Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-05-2015
Ran by alehin at 2015-05-13 09:16:49 Run:1
Running from C:\Users\samodelov\Desktop\frs
Loaded Profiles: alehin (Available profiles: Администратор & vasya & nikolaev & alehin & popov)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-839522115-1606980848-854245398-7129\...\Run: [amigo] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-839522115-1606980848-854245398-7129\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-839522115-1606980848-854245398-7129 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
BHO: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File
DefaultPrefix: => hттp://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=0e0e06536e92b05daebae86edefa3532&text=[/url] <==== ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hттp://www.sweet-page.com/?type=sc&ts=1412235280&from=cor&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9C96094860948
FF Extension: NetFilterPRO - C:\Users\samodelov\AppData\Roaming\Mozilla\Firefox\Profiles\jzai65yo.default\Extensions\
[email protected] [2015-04-10]
OPR Extension: (NetFilterPRO) - C:\Users\samodelov\AppData\Roaming\Opera Software\Opera Stable\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-03-31]
2015-03-31 10:40 - 2014-04-24 17:17 - 0291128 ____H (ООО Яндекс) C:\Program Files\diаry.bаt.exe
2015-04-01 10:48 - 2015-04-01 10:53 - 6010880 _____ () C:\Program Files\GUT2E51.tmp
2015-03-31 10:40 - 2014-04-24 17:17 - 0034104 ____H (ООО Яндекс) C:\Program Files\lаyоuts.bаt.exe
2015-03-31 10:40 - 2014-04-24 17:17 - 1590584 ____H (ООО Яндекс) C:\Program Files\puntо.bаt.exe
2015-03-31 10:40 - 2015-03-31 10:40 - 0000116 ____H () C:\Program Files\WelcomeToPunto.bat
2015-04-08 11:47 - 2015-04-08 11:47 - 0000001 _____ () C:\Users\samodelov\AppData\Roaming\smw_inst
Task: {6F048091-EC19-4F0F-8D75-CFDC865FF3E5} - \Soft installer No Task File <==== ATTENTION
Task: {45E5CB72-C9BA-4326-90C1-411AF447AA93} - System32\Tasks\{D623969E-468D-4E0D-8B9B-8C1D052DF5D9} => pcalua.exe -a C:\Users\samodelov\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {0FA8C6A1-9761-43C7-8D53-876816B93B4A} - System32\Tasks\Uninstaller_SkipUac_alehin => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {7FD345A2-F691-4837-BD65-93CDC2F9371D} - System32\Tasks\ASC8_SkipUac_alehin => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
Task: {8072EBCC-0575-4791-88A6-001BAEB03C58} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
Task: {6F3A50EF-E627-410A-B14B-9C153D006C4F} - System32\Tasks\chrome5 => C:\Program Files\Microsoft Data\InstallAddons.exe
C:\Program Files\Microsoft Data
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\apphelper" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\baidusdTray " /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\apphelper" /f
FirewallRules: [{9016C486-C849-42EB-B466-E02A77AEC31C}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{8039232E-3DDF-4339-A30C-25FD47A00382}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{6482FAF3-F64C-42DD-9377-A9AEF041FDE4}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{F6797DCF-1C34-4B63-AA88-50D546A560C0}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{B4E44BC5-96B4-467D-AFB3-11F78651B882}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{23429F0F-AAA1-4283-825E-BB8AC89243A7}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{7565B6A3-FA63-40DC-A4BB-CD9F13DB5681}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{A4E159F0-8A56-40E4-A0A1-DD60CB1627DE}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{FEF137FC-709E-4CF0-8B25-F91F2051C3F1}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{E9BD3077-24BD-457F-A98C-2E88149C7068}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{09BEFAE9-E2C7-4F87-9666-2204A87B79EA}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{DBE6BEC9-7C60-4424-8A12-0726EA8093FC}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{8AAB3CB2-378A-47B1-803A-17A8DCB5CD5B}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{0962A71B-547C-43A1-9593-1B744DA942EF}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{DF91D39B-43D4-44DC-92DC-455664591240}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{C584DC23-6881-4903-87AC-E181024FA87C}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{C272BF48-E298-43E4-A9BA-5BED07D9B5EA}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{35B91405-24F2-4D9F-B64B-DBEB771E3D88}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{FFDAE1B0-A196-47E8-9C79-8A701D114E6E}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{AB12BC0D-54B3-4EC5-8E25-B4D2222E67D8}] => (Allow) C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{80EB5E9B-3508-4C0F-A698-A475EC563234}] => (Allow) C:\program files\common files\baidu\bddownload\108\bddownloader.exe
EmptyTemp:
Reboot:
*****************
Restore point was successfully created.
HKU\S-1-5-21-839522115-1606980848-854245398-7129\Software\Microsoft\Windows\CurrentVersion\Run\\amigo => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-839522115-1606980848-854245398-7129\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-839522115-1606980848-854245398-7129\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}" => Key deleted successfully.
HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\\Default => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
C:\Users\samodelov\AppData\Roaming\Mozilla\Firefox\Profiles\jzai65yo.default\Extensions\
[email protected] => Moved successfully.
C:\Users\samodelov\AppData\Roaming\Opera Software\Opera Stable\Extensions\oadboiipflhobonjjffjbfekfjcgkhco => Moved successfully.
C:\Program Files\diаry.bаt.exe => Moved successfully.
C:\Program Files\GUT2E51.tmp => Moved successfully.
C:\Program Files\lаyоuts.bаt.exe => Moved successfully.
C:\Program Files\puntо.bаt.exe => Moved successfully.
C:\Program Files\WelcomeToPunto.bat => Moved successfully.
C:\Users\samodelov\AppData\Roaming\smw_inst => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F048091-EC19-4F0F-8D75-CFDC865FF3E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F048091-EC19-4F0F-8D75-CFDC865FF3E5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Soft installer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45E5CB72-C9BA-4326-90C1-411AF447AA93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45E5CB72-C9BA-4326-90C1-411AF447AA93}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D623969E-468D-4E0D-8B9B-8C1D052DF5D9} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D623969E-468D-4E0D-8B9B-8C1D052DF5D9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FA8C6A1-9761-43C7-8D53-876816B93B4A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FA8C6A1-9761-43C7-8D53-876816B93B4A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_alehin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_alehin" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FD345A2-F691-4837-BD65-93CDC2F9371D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FD345A2-F691-4837-BD65-93CDC2F9371D}" => Key deleted successfully.
C:\Windows\System32\Tasks\ASC8_SkipUac_alehin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC8_SkipUac_alehin" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8072EBCC-0575-4791-88A6-001BAEB03C58}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8072EBCC-0575-4791-88A6-001BAEB03C58}" => Key deleted successfully.
C:\Windows\System32\Tasks\ASC8_PerformanceMonitor => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC8_PerformanceMonitor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F3A50EF-E627-410A-B14B-9C153D006C4F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F3A50EF-E627-410A-B14B-9C153D006C4F}" => Key deleted successfully.
C:\Windows\System32\Tasks\chrome5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\chrome5" => Key deleted successfully.
C:\Program Files\Microsoft Data => Moved successfully.
========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\apphelper" /f =========
"reg" *Ґ пў«пҐвбп ў*гваҐ**Ґ© Ё«Ё ў*Ґи*Ґ©
Є®¬**¤®©, ЁбЇ®«*塞®© Їа®Ја*¬¬®© Ё«Ё Ї*ЄҐв*л¬ д*©«®¬.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\baidusdTray " /f =========
"reg" *Ґ пў«пҐвбп ў*гваҐ**Ґ© Ё«Ё ў*Ґи*Ґ©
Є®¬**¤®©, ЁбЇ®«*塞®© Їа®Ја*¬¬®© Ё«Ё Ї*ЄҐв*л¬ д*©«®¬.
========= End of Reg: =========
========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\apphelper" /f =========
"reg" *Ґ пў«пҐвбп ў*гваҐ**Ґ© Ё«Ё ў*Ґи*Ґ©
Є®¬**¤®©, ЁбЇ®«*塞®© Їа®Ја*¬¬®© Ё«Ё Ї*ЄҐв*л¬ д*©«®¬.
========= End of Reg: =========
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9016C486-C849-42EB-B466-E02A77AEC31C} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8039232E-3DDF-4339-A30C-25FD47A00382} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6482FAF3-F64C-42DD-9377-A9AEF041FDE4} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6797DCF-1C34-4B63-AA88-50D546A560C0} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4E44BC5-96B4-467D-AFB3-11F78651B882} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23429F0F-AAA1-4283-825E-BB8AC89243A7} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7565B6A3-FA63-40DC-A4BB-CD9F13DB5681} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4E159F0-8A56-40E4-A0A1-DD60CB1627DE} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FEF137FC-709E-4CF0-8B25-F91F2051C3F1} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9BD3077-24BD-457F-A98C-2E88149C7068} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{09BEFAE9-E2C7-4F87-9666-2204A87B79EA} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBE6BEC9-7C60-4424-8A12-0726EA8093FC} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8AAB3CB2-378A-47B1-803A-17A8DCB5CD5B} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0962A71B-547C-43A1-9593-1B744DA942EF} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF91D39B-43D4-44DC-92DC-455664591240} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C584DC23-6881-4903-87AC-E181024FA87C} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C272BF48-E298-43E4-A9BA-5BED07D9B5EA} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35B91405-24F2-4D9F-B64B-DBEB771E3D88} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFDAE1B0-A196-47E8-9C79-8A701D114E6E} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB12BC0D-54B3-4EC5-8E25-B4D2222E67D8} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80EB5E9B-3508-4C0F-A698-A475EC563234} => value deleted successfully.
EmptyTemp: => Removed 1.4 GB temporary data.
The system needed a reboot.
==== End of Fixlog 09:19:45 ====
Скрыть