация Майкрософт)
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [687616 2009-04-09] (Корпорация Майкрософт)
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-15] (Корпорация Майкрософт)
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483328 2008-06-25] (Корпорация Майкрософт)
S2 XAudioService; C:\WINDOWS\system32\DRIVERS\xaudio.exe [386560 2007-01-30] (Conexant Systems, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [188288 2008-04-15] (Корпорация Майкрософт)
R0 ACPIEC; C:\WINDOWS\System32\DRIVERS\ACPIEC.sys [11776 2008-04-15] (Корпорация Майкрософт)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799872 2008-04-15] (Корпорация Microsoft и VERITAS Software)
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153600 2008-04-15] (Корпорация Microsoft и VERITAS Software)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-04-17] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-04-17] ()
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-15] (Корпорация Майкрософт)
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125440 2008-04-15] (Корпорация Майкрософт)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys [984064 2007-04-26] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWAZL; C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys [208384 2007-04-26] (Conexant Systems, Inc.) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [53120 2008-04-14] (Корпорация Майкрософт)
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37504 2008-04-14] (Корпорация Майкрософт)
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24832 2008-04-15] (Корпорация Майкрософт)
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] (Conexant) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30208 2008-06-25] (Корпорация Майкрософт)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23296 2008-04-14] (Корпорация Майкрософт)
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2008-06-25] (Корпорация Майкрософт)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 Parport; C:\WINDOWS\system32\Drivers\Parport.sys [80128 2008-06-25] (Корпорация Майкрософт)
S2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6912 2008-04-15] (Корпорация Майкрософт)
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68480 2008-04-14] (Корпорация Майкрософт)
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-10-19] (Корпорация Майкрософт)
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-15] (Корпорация Майкрософт)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-12-05] (Sonic Solutions) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [58368 2008-04-15] (Корпорация Майкрософт)
S2 Serial; C:\WINDOWS\system32\Drivers\Serial.sys [65024 2008-04-15] (Корпорация Майкрософт)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2011-12-30] () [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-15] (Корпорация Майкрософт)
S3 upperdev; C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-06-06] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-07] (Windows (R) Codename Longhorn DDK provider)
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [51968 2008-04-15] (Корпорация Майкрософт)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [660480 2007-04-26] (Conexant Systems, Inc.) [File not signed]
R2 XAudio; C:\WINDOWS\System32\DRIVERS\xaudio.sys [8704 2007-01-30] (Conexant Systems, Inc.) [File not signed]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S4 IntelIde; No ImagePath
U4 SCardDrv; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-20 19:24 - 2015-04-20 21:50 - 00000000 ____D () C:\FRST
2015-04-20 18:17 - 2015-04-20 18:18 - 00000000 ____D () C:\Program Files\TeamViewer
2015-04-20 18:17 - 2015-04-20 18:17 - 00000706 _____ () C:\Documents and Settings\All Users\Рабочий стол\TeamViewer 10.lnk
2015-04-20 18:17 - 2015-04-20 18:17 - 00000000 ____D () C:\Documents and Settings\All Users\Главное меню\Программы\TeamViewer 10
2015-04-19 17:53 - 2015-04-19 17:53 - 00000000 ____D () C:\Device
2015-04-19 17:52 - 2015-04-19 17:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Doctor Web
2015-04-17 19:48 - 2015-04-17 19:48 - 00000000 ____D () C:\sh4ldr
2015-04-17 19:48 - 2015-04-17 19:48 - 00000000 ____D () C:\Documents and Settings\Администратор\Application Data\Enigma Software Group
2015-04-17 19:45 - 2015-04-17 19:45 - 00019984 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-04-17 19:44 - 2015-04-17 19:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-17 19:03 - 2015-04-17 19:03 - 03072054 _____ () C:\Documents and Settings\Администратор\Мои документы\!Decrypt-All-Files-ruahvph.bmp
2015-04-17 19:03 - 2015-04-17 19:03 - 00001266 _____ () C:\Documents and Settings\Администратор\Мои документы\!Decrypt-All-Files-ruahvph.txt
2015-04-17 09:43 - 2015-04-17 19:03 - 01154183 _____ () C:\Documents and Settings\All Users\Application Data\gqpsyje.html
2015-04-17 09:31 - 2015-04-20 17:53 - 00000260 ____H () C:\WINDOWS\Tasks\rgapibg.job
2015-04-15 16:43 - 2015-04-15 16:43 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-04-14 09:17 - 2015-04-15 19:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-04-08 12:24 - 2015-04-08 12:24 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
2015-04-08 12:23 - 2015-04-08 12:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-04-08 12:23 - 2015-04-08 12:23 - 00000000 ____D () C:\Documents and Settings\All Users\Главное меню\Программы\McAfee Security Scan Plus
2015-04-05 00:01 - 2015-04-05 00:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-04 23:20 - 2015-04-20 21:42 - 00000896 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-04 23:20 - 2015-04-17 09:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2015-04-04 23:20 - 2015-04-08 12:23 - 00001773 _____ () C:\Documents and Settings\All Users\Рабочий стол\McAfee Security Scan Plus.lnk
2015-04-04 23:20 - 2015-04-04 23:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-20 21:50 - 2012-01-06 19:43 - 00000000 ____D () C:\Documents and Settings\Администратор\Мои документы\Загрузки
2015-04-20 21:50 - 2011-12-30 17:38 - 00000000 ____D () C:\Documents and Settings\Администратор\Local Settings\Temp
2015-04-20 18:17 - 2011-12-30 20:20 - 00000000 ___RD () C:\Documents and Settings\All Users\Главное меню\Программы
2015-04-20 18:17 - 2011-12-30 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Рабочий стол
2015-04-20 17:54 - 2012-01-12 11:39 - 00000000 ____D () C:\Documents and Settings\Администратор\Application Data\Skype
2015-04-20 17:54 - 2011-12-30 17:28 - 01605305 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-20 17:53 - 2011-12-30 20:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-20 17:53 - 2011-12-30 20:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-04-20 17:53 - 2011-12-30 17:38 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-19 20:02 - 2011-12-30 17:38 - 00032144 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-19 20:02 - 2011-12-30 17:38 - 00000178 ___SH () C:\Documents and Settings\Администратор\ntuser.ini
2015-04-19 17:17 - 2008-04-15 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-17 20:16 - 2013-02-21 22:29 - 00002265 _____ () C:\Documents and Settings\All Users\Рабочий стол\Skype.lnk
2015-04-17 19:59 - 2011-12-30 17:38 - 00001599 _____ () C:\Documents and Settings\Администратор\Главное меню\Программы\Удаленный помощник.lnk
2015-04-17 19:54 - 2011-12-30 17:30 - 00001607 _____ () C:\Documents and Settings\All Users\Главное меню\Выбор программ по умолчанию.lnk
2015-04-17 19:54 - 2011-12-30 17:30 - 00001599 _____ () C:\Documents and Settings\Default User\Главное меню\Программы\Удаленный помощник.lnk
2015-04-17 19:54 - 2011-12-30 17:29 - 00001726 _____ () C:\Documents and Settings\All Users\Главное меню\Microsoft Update.lnk
2015-04-17 19:48 - 2011-12-30 17:38 - 00000000 ____D () C:\Documents and Settings\Администратор
2015-04-17 19:45 - 2011-12-30 20:20 - 00957634 _____ () C:\WINDOWS\setupapi.log
2015-04-17 19:03 - 2011-12-30 17:38 - 00000000 ___RD () C:\Documents and Settings\Администратор\Мои документы
2015-04-17 18:42 - 2011-12-30 17:38 - 00000000 ___HD () C:\Documents and Settings\Администратор\Шаблоны
2015-04-17 18:38 - 2011-12-30 20:20 - 00000000 ___HD () C:\Documents and Settings\Default User\Шаблоны
2015-04-17 16:00 - 2011-12-30 20:20 - 01118880 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-17 16:00 - 2008-04-15 16:00 - 00493072 _____ () C:\WINDOWS\system32\perfh019.dat
2015-04-17 16:00 - 2008-04-15 16:00 - 00087776 _____ () C:\WINDOWS\system32\perfc019.dat
2015-04-17 09:39 - 2011-12-30 17:31 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2015-04-17 09:38 - 2013-02-21 22:29 - 00000000 ___RD () C:\Program Files\Skype
2015-04-17 09:38 - 2012-04-26 18:59 - 00000000 ____D () C:\Program Files\PokerStars
2015-04-17 09:38 - 2012-01-11 19:47 - 00000000 ____D () C:\Program Files\TNod User & Password Finder
2015-04-17 09:38 - 2012-01-02 19:19 - 00000000 ____D () C:\Program Files\XviD
2015-04-17 09:38 - 2012-01-02 19:19 - 00000000 ____D () C:\Program Files\Opera
2015-04-17 09:38 - 2012-01-02 19:17 - 00000000 ____D () C:\Program Files\Winamp
2015-04-17 09:38 - 2012-01-02 19:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-17 09:38 - 2012-01-02 18:53 - 00000000 ____D () C:\Program Files\XnView
2015-04-17 09:38 - 2012-01-02 18:53 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-17 09:38 - 2011-12-30 17:34 - 00000000 ____D () C:\Program Files\VistaDriveIcon
2015-04-17 09:38 - 2011-12-30 17:27 - 00000000 ____D () C:\Program Files\Outlook Express
2015-04-17 09:37 - 2012-01-02 19:22 - 00000000 ____D () C:\Documents and Settings\Администратор\Рабочий стол\family
2015-04-17 09:37 - 2012-01-02 18:53 - 00000000 ____D () C:\Program Files\7-Zip
2015-04-17 09:37 - 2012-01-02 17:36 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-04-16 08:52 - 2013-02-27 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-15 16:43 - 2013-04-08 14:33 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-15 16:43 - 2012-01-06 19:55 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-08 12:23 - 2011-12-30 20:20 - 00000000 ___RD () C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
2015-04-04 23:18 - 2014-07-09 15:52 - 00000000 ____D () C:\Documents and Settings\Администратор\Local Settings\Application Data\Adobe
==================== Files in the root of some directories =======
2012-01-02 19:51 - 2014-12-14 14:29 - 0005632 _____ () C:\Documents and Settings\Администратор\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Documents and Settings\Администратор\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Администратор\Local Settings\Temp\tmp26.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll
[2008-06-25 22:08] - [2008-06-25 22:08] - 0584192 ____A (Корпорация Майкрософт) 371c41f777924f3ea3bfad18c6a04502
C:\WINDOWS\system32\User32.dll No Company Name <===== ATTENTION!
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- ---
--- --- ---
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by Администратор (administrator) on MICROSOF-1FA620 on 20-04-2015 21:50:06
Running from C:\Documents and Settings\Администратор\Мои документы\Загрузки
Loaded Profiles: Администратор (Available profiles: Администратор)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Русский
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Корпорация Майкрософт) C:\WINDOWS\system32\smss.exe
(Корпорация Майкрософт) C:\WINDOWS\system32\winlogon.exe
(Корпорация Майкрософт) C:\WINDOWS\system32\services.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Корпорация Майкрософт) C:\WINDOWS\explorer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Корпорация Майкрософт) C:\WINDOWS\system32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\VistaDriveIcon\VistaDrv.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2274600 2011-06-23] (Synaptics Incorporated)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [59936 2009-12-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5075104 2014-02-24] (ESET)
HKLM\...\Run: [] => C:\DOCUME~1\9335~1\LOCALS~1\Temp\tidacjm.exe <===== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [26624 2008-04-15] (Корпорация Майкрософт)
HKLM\...\Winlogon: [Shell] Explorer.exe [1034240 2008-07-03] (Корпорация Майкрософт)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [7757824 2008-06-25] (Корпорация Майкрософт)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll [2009-03-19] (Корпорация Майкрософт)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll [2008-04-15] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll [2008-06-25] (Корпорация Майкрософт)
Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll [2008-04-15] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Корпорация Майкрософт)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Корпорация Майкрософт)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll [2008-04-15] (Корпорация Майкрософт)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll [2008-04-15] (Корпорация Майкрософт)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Корпорация Майкрософт)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll [2008-04-15] (Корпорация Майкрософт)
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKU\S-1-5-19\...\Run: [VistaIcon] => C:\Program Files\VistaDriveIcon\VistaDrv.exe [132096 2008-03-23] ()
HKU\S-1-5-19\...\RunOnce: [ZZZZ1_FirstLogonSetting] => %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0
HKU\S-1-5-19\...\RunOnce: [ZZZZ2_FirstLogonSetting] => %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0
HKU\S-1-5-19\...\RunOnce: [IE7_011] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-19\...\RunOnce: [IE7_012] => rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N
HKU\S-1-5-19\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\logon.scr
HKU\S-1-5-20\...\Run: [VistaIcon] => C:\Program Files\VistaDriveIcon\VistaDrv.exe [132096 2008-03-23] ()
HKU\S-1-5-20\...\RunOnce: [ZZZZ1_FirstLogonSetting] => %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0
HKU\S-1-5-20\...\RunOnce: [ZZZZ2_FirstLogonSetting] => %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0
HKU\S-1-5-20\...\RunOnce: [IE7_011] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-20\...\RunOnce: [IE7_012] => rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N
HKU\S-1-5-20\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\logon.scr
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Run: [VistaIcon] => C:\Program Files\VistaDriveIcon\VistaDrv.exe [132096 2008-03-23] ()
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-1482476501-764733703-1801674531-500\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1482476501-764733703-1801674531-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [773120 2006-03-01] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [VistaIcon] => C:\Program Files\VistaDriveIcon\VistaDrv.exe [132096 2008-03-23] ()
HKU\S-1-5-18\...\RunOnce: [ZZZZ2_FirstLogonSetting] => %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0
HKU\S-1-5-18\...\RunOnce: [IE7_011] => regsvr32 /s /n /i:u shell32
HKU\S-1-5-18\...\RunOnce: [IE7_012] => rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N
HKU\S-1-5-18\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> logon.scr
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Корпорация Майкрософт)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Корпорация Майкрософт)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll [2008-06-25] (Корпорация Майкрософт)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = Íîâûå áåñïëàòíûå ïðîãðàììû äëÿ Windows 7, 8 è XP íà ðóññêîì ÿçûêå.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = Íîâûå áåñïëàòíûå ïðîãðàììû äëÿ Windows 7, 8 è XP íà ðóññêîì ÿçûêå.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = Íîâûå áåñïëàòíûå ïðîãðàììû äëÿ Windows 7, 8 è XP íà ðóññêîì ÿçûêå.
HKU\S-1-5-21-1482476501-764733703-1801674531-500\Software\Microsoft\Internet Explorer\Main,Start Page = MSN ??????: ???????, ??????, ?????, ????, ?????
HKU\S-1-5-21-1482476501-764733703-1801674531-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Íîâûå áåñïëàòíûå ïðîãðàììû äëÿ Windows 7, 8 è XP íà ðóññêîì ÿçûêå.
SearchScopes: HKU\.DEFAULT -> DefaultScope {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\.DEFAULT -> {058C66B2-4CB7-4EFD-BC18-D2ACA9E04F73} URL = hxxp://ru.wikipedia.org/wiki/{searchTerms}
SearchScopes: HKU\.DEFAULT -> {399C4D3F-AB20-4D91-A26A-06F47F9EA438} URL = hxxp://www.rambler.ru/srch?set=www&words={searchTerms}&btnG=%CD%E0%E9%F2%E8%21
SearchScopes: HKU\.DEFAULT -> {95F663C0-C370-4955-8B39-63069DB1F6C0} URL = hxxp://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}
SearchScopes: HKU\.DEFAULT -> {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\.DEFAULT -> {FA6CC280-3AEA-4DC3-9C5B-9B729779EC31} URL = hxxp://search.microsoft.com/results.aspx?mkt=ru-RU&setlang=ru-RU&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\S-1-5-19 -> {058C66B2-4CB7-4EFD-BC18-D2ACA9E04F73} URL = hxxp://ru.wikipedia.org/wiki/{searchTerms}
SearchScopes: HKU\S-1-5-19 -> {399C4D3F-AB20-4D91-A26A-06F47F9EA438} URL = hxxp://www.rambler.ru/srch?set=www&words={searchTerms}&btnG=%CD%E0%E9%F2%E8%21
SearchScopes: HKU\S-1-5-19 -> {95F663C0-C370-4955-8B39-63069DB1F6C0} URL = hxxp://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\S-1-5-19 -> {FA6CC280-3AEA-4DC3-9C5B-9B729779EC31} URL = hxxp://search.microsoft.com/results.aspx?mkt=ru-RU&setlang=ru-RU&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\S-1-5-20 -> {058C66B2-4CB7-4EFD-BC18-D2ACA9E04F73} URL = hxxp://ru.wikipedia.org/wiki/{searchTerms}
SearchScopes: HKU\S-1-5-20 -> {399C4D3F-AB20-4D91-A26A-06F47F9EA438} URL = hxxp://www.rambler.ru/srch?set=www&words={searchTerms}&btnG=%CD%E0%E9%F2%E8%21
SearchScopes: HKU\S-1-5-20 -> {95F663C0-C370-4955-8B39-63069DB1F6C0} URL = hxxp://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\S-1-5-20 -> {FA6CC280-3AEA-4DC3-9C5B-9B729779EC31} URL = hxxp://search.microsoft.com/results.aspx?mkt=ru-RU&setlang=ru-RU&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {058C66B2-4CB7-4EFD-BC18-D2ACA9E04F73} URL = hxxp://ru.wikipedia.org/wiki/{searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {399C4D3F-AB20-4D91-A26A-06F47F9EA438} URL = hxxp://www.rambler.ru/srch?set=www&words={searchTerms}&btnG=%CD%E0%E9%F2%E8%21
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {95F663C0-C370-4955-8B39-63069DB1F6C0} URL = hxxp://www.yandex.ru/yandsearch?stype=&nl=0&text={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {B2A025AA-2242-4E2F-8FC6-6DC64A736A80} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr=
SearchScopes: HKU\S-1-5-21-1482476501-764733703-1801674531-500 -> {FA6CC280-3AEA-4DC3-9C5B-9B729779EC31} URL = hxxp://search.microsoft.com/results.aspx?mkt=ru-RU&setlang=ru-RU&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26] (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25] (Sun Microsystems, Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll [2008-04-15] (Корпорация Майкрософт)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll [2008-04-15] (Корпорация Майкрософт)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll [2009-07-28] (Корпорация Майкрософт)
Winsock: Catalog5 01 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog5 03 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 01 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 02 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 03 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 06 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 07 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 08 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 09 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 10 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 11 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 12 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 13 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 14 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 15 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 16 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 17 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 18 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 19 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 20 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Winsock: Catalog9 21 C:\WINDOWS\system32\mswsock.dll [247296] (Корпорация Майкрософт)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Администратор\Application Data\Mozilla\Firefox\Profiles\khm8pkl9.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-06-03] (RealNetworks, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Администратор\Application Data\Mozilla\Firefox\Profiles\khm8pkl9.default\searchplugins\bingp.xml [2014-09-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mailru.xml [2015-01-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ozonru.xml [2015-01-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\priceru.xml [2015-01-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-slovari.xml [2015-01-17]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex.xml [2015-01-17]
FF Extension: Рамблер-Ассистент - C:\Documents and Settings\Администратор\Application Data\Mozilla\Firefox\Profiles\khm8pkl9.default\Extensions\rambler_toolbar@rambler.ru [2014-01-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-07-08]
Chrome:
=======
CHR Profile: C:\Documents and Settings\Администратор\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [171008 2008-04-15] (Корпорация Майкрософт)
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-15] (Корпорация Майкрософт)
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [41984 2008-06-25] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126464 2008-06-03] (Корпорация Майкрософт)
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-15] (Корпорация Microsoft и VERITAS Software)
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [24064 2008-04-15] (Корпорация Майкрософт)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-05-22] (Корпорация Майкрософт)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1343408 2014-02-24] (ESET)
R2 Eventlog; C:\WINDOWS\system32\services.exe [111104 2009-12-24] (Корпорация Майкрософт)
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Корпорация Майкрософт)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-15] (Корпорация Майкрософт)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-15] (Корпорация Майкрософт)
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [11776 2008-06-25] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [125952 2008-06-25] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [113664 2008-04-15] (Корпорация Майкрософт)
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [113664 2008-04-15] (Корпорация Майкрософт)
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-15] (Корпорация Майкрософт)
R3 Nla; C:\WINDOWS\System32\mswsock.dll [247296 2008-07-28] (Корпорация Майкрософт)
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [436736 2008-04-15] (Корпорация Майкрософт)
R2 PlugPlay; C:\WINDOWS\system32\services.exe [111104 2009-12-24] (Корпорация Майкрософт)
S4 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141824 2008-04-15] (Корпорация Майкрософт)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [173616 2007-02-07] ()
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [96768 2008-04-15] (Корпорация Майкрософт)
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [193024 2008-04-15] (Корпорация Майкрософт)
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-15] (Корпорация Майкрософт)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [330752 2008-06-25] (Корпорация Майкрософт)
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Корпорация Майкрософт)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771456 2015-04-17] (Enigma Software Group USA, LLC.)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-15] (Корпорация Майкрософт)
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-15] (Корпорация Майкрософт)
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [91648 2008-04-15] (Корпорация Майкрософт)
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-08-06] (Корпорация Майкрософт)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R3 TermService; C:\WINDOWS\System32\termsrv.dll [297472 2009-05-18] (Корпорация Майкрософт)
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135680 2009-07-28] (Корпорация Майкрософт)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-15] (Корпорация Майкрософт)
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [186368 2008-04-15] (Корпорация Майкрософт)
S3 VSS; C:\WINDOWS\System32\vssvc.exe [290304 2008-04-15] (Корпорация Майкрософт)
R2 W32Time; C:\WINDOWS\system32\w32time.dll [176128 2008-07-04] (Корпорация Майкрософт)
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [145408 2008-04-15] (Корпорация Майкрософт)
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [687616 2009-04-09] (Корпорация Майкрософт)
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-15] (Корпорация Майкрософт)
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483328 2008-06-25] (Корпорация Майкрософт)
S2 XAudioService; C:\WINDOWS\system32\DRIVERS\xaudio.exe [386560 2007-01-30] (Conexant Systems, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [188288 2008-04-15] (Корпорация Майкрософт)
R0 ACPIEC; C:\WINDOWS\System32\DRIVERS\ACPIEC.sys [11776 2008-04-15] (Корпорация Майкрософт)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799872 2008-04-15] (Корпорация Microsoft и VERITAS Software)
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153600 2008-04-15] (Корпорация Microsoft и VERITAS Software)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-04-17] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-04-17] ()
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-15] (Корпорация Майкрософт)
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125440 2008-04-15] (Корпорация Майкрософт)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys [984064 2007-04-26] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWAZL; C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys [208384 2007-04-26] (Conexant Systems, Inc.) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [53120 2008-04-14] (Корпорация Майкрософт)
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37504 2008-04-14] (Корпорация Майкрософт)
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24832 2008-04-15] (Корпорация Майкрософт)
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-19] (Conexant) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30208 2008-06-25] (Корпорация Майкрософт)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23296 2008-04-14] (Корпорация Майкрософт)
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2008-06-25] (Корпорация Майкрософт)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 Parport; C:\WINDOWS\system32\Drivers\Parport.sys [80128 2008-06-25] (Корпорация Майкрософт)
S2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6912 2008-04-15] (Корпорация Майкрософт)
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68480 2008-04-14] (Корпорация Майкрософт)
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-10-19] (Корпорация Майкрософт)
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-15] (Корпорация Майкрософт)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-12-05] (Sonic Solutions) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [58368 2008-04-15] (Корпорация Майкрософт)
S2 Serial; C:\WINDOWS\system32\Drivers\Serial.sys [65024 2008-04-15] (Корпорация Майкрософт)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2011-12-30] () [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-15] (Корпорация Майкрософт)
S3 upperdev; C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-06-06] (Windows (R) Codename Longhorn DDK provider)
S3 UsbserFilt; C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-05-07] (Windows (R) Codename Longhorn DDK provider)
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [51968 2008-04-15] (Корпорация Майкрософт)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys [660480 2007-04-26] (Conexant Systems, Inc.) [File not signed]
R2 XAudio; C:\WINDOWS\System32\DRIVERS\xaudio.sys [8704 2007-01-30] (Conexant Systems, Inc.) [File not signed]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S4 IntelIde; No ImagePath
U4 SCardDrv; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-20 19:24 - 2015-04-20 21:50 - 00000000 ____D () C:\FRST
2015-04-20 18:17 - 2015-04-20 18:18 - 00000000 ____D () C:\Program Files\TeamViewer
2015-04-20 18:17 - 2015-04-20 18:17 - 00000706 _____ () C:\Documents and Settings\All Users\Рабочий стол\TeamViewer 10.lnk
2015-04-20 18:17 - 2015-04-20 18:17 - 00000000 ____D () C:\Documents and Settings\All Users\Главное меню\Программы\TeamViewer 10
2015-04-19 17:53 - 2015-04-19 17:53 - 00000000 ____D () C:\Device
2015-04-19 17:52 - 2015-04-19 17:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Doctor Web
2015-04-17 19:48 - 2015-04-17 19:48 - 00000000 ____D () C:\sh4ldr
2015-04-17 19:48 - 2015-04-17 19:48 - 00000000 ____D () C:\Documents and Settings\Администратор\Application Data\Enigma Software Group
2015-04-17 19:45 - 2015-04-17 19:45 - 00019984 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-04-17 19:44 - 2015-04-17 19:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-17 19:03 - 2015-04-17 19:03 - 03072054 _____ () C:\Documents and Settings\Администратор\Мои документы\!Decrypt-All-Files-ruahvph.bmp
2015-04-17 19:03 - 2015-04-17 19:03 - 00001266 _____ () C:\Documents and Settings\Администратор\Мои документы\!Decrypt-All-Files-ruahvph.txt
2015-04-17 09:43 - 2015-04-17 19:03 - 01154183 _____ () C:\Documents and Settings\All Users\Application Data\gqpsyje.html
2015-04-17 09:31 - 2015-04-20 17:53 - 00000260 ____H () C:\WINDOWS\Tasks\rgapibg.job
2015-04-15 16:43 - 2015-04-15 16:43 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-04-14 09:17 - 2015-04-15 19:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-04-08 12:24 - 2015-04-08 12:24 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\McAfee
2015-04-08 12:23 - 2015-04-08 12:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-04-08 12:23 - 2015-04-08 12:23 - 00000000 ____D () C:\Documents and Settings\All Users\Главное меню\Программы\McAfee Security Scan Plus
2015-04-05 00:01 - 2015-04-05 00:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-04 23:20 - 2015-04-20 21:42 - 00000896 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-04 23:20 - 2015-04-17 09:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2015-04-04 23:20 - 2015-04-08 12:23 - 00001773 _____ () C:\Documents and Settings\All Users\Рабочий стол\McAfee Security Scan Plus.lnk
2015-04-04 23:20 - 2015-04-04 23:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-20 21:50 - 2012-01-06 19:43 - 00000000 ____D () C:\Documents and Settings\Администратор\Мои документы\Загрузки
2015-04-20 21:50 - 2011-12-30 17:38 - 00000000 ____D () C:\Documents and Settings\Администратор\Local Settings\Temp
2015-04-20 18:17 - 2011-12-30 20:20 - 00000000 ___RD () C:\Documents and Settings\All Users\Главное меню\Программы
2015-04-20 18:17 - 2011-12-30 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Рабочий стол
2015-04-20 17:54 - 2012-01-12 11:39 - 00000000 ____D () C:\Documents and Settings\Администратор\Application Data\Skype
2015-04-20 17:54 - 2011-12-30 17:28 - 01605305 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-20 17:53 - 2011-12-30 20:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-20 17:53 - 2011-12-30 20:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-04-20 17:53 - 2011-12-30 17:38 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-19 20:02 - 2011-12-30 17:38 - 00032144 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-19 20:02 - 2011-12-30 17:38 - 00000178 ___SH () C:\Documents and Settings\Администратор\ntuser.ini
2015-04-19 17:17 - 2008-04-15 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-17 20:16 - 2013-02-21 22:29 - 00002265 _____ () C:\Documents and Settings\All Users\Рабочий стол\Skype.lnk
2015-04-17 19:59 - 2011-12-30 17:38 - 00001599 _____ () C:\Documents and Settings\Администратор\Главное меню\Программы\Удаленный помощник.lnk
2015-04-17 19:54 - 2011-12-30 17:30 - 00001607 _____ () C:\Documents and Settings\All Users\Главное меню\Выбор программ по умолчанию.lnk
2015-04-17 19:54 - 2011-12-30 17:30 - 00001599 _____ () C:\Documents and Settings\Default User\Главное меню\Программы\Удаленный помощник.lnk
2015-04-17 19:54 - 2011-12-30 17:29 - 00001726 _____ () C:\Documents and Settings\All Users\Главное меню\Microsoft Update.lnk
2015-04-17 19:48 - 2011-12-30 17:38 - 00000000 ____D () C:\Documents and Settings\Администратор
2015-04-17 19:45 - 2011-12-30 20:20 - 00957634 _____ () C:\WINDOWS\setupapi.log
2015-04-17 19:03 - 2011-12-30 17:38 - 00000000 ___RD () C:\Documents and Settings\Администратор\Мои документы
2015-04-17 18:42 - 2011-12-30 17:38 - 00000000 ___HD () C:\Documents and Settings\Администратор\Шаблоны
2015-04-17 18:38 - 2011-12-30 20:20 - 00000000 ___HD () C:\Documents and Settings\Default User\Шаблоны
2015-04-17 16:00 - 2011-12-30 20:20 - 01118880 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-17 16:00 - 2008-04-15 16:00 - 00493072 _____ () C:\WINDOWS\system32\perfh019.dat
2015-04-17 16:00 - 2008-04-15 16:00 - 00087776 _____ () C:\WINDOWS\system32\perfc019.dat
2015-04-17 09:39 - 2011-12-30 17:31 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2015-04-17 09:38 - 2013-02-21 22:29 - 00000000 ___RD () C:\Program Files\Skype
2015-04-17 09:38 - 2012-04-26 18:59 - 00000000 ____D () C:\Program Files\PokerStars
2015-04-17 09:38 - 2012-01-11 19:47 - 00000000 ____D () C:\Program Files\TNod User & Password Finder
2015-04-17 09:38 - 2012-01-02 19:19 - 00000000 ____D () C:\Program Files\XviD
2015-04-17 09:38 - 2012-01-02 19:19 - 00000000 ____D () C:\Program Files\Opera
2015-04-17 09:38 - 2012-01-02 19:17 - 00000000 ____D () C:\Program Files\Winamp
2015-04-17 09:38 - 2012-01-02 19:08 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-17 09:38 - 2012-01-02 18:53 - 00000000 ____D () C:\Program Files\XnView
2015-04-17 09:38 - 2012-01-02 18:53 - 00000000 ____D () C:\Program Files\WinRAR
2015-04-17 09:38 - 2011-12-30 17:34 - 00000000 ____D () C:\Program Files\VistaDriveIcon
2015-04-17 09:38 - 2011-12-30 17:27 - 00000000 ____D () C:\Program Files\Outlook Express
2015-04-17 09:37 - 2012-01-02 19:22 - 00000000 ____D () C:\Documents and Settings\Администратор\Рабочий стол\family
2015-04-17 09:37 - 2012-01-02 18:53 - 00000000 ____D () C:\Program Files\7-Zip
2015-04-17 09:37 - 2012-01-02 17:36 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-04-16 08:52 - 2013-02-27 19:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-15 16:43 - 2013-04-08 14:33 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-15 16:43 - 2012-01-06 19:55 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-08 12:23 - 2011-12-30 20:20 - 00000000 ___RD () C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
2015-04-04 23:18 - 2014-07-09 15:52 - 00000000 ____D () C:\Documents and Settings\Администратор\Local Settings\Application Data\Adobe
==================== Files in the root of some directories =======
2012-01-02 19:51 - 2014-12-14 14:29 - 0005632 _____ () C:\Documents and Settings\Администратор\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Documents and Settings\Администратор\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Администратор\Local Settings\Temp\tmp26.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll
[2008-06-25 22:08] - [2008-06-25 22:08] - 0584192 ____A (Корпорация Майкрософт) 371c41f777924f3ea3bfad18c6a04502
C:\WINDOWS\system32\User32.dll No Company Name <===== ATTENTION!
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- ---
--- --- --- |
FRST 32-Bit | FRST 64-Bit