This topic is locked
Guyz! I'm from Russia and I've found your topic recently. I have the same trouble as there - http://www.geekstogo...wse-and-others/If I try to uninstall, it'll delete but after an hour it set-upes again. Please, at that topic man named Pystryker helped somebody. I have the same problem
Here's my FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015 01
Ran by Наталья (administrator) on ANDREY on 14-05-2015 19:50:10
Running from C:\Users\Наталья\Downloads
Loaded Profiles: Наталья (Available profiles: Наталья)
Platform: Microsoft Windows 7 Профессиональная Service Pack 1 (X86) OS Language: Русский (Россия)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\Наталья\AppData\Roaming\923314A9-1431460821-E011-A75E-F46D04A7873B\nsyADCB.tmp
() C:\Users\Наталья\AppData\Roaming\923314A9-1431460821-E011-A75E-F46D04A7873B\jnst9A0E.tmp
() C:\Windows\inf\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Apple Inc.) D:\Интернет\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10029672 2011-03-18] (Realtek Semiconductor)
HKLM\...\Run: [Wireless Console 3] => C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-01-06] (Atheros Communications)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HostService] => C:\Windows\inf\ip.exe [49664 2014-05-25] ()
HKLM\...\Run: [iTunesHelper] => D:\Интернет\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [gmsd_ru_235] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-4056400932-2505536779-898361843-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-4056400932-2505536779-898361843-1000] => 192.168.0.1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfin...4NDXXXXW04024ND
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfin...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfin...4NDXXXXW04024ND
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfin...q={searchTerms}
HKU\S-1-5-21-4056400932-2505536779-898361843-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://yamdex.net/?s...t={searchTerms}
HKU\S-1-5-21-4056400932-2505536779-898361843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfin...4NDXXXXW04024ND
HKU\S-1-5-21-4056400932-2505536779-898361843-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ru.msn.com/?ocid=iehp
HKU\S-1-5-21-4056400932-2505536779-898361843-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yamdex.net/?s...t={searchTerms}
HKU\S-1-5-21-4056400932-2505536779-898361843-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/search
HKU\S-1-5-21-4056400932-2505536779-898361843-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfin...4NDXXXXW04024ND
URLSearchHook: [S-1-5-21-4056400932-2505536779-898361843-1000] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-4056400932-2505536779-898361843-1000 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfin...q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfin...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4056400932-2505536779-898361843-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfin...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4056400932-2505536779-898361843-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4056400932-2505536779-898361843-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4056400932-2505536779-898361843-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4056400932-2505536779-898361843-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4056400932-2505536779-898361843-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfin...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4056400932-2505536779-898361843-1000 -> {61EB20A4-D4D5-4276-A2C9-DCCE8CE9F633} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4056400932-2505536779-898361843-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsur...q={searchTerms}
SearchScopes: HKU\S-1-5-21-4056400932-2505536779-898361843-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://www.istartsur...q={searchTerms}
BHO: APIHelperBHO -> {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} -> C:\Users\Наталья\AppData\Local\Microsoft\Internet Explorer\Extensions\APIHelper.dll [2014-10-24] ()
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-01-06] (Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Handler: WSAMVCUchrome - No CLSID Value -
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
DefaultPrefix: => http://yamdex.net/?s...6bfd63b9d&text=<==== ATTENTION
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsur...4NDXXXXW04024ND
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Интернет\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> https://www.google.ru/
CHR StartupUrls: Default -> "https://www.google.ru/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Наталья\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Block site) - C:\Users\Наталья\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2014-11-01]
CHR Extension: (Twitch Stream) - C:\Users\Наталья\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjaicoojlfoococemdcaollmhaiolole [2014-11-03]
CHR Extension: (AdBlock) - C:\Users\Наталья\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-30]
CHR Extension: (Bookmark Manager) - C:\Users\Наталья\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Наталья\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Наталья\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [jggbjbmnfmipgcanidamjfpechdeekoi] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - https://clients2.goo...ice/update2/crx
Opera:
=======
OPR Extension: (Переводчик для Chrome 2) - C:\Users\Наталья\AppData\Roaming\Opera Software\Opera Stable\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2014-09-10]
StartMenuInternet: (HKLM) Opera - D:\Опера\Opera.exe
StartMenuInternet: (HKU\S-1-5-21-4056400932-2505536779-898361843-1000) Opera - "D:\Опера\Opera.exe"
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [56480 2011-01-06] (Atheros Commnucations) [File not signed]
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2571704 2012-12-03] (WIBU-SYSTEMS AG)
R2 d3dadapter; C:\Windows\System32\d3dadapter.dll [223262 2010-11-21] () [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт)
R2 ir16_32; C:\Windows\System32\ir16_32.dll [321055 2012-11-30] () [File not signed]
R2 jyjupece; C:\Users\Наталья\AppData\Roaming\923314A9-1431460821-E011-A75E-F46D04A7873B\nsyADCB.tmp [432128 2015-05-14] () [File not signed]
R2 KBDMAI; C:\Windows\System32\KBDMAI.dll [132129 2010-11-21] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 qozyzuwu; C:\Users\Наталья\AppData\Roaming\923314A9-1431460821-E011-A75E-F46D04A7873B\jnst9A0E.tmp [231936 2015-05-12] () [File not signed]
R2 r_server; C:\Windows\inf\svchost.exe [241664 2014-05-25] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [337064 2015-05-14] (SysTool PasSame LIMITED) <==== ATTENTION
R2 wlanmgr; C:\Windows\System32\wlanmgr.dll [854035 2012-11-30] () [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт)
R2 wsaudio; C:\Windows\System32\wsaudio.dll [366592 2012-11-30] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-01-06] (Atheros)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-05-25] (Disc Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2015-01-14] (LogMeIn, Inc.)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-21] (Корпорация Майкрософт)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
R1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
NETSVC: KBDMAI -> C:\Windows\System32\KBDMAI.dll ()
NETSVC: ir16_32 -> C:\Windows\System32\ir16_32.dll ()
NETSVC: d3dadapter -> C:\Windows\System32\d3dadapter.dll ()
NETSVC: wlanmgr -> C:\Windows\System32\wlanmgr.dll ()
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-14 19:50 - 2015-05-14 19:51 - 00019205 _____ () C:\Users\Наталья\Downloads\FRST.txt.txt
2015-05-14 19:48 - 2015-05-14 19:48 - 00023853 _____ () C:\Users\Наталья\Downloads\fixlist.txt
2015-05-14 19:46 - 2015-05-14 19:50 - 00000000 ____D () C:\FRST
2015-05-14 19:45 - 2015-05-14 19:45 - 01144832 _____ (Farbar) C:\Users\Наталья\Downloads\FRST.exe
2015-05-14 19:11 - 2015-05-14 19:11 - 00000000 __SHD () C:\Users\Наталья\AppData\Roaming\AnyProtectEx
2015-05-14 19:11 - 2015-05-14 19:11 - 00000000 ____D () C:\Program Files\AnyProtectEx
2015-05-14 19:07 - 2015-05-14 19:07 - 00000996 _____ () C:\Users\Наталья\Desktop\opera - Ярлык.lnk
2015-05-14 18:45 - 2015-05-14 19:07 - 00001730 _____ () C:\Users\Наталья\Desktop\chrome - Ярлык.lnk
2015-05-14 18:41 - 2015-05-14 18:41 - 00000000 ____D () C:\Program Files\predm
2015-05-14 18:40 - 2015-05-14 18:40 - 00000000 ____D () C:\Users\Наталья\Downloads\avz4
2015-05-14 18:38 - 2015-05-14 18:38 - 00000000 ____H () C:\Users\Все пользователи\cm-lock
2015-05-14 18:38 - 2015-05-14 18:38 - 00000000 ____H () C:\ProgramData\cm-lock
2015-05-14 15:06 - 2015-05-14 15:34 - 00000000 ____D () C:\Users\Наталья\Desktop\Новая папка
2015-05-14 09:59 - 2015-05-14 09:59 - 00002323 _____ () C:\Windows\patsearch.bin
2015-05-14 09:59 - 2015-05-14 09:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-05-14 09:52 - 2015-05-14 09:52 - 00000000 ____D () C:\Users\Все пользователи\WindowsMangerProtect
2015-05-14 09:52 - 2015-05-14 09:52 - 00000000 ____D () C:\Users\Все пользователи\IHProtectUpDate
2015-05-14 09:52 - 2015-05-14 09:52 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-05-14 09:52 - 2015-05-14 09:52 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-05-12 23:00 - 2015-05-14 15:20 - 00000000 ____D () C:\Users\Наталья\AppData\Roaming\923314A9-1431460821-E011-A75E-F46D04A7873B
2015-05-12 22:58 - 2015-05-13 08:17 - 00000258 __RSH () C:\Users\Все пользователи\ntuser.pol
2015-05-12 22:58 - 2015-05-13 08:17 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-05-12 22:58 - 2015-05-12 22:58 - 00000008 __RSH () C:\Users\Наталья\ntuser.pol
2015-05-10 14:17 - 2015-05-10 14:17 - 00144056 _____ () C:\Windows\Minidump\051015-19812-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-14 19:46 - 2013-01-24 15:23 - 01768032 _____ () C:\Windows\WindowsUpdate.log
2015-05-14 19:41 - 2014-01-30 10:45 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 19:00 - 2014-10-30 18:10 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-14 18:49 - 2013-01-26 23:23 - 00000000 ____D () C:\Users\Все пользователи\VKSaver
2015-05-14 18:49 - 2013-01-26 23:23 - 00000000 ____D () C:\ProgramData\VKSaver
2015-05-14 18:45 - 2013-01-27 20:13 - 00000000 ____D () C:\Program Files\Google
2015-05-14 18:45 - 2009-07-14 07:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 18:45 - 2009-07-14 07:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 18:38 - 2013-01-25 13:13 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-05-14 18:37 - 2014-01-30 10:45 - 00000954 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-14 18:37 - 2010-11-21 00:48 - 00137782 _____ () C:\Windows\PFRO.log
2015-05-14 18:37 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 18:37 - 2009-07-14 07:39 - 00226223 _____ () C:\Windows\setupact.log
2015-05-14 16:43 - 2013-01-26 19:53 - 00001450 _____ () C:\Users\Наталья\Desktop\дом ру ключ и сбербанк онлайн пароль.txt
2015-05-14 16:18 - 2013-12-15 20:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 16:07 - 2011-04-12 01:46 - 04493190 _____ () C:\Windows\system32\perfh019.dat
2015-05-14 16:07 - 2011-04-12 01:46 - 01471702 _____ () C:\Windows\system32\perfc019.dat
2015-05-14 16:07 - 2010-11-21 00:01 - 00006208 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-13 14:53 - 2014-10-30 14:53 - 00000000 ____D () C:\Windows\pss
2015-05-12 22:58 - 2014-09-06 14:33 - 00000664 ____R () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Оpеrа.lnk
2015-05-12 22:58 - 2014-01-30 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-12 22:58 - 2013-01-24 15:42 - 00001716 ____R () C:\Users\Наталья\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2015-05-12 22:58 - 2013-01-24 15:42 - 00000000 ____D () C:\Users\Наталья
2015-05-12 22:58 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-05-10 14:17 - 2013-01-24 19:21 - 200224722 _____ () C:\Windows\MEMORY.DMP
2015-05-10 14:17 - 2013-01-24 19:21 - 00000000 ____D () C:\Windows\Minidump
2015-05-05 22:04 - 2013-01-24 20:38 - 00000000 ____D () C:\Users\Наталья\AppData\Local\CrashDumps
2015-05-04 23:07 - 2013-05-05 11:47 - 00000000 ____D () C:\Users\Наталья\AppData\Roaming\AIMP3
2015-04-23 07:05 - 2014-11-24 11:14 - 00000000 ___RD () C:\Program Files\Skype
2015-04-23 07:05 - 2013-02-04 12:16 - 00000000 ____D () C:\Users\Наталья\AppData\Roaming\Skype
2015-04-23 07:05 - 2013-02-04 12:15 - 00000000 ____D () C:\Users\Все пользователи\Skype
2015-04-23 07:05 - 2013-02-04 12:15 - 00000000 ____D () C:\ProgramData\Skype
2015-04-21 16:20 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-18 14:26 - 2009-07-14 07:53 - 00032508 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-14 22:00 - 2013-01-26 20:14 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-14 22:00 - 2013-01-26 20:14 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2013-12-22 16:45 - 2013-12-22 17:46 - 0000132 _____ () C:\Users\Наталья\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-05-03 14:12 - 2012-05-03 14:12 - 0000532 _____ () C:\Users\Наталья\AppData\Local\datos.txt
2014-02-05 23:08 - 2014-02-05 23:08 - 0193744 _____ () C:\Users\Наталья\AppData\Local\lateral1.bmp
2010-11-12 12:10 - 2010-11-12 12:10 - 0193744 _____ () C:\Users\Наталья\AppData\Local\lateral2.bmp
2014-02-05 23:10 - 2014-02-05 23:10 - 0195108 _____ () C:\Users\Наталья\AppData\Local\lateral3.bmp
2014-02-06 00:50 - 2014-02-06 00:50 - 0043976 _____ () C:\Users\Наталья\AppData\Local\save_en.bmp
2014-02-06 00:49 - 2014-02-06 00:49 - 0043976 _____ () C:\Users\Наталья\AppData\Local\save_es.bmp
2014-11-14 09:01 - 2014-11-14 09:01 - 0000000 _____ () C:\Users\Наталья\AppData\Local\{11C623AE-71D2-4F28-B42F-473C65CA09A0}
2015-05-14 18:38 - 2015-05-14 18:38 - 0000000 ____H () C:\ProgramData\cm-lock
2014-10-24 09:14 - 2014-10-24 09:14 - 0005097 _____ () C:\ProgramData\hsqvmxbo.uxh
2014-08-19 09:54 - 2014-08-19 09:54 - 0004932 _____ () C:\ProgramData\nvbopwus.ebc
2014-10-24 08:45 - 2014-10-24 08:45 - 0005015 _____ () C:\ProgramData\wmzddnmb.cix
Some content of TEMP:
====================
C:\Users\Наталья\AppData\Local\Temp\aushelper.dll
C:\Users\Наталья\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Наталья\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Наталья\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Наталья\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Наталья\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Наталья\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Наталья\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Наталья\AppData\Local\Temp\SecuExp.exe
C:\Users\Наталья\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Наталья\AppData\Local\Temp\utt4725.tmp.exe
C:\Users\Наталья\AppData\Local\Temp\utt9976.tmp.exe
C:\Users\Наталья\AppData\Local\Temp\uttB9BF.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-05 10:53
==================== End Of Log ============================
![HP desktop - google.com is in Norwegian [Solved] - last post by wayneman50](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-328601.jpg?_r=1546827512)
Sign In
Create Account
