Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01 Ran by Leda-11 (2016-04-01 14:11:15) Running from C:\Documents and Settings\Leda-11\Рабочий стол Microsoft Windows XP Professional Service Pack 3 (X86) (2008-08-30 21:32:24) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-1343024091-1708537768-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Admin ASPNET (S-1-5-21-1343024091-1708537768-682003330-1013 - Limited - Enabled) Guest (S-1-5-21-1343024091-1708537768-682003330-501 - Limited - Enabled) Leda-11 (S-1-5-21-1343024091-1708537768-682003330-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Leda-11 macbookpro (S-1-5-21-1343024091-1708537768-682003330-1011 - Administrator - Enabled) Гость (S-1-5-21-1343024091-1708537768-682003330-1009 - Limited - Enabled) Гость2 (S-1-5-21-1343024091-1708537768-682003330-1010 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1C:Предприятие 8.1 (HKLM\...\{45FCC729-7789-479D-89A6-CE1AC809ADCA}) (Version: 8.1.15 - 1С) 1C:Предприятие 8.2 (8.2.14.519) (HKLM\...\{35C36165-83CA-461E-8032-6F605EA7B78E}) (Version: 8.2.14.519 - 1C) 1С:Предприятие 7.7 (сетевая версия) (HKLM\...\1С:Предприятие 7.7 (сетевая версия)) (Version: - ) Acronis True Image Home (HKLM\...\{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}) (Version: 10.0.4871 - Acronis) Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated) Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated) Adobe Flash Player 9 ActiveX (HKLM\...\{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}) (Version: 9.0.16.0 - Adobe Systems, Inc.) Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Alky for Applications (HKLM\...\{BB05D173-9681-4812-A7FA-BD4042A3DA00}) (Version: 1.0 - Falling Leaf Systems) AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD) AMDAway INF (HKLM\...\AMDAway INF) (Version: - ) Anyplace Control 4.3.0.1 Full Version (HKLM\...\{0A6FE998-A146-4D34-93DF-DC47D00F0830}) (Version: 4.3.0.1 Full Version - Anyplace Control Software) ATI - Утилита деинсталляции (HKLM\...\All ATI Software) (Version: 6.14.10.1021 - ) ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 9.15.0.20713 - ATI Technologies Inc.) ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0422.2230 - ) ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.471-080225a1-059746C-ATI - ) ATI Parental Control & Encoder (Version: 3.0 - Название организации) Hidden AutoCAD 2008 - Русский (HKLM\...\AutoCAD 2008 - Русский) (Version: 17.1.51.0 - Autodesk) AutoCAD 2008 - Русский (Version: 17.1.51.0 - Autodesk) Hidden AutoCAD 2009 - Русский (HKLM\...\AutoCAD 2009 - Русский) (Version: 17.2.56.0 - Autodesk) AutoCAD 2009 - Русский (Version: 17.2.56.0 - Autodesk) Hidden Autodesk Design Review 2009 (HKLM\...\Autodesk Design Review 2009) (Version: 9.0.96 - Autodesk, Inc.) Autodesk Design Review 2009 (Version: 9.0.96 - Autodesk, Inc.) Hidden Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.) Canon MF Toolbox 4.9.1.1.mf07 (HKLM\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 3.0.0 - Canon) Catalyst Control Center - Branding (HKLM\...\{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}) (Version: 1.00.0000 - ATI) ccc-core-preinstall (Version: 2008.0422.2231.38434 - ATI) Hidden ccc-core-static (Version: 2008.0422.2231.38434 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform) Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) CheckXML (HKLM\...\CheckXML) (Version: - ) Defraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform) EasyCeiling (HKLM\...\{792F2035-24F5-472A-AF96-F03D666F0F58}) (Version: 1.30 - EasyCeiling) EasyCeiling (HKLM\...\{E78CBBD1-14C4-4312-888E-5A707928A007}) (Version: 1.16 - EasyCeiling Inc) EasyCeilingDEMO (HKLM\...\{DDC25413-A008-437C-AF77-211997CFDEF5}) (Version: 1.24 - EasyCeiling Inc) ESET NOD32 Antivirus (HKLM\...\{FCB6793C-E0BC-46F1-B624-4B141A36DA0B}) (Version: 4.2.71.3 - ESET, spol. s r.o.) Ext2Fsd 0.51 (HKLM\...\Ext2Fsd_is1) (Version: 0.51 - Matt Wu) ffdshow [rev 890] [2007-02-06] (HKLM\...\ffdshow_is1) (Version: 1.0 - ) Google Chrome (HKU\S-1-5-21-1343024091-1708537768-682003330-1006\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.) HHD Software Hex Editor Neo 4.85 (HKLM\...\HHD Hex Editor 4.x) (Version: 4.85.0.3229 - HHD Software, Ltd.) Hide Folders 2009 3.2 for Windows XP/Vista (HKLM\...\Hide Folders 2009_is1) (Version: 3.2 - FSPro Labs) HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) K-Lite Mega Codec Pack 3.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 3.9.0 - ) LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.1.0.362 - LogMeIn, Inc.) LogMeIn Hamachi (Version: 2.1.0.362 - LogMeIn, Inc.) Hidden Maxthon Ru-Board 2010 Edition 2.5.13 (HKLM\...\Maxthon Ru-Board 2010 Edition 2.5.13) (Version: - ) Maxthon Ru-Board 2010 Edition 2.5.13 (HKLM\...\Maxthon2.5.5.RuBoardEdition) (Version: - ) Mediatek RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.38.101 - MediatekWiFi) Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version: - Microsoft Corporation) Microsoft .NET Framework 2.0 Language Pack - RUS (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - RUS) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.0 (HKLM\...\Microsoft .NET Framework 3.0) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation) Microsoft Office - профессиональный выпуск версии 2003 (HKLM\...\{90110419-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 ru) (HKLM\...\Mozilla Firefox 44.0.2 (x86 ru)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation) Multi Password Recovery (HKLM\...\Multi Password Recovery) (Version: - ) Np2008w (HKLM\...\Np2008w) (Version: - ) PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.4.17 - Prolific Technology INC) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.) Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.03.09.00 - Samsung Electronics Co., Ltd.) Samsung Universal Print Driver PS (HKLM\...\Samsung Universal Print Driver PS) (Version: 2.03.09.00:41 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) Skins (Version: 2008.0422.2231.38434 - ATI) Hidden TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.69.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) WinRAR 5.00 (32-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden Yandex (HKU\S-1-5-21-1343024091-1708537768-682003330-1006\...\YandexBrowser) (Version: 16.3.0.7146 - ООО «ЯНДЕКС») АРМ клиента BS-Client v.3 - Северный Морской Путь [100813538] (HKLM\...\Северный Морской Путь [100813538]) (Version: - ) Документы ПУ 5 (HKLM\...\Документы ПУ 5) (Version: - ) Исправление для Windows Media Format SDK (KB922042) (HKLM\...\KB922042) (Version: - Microsoft Corporation) Исправление для Windows Media Format SDK (KB922814) (HKLM\...\KB922814) (Version: - Microsoft Corporation) Исправление для Windows XP (KB945436) (HKLM\...\KB945436) (Version: 1 - Microsoft Corporation) Исправление для Windows XP (KB948101-v3) (HKLM\...\KB948101-v3) (Version: 3 - Microsoft Corporation) Исправление для Windows XP (KB948277) (HKLM\...\KB948277) (Version: 1 - Microsoft Corporation) Исправление для Windows XP (KB949033) (HKLM\...\KB949033) (Version: 1 - Microsoft Corporation) Исправление для Windows XP (KB949127-v2) (HKLM\...\KB949127-v2) (Version: 2 - Microsoft Corporation) Исправление для Windows XP (KB949764) (HKLM\...\KB949764) (Version: 1 - Microsoft Corporation) Исправление для Windows XP (KB949900) (HKLM\...\KB949900) (Version: 1 - Microsoft Corporation) Исправление для Windows XP (KB950162) (HKLM\...\KB950162) (Version: 1 - Microsoft Corporation) Исправление для Windows XP (KB950616) (HKLM\...\KB950616) (Version: 1 - Microsoft Corporation) Исправление для Windows XP (KB951126) (HKLM\...\KB951126) (Version: 1 - Microsoft Corporation) Исправление для Windows XP (KB951312) (HKLM\...\KB951312) (Version: 1 - Microsoft Corporation) Исправление для Windows XP (KB951624) (HKLM\...\KB951624) (Version: 1 - Microsoft Corporation) Исправление для Windows XP (KB952117-v2) (HKLM\...\KB952117-v2) (Version: 2 - Microsoft Corporation) Исправление для Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation) КОМПАС-3D V12 (HKLM\...\{3DDA3DA8-BBA6-4BFD-8D90-3B4F3B08839B}) (Version: 12.0 - АСКОН) Обновление безопасности для Windows XP - (KB923689) (HKLM\...\KB923689) (Version: - Microsoft Corporation) Обновление безопасности для Windows XP - (KB941569) (HKLM\...\KB941569) (Version: - Microsoft Corporation) Обновление безопасности для проигрывателя Windows Media 10 - (KB936782) (HKLM\...\KB936782_WMP10) (Version: - Microsoft Corporation) Обновление для Windows Media Player 10 (KB923198) (HKLM\...\KB923198) (Version: - Microsoft Corporation) Обновление для Windows XP (KB942763) (HKLM\...\KB942763) (Version: 1 - Microsoft Corporation) Обновление для Windows XP (KB943729) (HKLM\...\KB943729) (Version: - Microsoft Corporation) Опус 2.0 (HKLM\...\Опус 2.0) (Version: - ) Пакет драйверов Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) (HKLM\...\76F6B4A696B8C9A7ACFF01D4E1D6EF2D974C3E67) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.) Пакет драйверов Windows - MediaTek Inc. (usbser) Ports (07/28/2010 1.1032.0) (HKLM\...\1109B50A44D6702860463F59FDC08FC3565058AC) (Version: 07/28/2010 1.1032.0 - MediaTek Inc.) Пакет драйверов Windows - MediaTek Inc. (usbser) Ports (09/01/2011 2.0.1136.0) (HKLM\...\DB7628637C9DD9982EC1783EB729896A7C216C0C) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.) Пакет драйверов Windows - MediaTek Inc. (usbser) Ports (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.) Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office (HKLM\...\{90120000-0020-0419-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation) Серия Canon MF4010 (HKLM\...\{900A29A0-52BA-4a78-8E6C-5F4F821397CE}) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{2F1F7574-ECCA-4361-B4DE-C411BF7EEE23}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{949CDFC6-2A52-4C27-A0A2-F87EF62D5536}\localserver32 -> C:\Documents and Settings\Leda-11\Local Settings\Application Data\Yandex\Updater\praetorian.exe (Yandex LLC) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2009\acadficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1343024091-1708537768-682003330-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1708537768-682003330-1006Core.job => C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1708537768-682003330-1006UA.job => C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Обновление Браузера Яндекс .job => C:\Documents and Settings\Leda-11\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.exe Task: C:\WINDOWS\Tasks\Обновление Браузера Яндекс.job => C:\Documents and Settings\Leda-11\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Documents and Settings\All Users\Главное меню\Программы\SkipSoft Android ToolKit\Uninstall Toolkit.lnk -> C:\Unified_Android_ToolKit\uninstall.bat () ShortcutWithArgument: C:\Documents and Settings\Leda-11\Application Data\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mail.ru/cnt/8136 ==================== Loaded Modules (Whitelisted) ============== 2016-02-06 11:01 - 2011-04-11 08:26 - 00024064 _____ () C:\WINDOWS\system32\spdpsl.dll 2016-02-06 12:17 - 2011-04-11 08:26 - 00024064 _____ () C:\WINDOWS\system32\spd__l.dll 2014-06-04 14:59 - 2014-06-04 14:59 - 00315392 _____ () C:\WINDOWS\system32\ANPDApi.dll 2014-06-04 14:59 - 2012-12-05 10:40 - 00303104 _____ () C:\Program Files\D-Link\DWA-125 revA\WlanApp.dll 2014-06-04 14:59 - 2010-07-12 14:39 - 00053248 _____ () C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe 2008-04-15 18:00 - 2008-04-15 18:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2013-09-01 21:33 - 2013-09-01 21:33 - 00268288 _____ () C:\Program Files\WinRAR\rarlng.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Documents and Settings\All Users\DRM:גָמָלקִפּוֹד [98] AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:41ADDB8A [145] AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A064CECC [126] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\fsproflt => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1343024091-1708537768-682003330-1006\...\smpbank.ru -> hxxps://bk.smpbank.ru ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-15 18:00 - 2013-02-11 14:25 - 00000765 ___RA C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1343024091-1708537768-682003330-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Leda-11\Application Data\296C4C64296C4C64.bmp DNS Servers: 192.168.1.1 Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeBridge => MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE MSCONFIG\startupreg: Apworks => C:\Documents and Settings\Leda-11\Local Settings\Application Data\Apworks\C76501C0.exe MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: Client Server Runtime Subsystem => MSCONFIG\startupreg: CSRSS => MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: D-Link D-Link DWA-125 => C:\Program Files\D-Link\DWA-125 revA\AirNCFG.exe MSCONFIG\startupreg: D-Link DWA-125 WZCSLDR2 => C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: Iksoft => regsvr32.exe "C:\Documents and Settings\Leda-11\Local Settings\Application Data\Iksoft\lxfzudmq.dll" MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: Praetorian => C:\Documents and Settings\Leda-11\Local Settings\Application Data\Yandex\Updater\praetorian.exe MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSCONFIG\startupreg: uTorrent => "C:\Documents and Settings\Leda-11\Application Data\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: VKSaver => C:\Documents and Settings\All Users\Application Data\VKSaver\VKSaver.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour StandardProfile\AuthorizedApplications: [C:\Program Files\1cv81\bin\1cv8.exe] => Enabled:1cv8 StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Admin\Рабочий стол\Crisisatdaportal_EG_SUBS_avi-downloader.exe] => Enabled:Blizzard Downloader StandardProfile\AuthorizedApplications: [C:\sane\bin\xsane.exe] => Enabled:xsane StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\hasplms.exe] => Enabled:HASP LLM StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Leda-11\Мои документы\Загрузки\FWdownloader.exe] => Enabled:nloader Application StandardProfile\AuthorizedApplications: [D:\Games\World_of_Tanks\WOTLauncher.exe] => Enabled:World of Tanks Launcher StandardProfile\AuthorizedApplications: [D:\Program Files\CyberTank\CyberTank.exe] => Enabled:CyberTank StandardProfile\AuthorizedApplications: [D:\Games\World_of_Tanks\WorldOfTanks.exe] => Enabled:World of Tanks StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome StandardProfile\AuthorizedApplications: [G:\Games\World_of_Tanks\WoTLauncher.exe] => Enabled:World of Tanks Launcher StandardProfile\AuthorizedApplications: [G:\Games\World_of_Tanks\WorldOfTanks.exe] => Enabled:World of Tanks StandardProfile\AuthorizedApplications: [C:\Program Files\CyberTank\CyberTank.exe] => Enabled:CyberTank StandardProfile\AuthorizedApplications: [G:\Program Files\CyberTank\CyberTank.exe] => Enabled:CyberTank StandardProfile\AuthorizedApplications: [G:\Games\World_of_Tanks\dniwebot\guiBot.exe] => Enabled:Gui Bot StandardProfile\AuthorizedApplications: [G:\Games\World_of_Tanks\dniwebot\DNIWEbot.exe] => Enabled:DNIWEbot StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\muzapp.exe] => Enabled:MUZ AOD APP player StandardProfile\AuthorizedApplications: [F:\Games\WoTLauncher.exe] => Enabled:World of Tanks Launcher StandardProfile\AuthorizedApplications: [F:\Games\WorldOfTanks.exe] => Enabled:World of Tanks StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Leda-11\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.exe] => Enabled:Yandex StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service StandardProfile\AuthorizedApplications: [C:\Program Files\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe] => Enabled:RTLDHCP StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\SUPDSvc2.exe] => Enabled:Samsung UPD Service2 StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004 DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005 DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001 DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002 DomainProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009 DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007 DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008 StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002 StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008 StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009 StandardProfile\GloballyOpenPorts: [31841:TCP] => StandardProfile\GloballyOpenPorts: [1542:TCP] => Enabled:Realtek WPS TCP Prot StandardProfile\GloballyOpenPorts: [1542:UDP] => Enabled:Realtek WPS UDP Prot StandardProfile\GloballyOpenPorts: [53:UDP] => Enabled:Realtek AP UDP Prot ==================== Restore Points ========================= 31-03-2016 16:04:11 Системная контрольная точка ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/02/2016 01:42:04 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Ошибка извлечения стороннего корневого списка из CAB автоматического обновления на: с кодом ошибки: Истек/не наступил срок действия требуемого сертификата при проверке по системным часам или по штампу времени в подписанном файле. Error: (02/02/2016 01:42:04 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Ошибка извлечения стороннего корневого списка из CAB автоматического обновления на: с кодом ошибки: Истек/не наступил срок действия требуемого сертификата при проверке по системным часам или по штампу времени в подписанном файле. Error: (01/21/2016 10:13:19 AM) (Source: Chrome) (EventID: 1) (User: LEDA-4) Description: Chrome has encountered a fatal error. ver=47.0.2526.111;lang=;guid=351A3FF4D70D42AD956107F7368D7544;is_machine=0;oop=1;upload=1;minidump=C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\CrashReports\d97cf129-7e05-4f97-aae6-f9e76caf4cc5.dmp Error: (08/05/2015 12:32:06 PM) (Source: Chrome) (EventID: 1) (User: LEDA-4) Description: Chrome has encountered a fatal error. ver=44.0.2403.125;lang=;guid=351A3FF4D70D42AD956107F7368D7544;is_machine=0;oop=1;upload=1;minidump=C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\CrashReports\8d589bc1-fb7f-4494-8bc5-089cabfbd3fd.dmp Error: (04/23/2015 11:19:41 AM) (Source: Chrome) (EventID: 1) (User: LEDA-4) Description: Chrome has encountered a fatal error. ver=42.0.2311.90;lang=;guid=351A3FF4D70D42AD956107F7368D7544;is_machine=0;oop=1;upload=1;minidump=C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\CrashReports\35254697-920b-4bfc-aa10-ba0417d96b8c.dmp Error: (04/22/2015 04:28:58 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Ошибка получения автоматического обновления последовательного номера стороннего корневого списка из: с кодом ошибки: Возврат из операции произошел из-за превышения времени ожидания. Error: (04/16/2015 01:09:05 PM) (Source: Chrome) (EventID: 1) (User: LEDA-4) Description: Chrome has encountered a fatal error. ver=42.0.2311.90;lang=;guid=351A3FF4D70D42AD956107F7368D7544;is_machine=0;oop=1;upload=1;minidump=C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\CrashReports\fd9e661a-185f-4b48-8103-4d5df4c7f105.dmp Error: (03/30/2015 12:12:52 PM) (Source: Chrome) (EventID: 1) (User: LEDA-4) Description: Chrome has encountered a fatal error. ver=41.0.2272.101;lang=;guid=351A3FF4D70D42AD956107F7368D7544;is_machine=0;oop=1;upload=1;minidump=C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\CrashReports\194f7146-bc22-4479-8356-6c8e177c65ca.dmp Error: (03/30/2015 12:12:04 PM) (Source: Chrome) (EventID: 1) (User: LEDA-4) Description: Chrome has encountered a fatal error. ver=41.0.2272.101;lang=;guid=351A3FF4D70D42AD956107F7368D7544;is_machine=0;oop=1;upload=1;minidump=C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\CrashReports\734a0176-c707-42dd-9ad1-e75e3b17c232.dmp Error: (03/14/2015 10:06:49 AM) (Source: Chrome) (EventID: 1) (User: LEDA-4) Description: Chrome has encountered a fatal error. ver=40.0.2214.115;lang=;guid=351A3FF4D70D42AD956107F7368D7544;is_machine=0;oop=1;upload=1;minidump=C:\Documents and Settings\Leda-11\Local Settings\Application Data\Google\CrashReports\e4c5d213-7864-448f-8f17-2e4f716088b4.dmp System errors: ============= Error: (04/01/2016 01:49:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "haspflt" из-за ошибки %%2 Error: (04/01/2016 01:49:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "Драйвер параллельного порта" из-за ошибки %%1058 Error: (04/01/2016 01:49:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "Realtek EAPPkt Protocol" из-за ошибки %%2 Error: (04/01/2016 01:46:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "Служба шлюза уровня приложения" неожиданно прервана. Это произошло (раз): 1. Error: (04/01/2016 01:46:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "LogMeIn Hamachi Tunneling Engine" неожиданно прервана. Это произошло (раз): 1. Error: (04/01/2016 01:46:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "SAMSUNG Mobile Connectivity Service" неожиданно прервана. Это произошло (раз): 1. Error: (04/01/2016 01:46:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "Machine Debug Manager" неожиданно прервана. Это произошло (раз): 1. Error: (04/01/2016 01:46:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "FSPro Filter Service" неожиданно прервана. Это произошло (раз): 1. Error: (04/01/2016 01:46:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "Ext2 Volume Manger" неожиданно прервана. Это произошло (раз): 1. Error: (04/01/2016 01:46:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "D_Link_DWA-125_WPS Service" неожиданно прервана. Это произошло (раз): 1. ==================== Memory info =========================== Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ Percentage of memory in use: 23% Total physical RAM: 3327.23 MB Available physical RAM: 2532.72 MB Total Virtual: 7264.24 MB Available Virtual: 6657.09 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:59.24 GB) (Free:23.5 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: (DATA) (Fixed) (Total:173.65 GB) (Free:130.35 GB) NTFS Drive f: (старый) (Fixed) (Total:80.26 GB) (Free:36.64 GB) NTFS Drive g: (старый2) (Fixed) (Total:106.05 GB) (Free:91.02 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 000A5FBF) Partition 1: (Active) - (Size=59.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=173.6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 01590159) Partition 1: (Active) - (Size=80.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=106.1 GB) - (Type=05) ==================== End of Addition.txt ============================