Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-04-2016 Ran by СЕКР (2016-04-14 16:27:05) Running from D:\АРХИВ КОМП\Загрузки\AutoLogger Microsoft Windows 7 Максимальная (X86) (2013-07-23 07:44:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Администратор (S-1-5-21-2868252174-1540766134-1988227909-500 - Administrator - Disabled) Гость (S-1-5-21-2868252174-1540766134-1988227909-501 - Limited - Disabled) СЕКР (S-1-5-21-2868252174-1540766134-1988227909-1000 - Administrator - Enabled) => C:\Users\СЕКР ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1C:Предприятие 8.2 (8.2.18.104) (HKLM\...\{950CFA51-06B8-4355-B257-7B12EDB35A2E}) (Version: 8.2.18.104 - 1C) 1C:Предприятие 8.2 (8.2.19.80) (HKLM\...\{80897B76-D827-4270-808C-C8FCD379475D}) (Version: 8.2.19.80 - 1C) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Reader XI (11.0.14) - Russian (HKLM\...\{AC76BA86-7AD7-1049-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2225 - AVAST Software) CheckPfr (HKLM\...\{28EB4A2E-09EC-484A-A9D0-9C8329EB0DC9}_is1) (Version: - ПФР по РБ) CheckXML (HKLM\...\CheckXML) (Version: - ) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Firebird 2.0.5.13206 (win32) (HKLM\...\FBDBServer_2_0_is1) (Version: 2.0.5.13206 - Firebird Project) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation) Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.713 - Kyocera Mita Corporation) Kyocera TWAIN Driver (HKLM\...\InstallShield_{ECDF16B0-D43E-40E4-B41E-72B90077BF09}) (Version: 2.0.1114 - Kyocera Mita) Kyocera TWAIN Driver (Version: 2.0.1114 - Kyocera Mita) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.) MegaFon Modem (HKLM\...\MegaFon Modem) (Version: 22.001.18.27.209 - Huawei Technologies Co.,Ltd) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office - профессиональный выпуск версии 2003 (HKLM\...\{90110419-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Mozilla Firefox 45.0.2 (x86 ru) (HKLM\...\Mozilla Firefox 45.0.2 (x86 ru)) (Version: 45.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla) Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Rutoken Drivers (HKLM\...\{4367F4C6-56F6-489D-ADF9-EB25A71C3C1A}) (Version: 2.89.00.0491 - Компания "Актив") Sbis Launcher (HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\{0DD4DE9E-D01B-449B-9802-18394465E46A}_is1) (Version: 3.7.3.73 - Tensor Company Ltd) TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) Windows 7 Codec Pack 2.1.0 (HKLM\...\Windows 7 - Codec Pack) (Version: - Windows 7 Codec Pack) WinRAR 4.11 (32-разрядная) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) Декларация 2015 (HKLM\...\Декларация 2015) (Version: - ) КриптоПро CSP (HKLM\...\{54A08450-B343-40B0-924E-68F031450996}) (Version: 3.6.7363 - Компания КРИПТО-ПРО) Печать НД с PDF417 3.2.4 (пакет) (HKLM\...\{D9D0E5CE-F386-4A74-B974-BF29485856C1}) (Version: 3.2.4 - ФГУП ГНИВЦ ФНС РФ в ПФО) СheckXML+2НДФЛ 2014 (HKLM\...\СheckXML+2НДФЛ 2014) (Version: - ) СБиС++ Электронная отчетность и документооборот сборки 2.4.157 от 10.09.2013 (HKLM\...\СБиС++ Документооборот_is1) (Version: 2.4.157 от 10.09.2013 - Компания Тензор) Языковой пакет клиентского профиля Microsoft.NET Framework 4 - RUS (HKLM\...\Microsoft .NET Framework 4 Client Profile RUS Language Pack) (Version: 4.0.30319 - Корпорация Майкрософт) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{00b02060-f1f7-492d-a778-d4d2713fabd8}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_9128_69.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{0a3f4dfe-fd14-49c7-9d51-748d15a767d2}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_7B38_d2.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{122D5FEF-8711-4d87-A5BC-41ED5DF77258}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_66BD_87.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{144e696e-5d45-49b9-94bd-507f7462eb84}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_DE4D_9e.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{1a87d67b-23d3-4b8f-9f9b-7cd30c1c95bd}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_DE4D_9e.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{2967905f-ecf3-409f-8019-25b5fccfe72b}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_9128_69.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{299d01f2-df53-4711-8286-1d450e29df33}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_9128_69.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{3139de55-4560-4239-9330-2230f9b89929}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_DE4D_9e.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{32e34c63-2013-4ee9-b4fb-3bf4aa33aa25}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_16AB_61.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{37bcb01c-0b25-45b6-8a7e-8e56b77d18ff}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_7B38_d2.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{56C2D5F5-0F32-45cb-AD75-87AF17CFDC27}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_66BD_87.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{57963704-EE80-4bc5-8421-66098E5832AE}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_66BD_87.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{60940425-4085-4f11-ab34-b9dacd636f4b}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_A063_52.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{61a955b5-06dc-4371-bae4-c228777d6d87}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_16AB_61.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{680849bc-b86d-4669-9219-ad9ac13e4ddc}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_A063_52.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{68C0D34D-264F-4d64-AEF1-51C728DFDAD8}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_66BD_87.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{6a8f8752-e2ec-485d-8e46-b2509f668d26}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_6BDC_9b.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{6da75278-e916-4a18-934f-1d90b2cebabd}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_6BDC_9b.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{7365bebe-ac14-47f3-bff2-252f9ead5c7b}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_7B38_d2.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{7446bb6e-5720-405b-8839-464d958a95d5}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_7B38_d2.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{767f9370-451a-43b0-b590-d32f7b1e5f8c}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_DE4D_9e.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{7b7c1f93-8199-4da7-88eb-e25a222c7a15}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_A063_52.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{9ee0a337-0726-4400-95e8-77e893ec681c}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_6BDC_9b.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{a12ffdf7-199d-4469-8c20-98a3de73ed2c}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_DE4D_9e.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{a70b6806-f2e5-44a5-abb2-14a63cedf752}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_6BDC_9b.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{a87602aa-13fc-4d6a-b2e8-e02787e59dad}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_7B38_d2.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{acad8a98-286a-420b-9fa3-02c0593917c9}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_A063_52.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{AD7BA4D6-DE06-4D5D-BA2B-E1FD7BEE1E8F}\InprocServer32 -> C:\Users\СЕКР\AppData\Roaming\SbisLauncher\Plugins\SbisPluginClient\npSbisPluginClient.dll () CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{b524799f-1122-4978-ad75-514c406b08b5}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_16AB_61.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{c127373e-5025-4630-a5be-23c4d86ac559}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_A063_52.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{cbb584c0-d082-4ea4-930f-1a395092c8fa}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_9128_69.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{ce3cc09b-5e51-47fe-88e6-ca2068d12657}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_9128_69.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{cfe33012-70f5-428e-bedc-b26bf237e21c}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_16AB_61.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{e7727e52-306a-4026-a1f3-0a67008f443d}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_6BDC_9b.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{F62D2442-FE48-4cbc-9FCA-E19FC839461B}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_66BD_87.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{fb668c1b-efe4-457c-9923-e0144150e9e1}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Temp\v8_16AB_61.tmp => No File CustomCLSID: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InprocServer32 -> C:\Users\СЕКР\AppData\Local\Unmedia\UniMap_x86.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {269566B3-19AD-4838-A5E2-E0D0C1BDF020} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {42E88AE2-8F62-41EF-922F-5858CF3FD0D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated) Task: {8424DEAB-B367-4632-AC0E-7A094F0F8235} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-08-10] (AVAST Software) Task: {879B9D01-9FC3-4D4F-B62B-1D91186F0E13} - System32\Tasks\{DBEEE6EC-2996-414E-B5A8-1AD4DB91E38A} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {9902F361-CE4B-4C7E-9434-40A2C47F336E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-14] (AVAST Software) Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2009-07-14] (Корпорация Майкрософт (Microsoft Corp.)) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-08-14 23:21 - 2015-08-14 23:21 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-08-14 23:21 - 2015-08-14 23:21 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-04-14 07:53 - 2016-04-14 07:53 - 02887168 _____ () C:\Program Files\AVAST Software\Avast\defs\16041301\algo.dll 2016-04-14 16:16 - 2016-04-14 16:16 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16041400\algo.dll 2013-09-19 08:51 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll 2011-03-14 19:27 - 2011-03-14 19:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe 2015-09-30 11:31 - 2015-09-30 15:01 - 00240640 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\ouc.exe 2015-09-30 11:14 - 2015-09-30 11:13 - 00011362 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\mingwm10.dll 2015-09-30 11:14 - 2015-09-30 11:13 - 00043008 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\libgcc_s_dw2-1.dll 2015-09-30 11:14 - 2015-09-30 11:13 - 02415104 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\QtCore4.dll 2015-09-30 11:14 - 2015-09-30 11:13 - 01148416 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\QtNetwork4.dll 2015-09-30 11:14 - 2015-09-30 11:13 - 00384512 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\QueryStrategy.dll 2015-09-30 11:14 - 2015-09-30 11:13 - 00398336 _____ () C:\ProgramData\MegaFon Modem\OnlineUpdate\QtXml4.dll 2015-09-30 15:01 - 2015-09-30 15:02 - 00514560 _____ () C:\Program Files\MegaFon Modem\MegaFon Modem.exe 2015-09-30 15:01 - 2015-09-30 15:01 - 00413696 _____ () C:\Program Files\MegaFon Modem\core.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00270336 _____ () C:\Program Files\MegaFon Modem\sdk.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00011362 _____ () C:\Program Files\MegaFon Modem\mingwm10.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00043008 _____ () C:\Program Files\MegaFon Modem\libgcc_s_dw2-1.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 02415104 _____ () C:\Program Files\MegaFon Modem\QtCore4.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 09515520 _____ () C:\Program Files\MegaFon Modem\QtGui4.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00386048 _____ () C:\Program Files\MegaFon Modem\Proxy.DLL 2015-09-30 15:01 - 2015-09-30 15:01 - 00218624 _____ () C:\Program Files\MegaFon Modem\Common.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00135168 _____ () C:\Program Files\MegaFon Modem\Trace.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00545280 _____ () C:\Program Files\MegaFon Modem\PluginContainer.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00239104 _____ () C:\Program Files\MegaFon Modem\AtCodec.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00300544 _____ () C:\Program Files\MegaFon Modem\DeviceSrvPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00224256 _____ () C:\Program Files\MegaFon Modem\NetSrvPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00133632 _____ () C:\Program Files\MegaFon Modem\OSDialup.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00168960 _____ () C:\Program Files\MegaFon Modem\XCodec.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00157184 _____ () C:\Program Files\MegaFon Modem\DataServicePlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00175616 _____ () C:\Program Files\MegaFon Modem\CallSrvPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00262656 _____ () C:\Program Files\MegaFon Modem\AddrBookSrvPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00218624 _____ () C:\Program Files\MegaFon Modem\SmsSrvPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00142336 _____ () C:\Program Files\MegaFon Modem\USSDSrvPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00157184 _____ () C:\Program Files\MegaFon Modem\STKSrvPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00123904 _____ () C:\Program Files\MegaFon Modem\ATR2SMgr.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00337408 _____ () C:\Program Files\MegaFon Modem\DeviceAppPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00065536 _____ () C:\Program Files\MegaFon Modem\OSPowerMgr.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00106496 _____ () C:\Program Files\MegaFon Modem\Win7Support.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 01084416 _____ () C:\Program Files\MegaFon Modem\AddrBookPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00673792 _____ () C:\Program Files\MegaFon Modem\SmsAppPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00556032 _____ () C:\Program Files\MegaFon Modem\CallAppPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00547328 _____ () C:\Program Files\MegaFon Modem\CallLogSrvPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00158720 _____ () C:\Program Files\MegaFon Modem\NetConnectSrvPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00211968 _____ () C:\Program Files\MegaFon Modem\DialUpPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00101888 _____ () C:\Program Files\MegaFon Modem\OSAdapt.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00178688 _____ () C:\Program Files\MegaFon Modem\NDISPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00131584 _____ () C:\Program Files\MegaFon Modem\OSNDIS.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 01101824 _____ () C:\Program Files\MegaFon Modem\NDISAPI.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00278528 _____ () C:\Program Files\MegaFon Modem\NetInfoSrvPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00062976 _____ () C:\Program Files\MegaFon Modem\OSCall.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00224256 _____ () C:\Program Files\MegaFon Modem\tdpcvoice.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00508928 _____ () C:\Program Files\MegaFon Modem\DeviceMgrUIPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00249344 _____ () C:\Program Files\MegaFon Modem\XFramePlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00316928 _____ () C:\Program Files\MegaFon Modem\StatusBarMgrPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00366080 _____ () C:\Program Files\MegaFon Modem\NetConnectPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00097280 _____ () C:\Program Files\MegaFon Modem\NotifyServicePlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00117248 _____ () C:\Program Files\MegaFon Modem\LayoutPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00419328 _____ () C:\Program Files\MegaFon Modem\DialupUIPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00804352 _____ () C:\Program Files\MegaFon Modem\MiniFramePlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00398336 _____ () C:\Program Files\MegaFon Modem\QtXml4.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00263168 _____ () C:\Program Files\MegaFon Modem\MenuMgrPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00506880 _____ () C:\Program Files\MegaFon Modem\NetInfoUIExPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00855040 _____ () C:\Program Files\MegaFon Modem\SMSUIPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00869888 _____ () C:\Program Files\MegaFon Modem\AddrBookUIPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00497152 _____ () C:\Program Files\MegaFon Modem\USSDUIPlugin.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00269824 _____ () C:\Program Files\MegaFon Modem\LiveUpdateInterface.DLL 2015-09-30 15:01 - 2015-09-30 15:01 - 01148416 _____ () C:\Program Files\MegaFon Modem\QtNetwork4.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00082944 _____ () C:\Program Files\MegaFon Modem\plugins\imageformats\qgif4.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00081920 _____ () C:\Program Files\MegaFon Modem\plugins\imageformats\qico4.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00192000 _____ () C:\Program Files\MegaFon Modem\plugins\imageformats\qjpeg4.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00350720 _____ () C:\Program Files\MegaFon Modem\plugins\imageformats\qmng4.dll 2015-09-30 15:01 - 2015-09-30 15:01 - 00370176 _____ () C:\Program Files\MegaFon Modem\plugins\imageformats\qtiff4.dll 2013-07-23 12:08 - 2011-06-26 14:16 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2015-08-14 23:21 - 2015-08-14 23:21 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\...\vtb24.ru -> hxxps://bco.vtb24.ru ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 06:04 - 2016-04-04 14:52 - 00000865 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2868252174-1540766134-1988227909-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\СЕКР\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.77.48.33 - 10.77.48.49 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6666DF0B-5EE7-46F5-9FE8-7C153778A3AC}] => (Allow) C:\Windows\system32\hasplms.exe FirewallRules: [TCP Query User{AC0B6420-2E66-4B01-9FD6-31DB862B1989}C:\users\секр\appdata\local\temp\tensorrh\winvnc.exe] => (Allow) C:\users\секр\appdata\local\temp\tensorrh\winvnc.exe FirewallRules: [UDP Query User{32843E52-E34B-44A7-9BD7-73C8A4907DC2}C:\users\секр\appdata\local\temp\tensorrh\winvnc.exe] => (Allow) C:\users\секр\appdata\local\temp\tensorrh\winvnc.exe FirewallRules: [TCP Query User{3FCB3F1C-E8F9-4A91-B275-69B2FE4C07E4}C:\program files\1cv82\8.2.18.104\bin\1cv8.exe] => (Allow) C:\program files\1cv82\8.2.18.104\bin\1cv8.exe FirewallRules: [UDP Query User{BEC0ACFD-94C2-400D-8087-5C799FF4C77D}C:\program files\1cv82\8.2.18.104\bin\1cv8.exe] => (Allow) C:\program files\1cv82\8.2.18.104\bin\1cv8.exe FirewallRules: [TCP Query User{456B01AA-4385-44AB-B099-DBED666A023F}C:\program files\1cv82\8.2.19.80\bin\1cv8.exe] => (Allow) C:\program files\1cv82\8.2.19.80\bin\1cv8.exe FirewallRules: [UDP Query User{8D006779-B0E9-446F-B67B-F5BE0649D7D9}C:\program files\1cv82\8.2.19.80\bin\1cv8.exe] => (Allow) C:\program files\1cv82\8.2.19.80\bin\1cv8.exe FirewallRules: [TCP Query User{ABCEE53A-EB69-4BBB-AF59-64FA28EFC384}C:\users\секр\appdata\roaming\sbislauncher\launcher.exe] => (Block) C:\users\секр\appdata\roaming\sbislauncher\launcher.exe FirewallRules: [UDP Query User{E336CDD9-A635-46F3-97A6-4CEC02FB3C13}C:\users\секр\appdata\roaming\sbislauncher\launcher.exe] => (Block) C:\users\секр\appdata\roaming\sbislauncher\launcher.exe FirewallRules: [TCP Query User{1A5FD6DE-3520-425D-99EF-A188ADD249D5}C:\users\секр\appdata\roaming\sbislauncher\launcher.exe] => (Allow) C:\users\секр\appdata\roaming\sbislauncher\launcher.exe FirewallRules: [UDP Query User{3A8E36F9-87A9-4A68-9DB8-D07AE286D590}C:\users\секр\appdata\roaming\sbislauncher\launcher.exe] => (Allow) C:\users\секр\appdata\roaming\sbislauncher\launcher.exe FirewallRules: [{2A1D9415-D534-4A06-819A-57FCAFF0A223}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{C05CF03A-E8F8-4B5F-A957-E37BE90FF6A2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{8BB67088-2441-4899-B2CA-BA2A95B39389}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{9AD9DD48-9DD6-4E76-84BE-B1C2EB020491}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [{6DD512FD-DA02-4873-88E5-E6D5055345C4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{7262F029-8726-4C21-8F73-F60924FBF313}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [TCP Query User{9662822F-7A30-4330-B8A0-C1B9E9DA073F}C:\program files\megafon\multifon\multifon.exe] => (Allow) C:\program files\megafon\multifon\multifon.exe FirewallRules: [UDP Query User{813D8D0F-1FFB-47FA-9A21-A4BC6D208784}C:\program files\megafon\multifon\multifon.exe] => (Allow) C:\program files\megafon\multifon\multifon.exe FirewallRules: [{4FCA728A-8767-4F11-B990-35E995E59551}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{6B6275EA-132C-46D4-AEDB-ED62CD4ED61E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{76956AB1-AC13-4BE2-BDF4-DA4A1630290B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C738D403-4C8B-4C73-BC61-6F9CA4478D99}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E2EA24C6-855D-41E6-9613-3B81D90FE82B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{4128ABE9-93E2-4D08-A2D7-5C18F9096680}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{F532CEBE-B857-4A34-972F-19AE003BA56C}C:\program files\1cv82\8.2.19.80\bin\1cv8.exe] => (Block) C:\program files\1cv82\8.2.19.80\bin\1cv8.exe FirewallRules: [UDP Query User{B8B70C99-8EF3-4990-A87E-CBF968BD2E0C}C:\program files\1cv82\8.2.19.80\bin\1cv8.exe] => (Block) C:\program files\1cv82\8.2.19.80\bin\1cv8.exe ==================== Restore Points ========================= 12-04-2016 13:46:07 Запланированная контрольная точка 14-04-2016 09:15:22 14.04.16 Перед сбором логов ==================== Faulty Device Manager Devices ============= Name: PCI-контроллер Simple Communications Description: PCI-контроллер Simple Communications Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/14/2016 01:38:16 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={DBDFE04B-DE4D-4B46-89AD-8552B461666D}: Пользователь BUH\СЕКР установил удаленное подключение MegaFon Internet, которое завершилось сбоем. Возвращен код ошибки 0. Error: (04/14/2016 07:48:45 AM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={55029C6C-539E-4D9F-9B1F-955D6BE93B5C}: Пользователь BUH\СЕКР установил удаленное подключение MegaFon Internet, которое завершилось сбоем. Возвращен код ошибки 797. Error: (04/14/2016 07:48:44 AM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={110E45F6-6E73-460F-83A2-3C7439B0C7A5}: Пользователь BUH\СЕКР установил удаленное подключение MegaFon Internet, которое завершилось сбоем. Возвращен код ошибки 797. Error: (04/14/2016 07:48:43 AM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={3BA77B4B-EC6A-4A86-8CCD-9B6B9E87C9BE}: Пользователь BUH\СЕКР установил удаленное подключение MegaFon Internet, которое завершилось сбоем. Возвращен код ошибки 797. Error: (04/14/2016 07:48:41 AM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={03423CA6-DE00-4E0D-9969-530F5FC90C77}: Пользователь BUH\СЕКР установил удаленное подключение MegaFon Internet, которое завершилось сбоем. Возвращен код ошибки 797. Error: (04/14/2016 07:48:32 AM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={48A7AABC-6CB8-4125-A3EA-3CC2E3395AC2}: Пользователь BUH\СЕКР установил удаленное подключение MegaFon Internet, которое завершилось сбоем. Возвращен код ошибки 797. Error: (04/14/2016 07:48:31 AM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={29F18F22-4C29-40A7-B316-15D4D5A77678}: Пользователь BUH\СЕКР установил удаленное подключение MegaFon Internet, которое завершилось сбоем. Возвращен код ошибки 797. Error: (04/14/2016 07:48:30 AM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={5472F11A-3B73-42F0-A6D2-7996353FBB19}: Пользователь BUH\СЕКР установил удаленное подключение MegaFon Internet, которое завершилось сбоем. Возвращен код ошибки 797. Error: (04/14/2016 07:48:28 AM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={F0945928-12D6-4278-AD09-D14ACF4E791A}: Пользователь BUH\СЕКР установил удаленное подключение MegaFon Internet, которое завершилось сбоем. Возвращен код ошибки 797. Error: (04/13/2016 01:11:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Сбой получения автоматического обновления стороннего корневого сертификата от с ошибкой Возврат из операции произошел из-за превышения времени ожидания. . System errors: ============= Error: (04/14/2016 04:11:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "MegaFon Modem. OUC" из-за ошибки %%1053 Error: (04/14/2016 04:11:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "MegaFon Modem. OUC". Error: (04/14/2016 04:11:22 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Структура файловой системы на диске повреждена и непригодна к использованию. Запустите программу CHKDSK на томе \Device\HarddiskVolume3. Error: (04/14/2016 04:07:43 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Сбой инициализации из-за невозможности создать устройство драйвера. Используйте строку "%2", чтобы определить интерфейс, у которого произошел сбой инициализации. Строка представляет собой MAC-адрес интерфейса, у которого произошел сбой инициализации, или глобальный уникальный идентификатор интерфейса (GUID), если NetBT не удалось сопоставить GUID с MAC-адресом. Если недоступны ни MAC-адрес, ни GUID, тогда эта строка представляет имя устройства в кластере. Error: (04/14/2016 02:54:44 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Сбой инициализации из-за невозможности создать устройство драйвера. Используйте строку "%2", чтобы определить интерфейс, у которого произошел сбой инициализации. Строка представляет собой MAC-адрес интерфейса, у которого произошел сбой инициализации, или глобальный уникальный идентификатор интерфейса (GUID), если NetBT не удалось сопоставить GUID с MAC-адресом. Если недоступны ни MAC-адрес, ни GUID, тогда эта строка представляет имя устройства в кластере. Error: (04/14/2016 01:38:52 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Сбой инициализации из-за невозможности создать устройство драйвера. Используйте строку "%2", чтобы определить интерфейс, у которого произошел сбой инициализации. Строка представляет собой MAC-адрес интерфейса, у которого произошел сбой инициализации, или глобальный уникальный идентификатор интерфейса (GUID), если NetBT не удалось сопоставить GUID с MAC-адресом. Если недоступны ни MAC-адрес, ни GUID, тогда эта строка представляет имя устройства в кластере. Error: (04/14/2016 01:37:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "MegaFon Modem. OUC" из-за ошибки %%1053 Error: (04/14/2016 01:37:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "MegaFon Modem. OUC". Error: (04/14/2016 01:37:44 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Структура файловой системы на диске повреждена и непригодна к использованию. Запустите программу CHKDSK на томе C:. Error: (04/14/2016 12:54:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "MegaFon Modem. OUC" из-за ошибки %%1053 ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz Percentage of memory in use: 60% Total physical RAM: 1954.32 MB Available physical RAM: 770.28 MB Total Virtual: 3908.64 MB Available Virtual: 2336.93 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:94.67 GB) (Free:39.84 GB) NTFS Drive d: (Новый том) (Fixed) (Total:292.97 GB) (Free:284.09 GB) NTFS Drive f: (Новый том) (Fixed) (Total:78.03 GB) (Free:73.36 GB) NTFS Drive g: (MegaFon Modem) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 68F30D73) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=78 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=94.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=293 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================