Ни в одном браузере кроме Internet Explorer не открываются страницы, компьютер стал очень медленно включаться.
В браузерах нет интернета
Ни в одном браузере кроме Internet Explorer не открываются страницы, компьютер стал очень медленно включаться.
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) Spiritmoon, спасибо за обращение на наш форум!
Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.
Я что то не верно указал? По этому мне не отвечают?
- - - - -Добавлено - - - - -
Забыл добавить, в таких играх как: Dota2 и CsGo находит игру нажимаешь подключиться, он грузит и не подключается.Сообщение от Spiritmoon
Выполните скрипт в AVZ
Компьютер перезагрузится.Код:begin ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.'); ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true); if not IsWOW64 then begin SearchRootkit(true, true); SetAVZGuardStatus(True); end; RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1804', 1); RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3); RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3); RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1); RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3); QuarantineFile('C:\Users\Артём\AppData\Local\SmartWeb\SmartWebHelper.exe',''); QuarantineFile('C:\Users\Артём\AppData\Roaming\E8E5E3ED-1431983580-E411-AA1F-F0761C3C1276\jnsm641D.tmp',''); DeleteService('rikizuvy'); DeleteFile('C:\Users\Артём\AppData\Roaming\E8E5E3ED-1431983580-E411-AA1F-F0761C3C1276\jnsm641D.tmp','32'); DeleteFile('C:\Users\Артём\AppData\Local\SmartWeb\SmartWebHelper.exe','32'); DeleteFile('C:\Windows\system32\Tasks\Soft installer','64'); DeleteFile('C:\Users\Артём\AppData\Local\Host installer\2963258875_installcube.exe','32'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(false); end.
Пришлите карантин согласно Приложения 2 правил по красной ссылке Прислать запрошенный карантин над первым сообщением темы.
Пофиксите в HiJack
Обновите базы AVZКод:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS
Сделайте новые логи по правилам
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
На сколько я понял присылаю, не получилось обновить и выслать карантиг
Скачайте Farbar Recovery Scan Toolи сохраните на Рабочем столе.
Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
- Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
- Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5".
- Нажмите кнопку Scan.
- После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.
- Если программа была запущена в первый раз, будет создан отчет (Addition.txt). Пожалуйста, прикрепите его в следующем сообщении.
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
Скрытый текст
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Артём at 2015-05-28 03:23:51
Running from C:\Users\Артём\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
HomeGroupUser$ (S-1-5-21-2528612331-2164593856-3550426308-1003 - Limited - Enabled)
Администратор (S-1-5-21-2528612331-2164593856-3550426308-500 - Administrator - Disabled)
Артём (S-1-5-21-2528612331-2164593856-3550426308-1001 - Administrator - Enabled) => C:\Users\Артём
Гость (S-1-5-21-2528612331-2164593856-3550426308-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2528612331-2164593856-3550426308-1001\...\uTorrent) (Version: 3.4.3.39944 - BitTorrent Inc.)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.07.2004 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3009 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.08.2003.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3008 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8106.0 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3018 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2011.1 - Acer Incorporated)
Adobe Acrobat Reader DC - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.07.2004.0 - Acer Incorporated)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.234 - Broadcom Corporation)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4609.02 - CyberLink Corp.)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
GamesDesktop 033.246 (HKLM-x32\...\gmsd_ru_246_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GB Switch (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - GB Switch) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
Host App Service (HKU\S-1-5-21-2528612331-2164593856-3550426308-1001\...\Pokki) (Version: 0.269.7.652 - Pokki)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3947 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
jess standand joypad v1.22 (HKLM-x32\...\jess standand joypad v1.22) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.)
Microsoft Office профессиональный плюс 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA Графический драйвер 333.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.57 - NVIDIA Corporation)
NVIDIA Системное программное обеспечение PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OSCAR Editor (HKLM-x32\...\InstallShield_{3C2379D2-337A-4FFA-9017-BDFB80EC0931}) (Version: 12.03.0004 - A4TECH)
OSCAR Editor (x32 Version: 12.03.0004 - A4TECH) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pokki Start Menu (HKU\S-1-5-21-2528612331-2164593856-3550426308-1001\...\Pokki_Start_Menu) (Version: 0.269.7.652 - Pokki)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21257 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7300 - Realtek Semiconductor Corp.)
Return Playlist (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Return Playlist)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Table Column (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - Table Column) <==== ATTENTION
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0419-1000-0000000FF1CE}_Office15.PROPLUS_{E248798E-B471-4172-93CF-F1A7A356C7D8}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0422-1000-0000000FF1CE}_Office15.PROPLUS_{348C113E-01A7-4674-99BB-175A99690767}) (Version: - Microsoft)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9590 - Broadcom Corporation)
WinRAR 5.20 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Засоби перевірки правопису Microsoft Office 2013 – українська мова (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Панель управления NVIDIA 333.57 (Version: 333.57 - NVIDIA Corporation) Hidden
Программное обеспечение Intel® Chipset Device (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
Средства проверки правописания Microsoft Office 2013 — русский (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Языковой пакет Microsoft Visual Studio 2010 Tools для среды выполнения Office (x64) - RUS (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - RUS) (Version: 10.0.50903 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
07-05-2015 18:23:00 Запланированная контрольная точка
15-05-2015 01:14:11 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
20-05-2015 22:44:49 Центр обновления Windows
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 18:25 - 2013-08-22 18:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {107FED4B-6F6C-4063-BE15-B8F5984A24A5} - \Soft installer No Task File <==== ATTENTION
Task: {19F2D22E-FB74-4BE9-939F-08A0BE7DB269} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate)
Task: {275346E9-9A7E-470A-AE01-21E975D12B07} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-29] ()
Task: {3A82CDC0-0107-481E-A5D8-13D2D2CE5A1B} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {3B9C9DFD-8AEE-46B5-B3EF-F924E49007E8} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-10-17] (Acer Incorporate)
Task: {54B8B813-5634-4814-86D5-D71ECE6FCBCB} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {551D2A20-1A11-4668-A583-B8A28E201BDC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {561ACF21-DB2B-4542-A0A6-565F1F7C3043} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {686EB563-16C1-44E5-B657-84DA9C22F828} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {740140F1-BF3F-461C-A2B9-9769E4AB559B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9235ADC8-7330-4947-BD5A-F60C78E72871} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {93069FBD-8A5A-4117-A8E7-74FC4002672F} - System32\Tasks\Uninstaller_SkipUac_Артём => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {95CE4C6C-800F-4FF1-8B19-2900176BDBF8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {98676570-F6A5-437A-9D84-3374836A8EC8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {A099CEC4-68AE-40FA-A0E4-91C91007BC9D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A5D27FCA-92B3-4DFC-A155-85A5D95C50CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)
Task: {A6D3BDD4-84F9-44AC-8711-83F504A6D620} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-12-30] (Acer Incorporate)
Task: {BB736680-3677-4D08-9CA5-49B38F73E861} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Артём\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {C2BC21CC-55CF-4D08-87C5-CD8B91CE25B0} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-09] (Acer Incorporated)
Task: {C71283B2-545D-4511-8ACA-2C000C0EDC94} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-15] (Microsoft Corporation)
Task: {C7CABCBA-3ECE-4110-8EE3-81B4352DF93D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {D5BAD87D-D3F8-466A-B6F9-75500D8C7A8A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-29] ()
Task: {D9CD8369-9DF9-40CD-B0C3-B544D527A95E} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-07-22] (Acer Incorporated)
Task: {E9166881-651C-4339-B779-72B1C8B69984} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FFB0F0C3-705D-43C5-B3BA-8272FBFB6F9D} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-05-06] (Acer)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Артём.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (Whitelisted) ==============
2014-11-25 01:28 - 2014-08-31 18:00 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-14 17:27 - 2014-04-14 17:27 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-08-30 02:53 - 2012-04-24 15:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-08-30 02:57 - 2014-07-02 02:13 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-10-07 15:04 - 2014-09-24 01:07 - 00456296 _____ () C:\Windows\system32\igfxTray.exe
2014-04-07 17:13 - 2014-04-07 17:13 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2015-05-06 16:14 - 2015-05-06 16:14 - 00092928 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-05-06 16:14 - 2015-05-06 16:14 - 00090368 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-05-15 02:13 - 2015-05-15 02:14 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-09-03 12:03 - 2014-09-03 12:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-14 15:04 - 2015-05-14 15:04 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-05-06 10:08 - 2015-05-06 10:08 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-07-01 13:57 - 2014-07-01 13:57 - 00279296 _____ () C:\Program Files (x86)\Acer\AcerCloud Docs\libcurl.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00641792 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-05-06 16:15 - 2015-05-06 16:15 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-05-06 16:04 - 2015-05-06 16:04 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-05-06 16:04 - 2015-05-06 16:04 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-04-12 22:26 - 2015-04-16 22:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-04-12 22:26 - 2015-04-23 07:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-04-12 22:26 - 2015-05-15 06:58 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll
2015-04-12 22:26 - 2015-04-23 07:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-04-12 22:26 - 2015-04-23 07:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-04-12 22:25 - 2014-12-02 02:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-04-12 22:25 - 2014-12-02 02:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-04-12 22:25 - 2014-12-02 02:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-04-12 22:25 - 2014-12-02 02:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-04-12 22:25 - 2014-12-02 02:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-04-12 22:26 - 2015-05-15 06:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-04-12 22:26 - 2015-05-12 00:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-05-14 14:54 - 2015-05-12 00:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Артём\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34019803.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34019803.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2528612331-2164593856-3550426308-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2528612331-2164593856-3550426308-1001\...\StartupApproved\Run: => "OscarEditor"
HKU\S-1-5-21-2528612331-2164593856-3550426308-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2528612331-2164593856-3550426308-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1D51CDCF-3CD2-4B88-9D63-D2C5E2A585BF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0E48082E-44FE-45AF-BCBC-8AAD18E6CD3E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{95A1A638-AD1D-4EA8-B996-EA64996777F3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{E004882D-EF30-4EB8-9F7F-434CC80C9357}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{7C2D33D2-9596-4F5D-9EDF-717927644765}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{0B8FFD4A-1259-48F3-BD4E-A9C8EEBC30F2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{1C86F8DB-72F0-485E-87A9-52B5BB601FAD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F318A728-9A83-45BB-963E-2E62C6688E2D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{2BAEC2C5-A81C-4281-A7BA-DB61E2641620}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{071AC1BC-11B2-4D5D-9DFC-ABCFD5235909}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3DFA3D46-20A8-43CF-B993-8431F8E61CF9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1C0824E3-4122-4782-9B37-FD6EBF0EB054}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C20D120B-F903-4D24-B1D6-92130AC444F8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{E1EC5D14-A2F1-4A64-955D-17F018D0163B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{0E9D7DCC-56A5-41B4-B15F-A94F691D6A22}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{01A6E29A-2E46-4098-8E03-B4821F7F0A48}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{9C7A2709-8761-4FC4-8F99-C19430A268CD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{DE4E2F7D-7B85-4AB7-A373-3CFB8D3E2478}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{F8A0E689-A6AE-49A2-83C6-008040FA185E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8A9F901E-1044-4053-A53A-6DE5579FAC46}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{711493BA-DE9D-4054-9120-C2A2493CB286}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{602A76AE-9939-4DB1-BA75-F50582A39DCF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6EFCFFEF-A82B-4D72-BE4B-763DA8567471}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{1ED562E2-410C-4E92-AF96-50858A54E68C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E3B9C0C3-E07D-44EB-9204-74B42CFCAD0B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{3901219B-6D4B-4FBB-9149-BF3B74566ABF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{91025322-CBB7-4E1D-875F-072F73B994AE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{8FCC3173-023B-427F-8761-D058053F2793}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{E516C5E6-5F03-489C-BB77-2B163DFABE8A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{F8920F2B-722E-4A2A-8FA6-298A54FD7C3C}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{44F94BBB-3C38-4BB0-A3CE-34636C6E3E4B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{036F5CB0-D633-4441-AED6-1D5DB22216B9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{B8D61750-89A8-44D7-B465-94629D0E464E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{DFEE00BE-7E91-4C79-BED3-6EA2A410F50D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{FECAEB2D-FA70-4246-BF09-9EA79824D1FE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{18805511-F82A-41A2-9BAE-55EED13699DB}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{97341C8F-C356-4F5C-A1FE-126B42EA29E8}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{BAABD894-C3B7-49D2-A96A-6F2E302CA9BE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{B3709501-56B1-46BB-B7F8-804191EA6822}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D307FB86-8C44-4299-9138-EEF2BCE27AEA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D54589F3-6E1C-4220-9264-92E333F2FB1E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{BF30C683-E71B-4774-93FD-C45AA36D8C6E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8687CD9F-DFF8-4104-BB2F-9D3825C3DA1B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{235DD108-B992-4223-85A4-73A7DF50E687}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{234E7063-6D54-4731-9B81-8F92E0D5E71B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{43A71A89-4828-4434-8825-DBF2EBCB00E8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{32A015D4-F243-4E86-BA40-B21282BB7F0A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{63E38E2E-34AC-4E1F-91BA-3C557B50133E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{7442148A-E556-4C16-B6D2-A27E64CB2E4B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3DDF7DE8-A23F-4AD9-A044-0CBDFEBBF75D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{87D30845-FBF8-45EB-ABEB-B7FB55A5E7D8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6C9ECF37-A062-41FC-91E2-DB9988FA7E59}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC219C4C-94D4-4011-A52D-294D92DCC9C8}] => (Allow) C:\Users\Артём\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5244857D-5FBE-44C7-A967-CD32521D47FE}] => (Allow) C:\Users\Артём\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3449B8E-F3A8-4DF6-86A1-9306E8E8A9E0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F28F4D14-AF28-4616-96F6-170C824E642E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C9DE1B92-EB04-46AF-B3FF-84C30B716EB7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1305EC44-CABF-4CC1-B9EE-1C271FF4AE74}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E2E81516-5884-4506-BD57-FEA11054F06F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4B66068E-87D5-427A-A350-6A5D525BCD50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{03B7D05B-F24F-4E27-8CE9-06D2B39CE9C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{03023336-6C99-4846-87FA-8FCCB4EB714D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{344E1478-D56D-4ADA-87BA-68FD5DA2B7AE}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{509B9FB7-552A-41CB-B88E-D5DE5F727DCC}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{D0FC6DE6-C673-4E05-8BB2-D18FDB840C68}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{84725C6C-837D-4317-AA86-49D470CAA987}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{176E8928-5E6A-46F5-863C-1086F6DD3127}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{EF5F1ED3-73A5-4EB1-8B09-94C89A60DEDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{41F78BD4-8F87-44A4-A0A1-22AC10E95792}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D68AFB13-04B7-4BAE-8B31-B8DBE63CC28B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E2D81EE4-758F-4507-877D-E28FCA0DDC80}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{26E5652A-30BF-42F4-A9CF-4D4C129AD161}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{FD9D91CC-576B-4B7E-B63F-5DD842096B01}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{238241A4-F7A0-488E-AFB6-67ED911FB253}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{695AF967-5FCC-4692-A0D2-2263535ECC2A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{670FC470-B1F3-40B1-815D-6BC4DD07419B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{994908A1-A4DA-4638-9BFE-C3ABB212EA72}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{15155249-FBC8-45FA-918F-4F2D3BDEC5F3}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [TCP Query User{E1C0F1BC-195C-45C0-87AE-091F945D221C}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{245FD270-122B-4660-B055-EDAA8E7728A3}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{4E48A8D9-7311-4AC0-9008-D4D95B8E1FCA}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{CE6EC9E8-8708-41BF-AD9A-B0856FAAC242}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{8CD83AF9-326E-4AE8-B30E-B0DBB8772D0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{4E7A5BE2-5146-4EDC-B799-DDC0D3B89DA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{8448FE54-F1B3-4493-8C0C-24AE586109FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{93DF9ECC-F58C-4072-8324-920E74C2AE20}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{3D426616-0BE6-4BFC-AC6B-C641E6DC73D9}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/27/2015 04:42:10 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 04:40:48 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 04:31:17 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 04:30:36 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 04:30:20 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 04:30:06 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 03:15:59 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 03:05:51 PM) (Source: UEIPSvc) (EventID: 0) (User: )
Description: Сбой при обработке изменения сеанса. System.InvalidOperationException: Нулевой объект должен иметь значение.
в System.Nullable`1.get_Value()
в UBTService.UBTService.OnSessionChange(SessionChangeDescription changeDescription)
в System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (05/25/2015 08:39:27 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/25/2015 08:27:13 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
System errors:
=============
Error: (05/27/2015 10:27:54 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (05/27/2015 10:27:54 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (05/27/2015 10:27:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "Служба Защитника Windows" из-за ошибки
%%577
Error: (05/27/2015 10:26:05 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\vdi0mji0.sys
Error: (05/27/2015 10:26:33 AM) (Source: EventLog) (EventID: 600(User: )
Description: Предыдущее завершение работы системы в 1:38:12 на 27.05.2015 было неожиданным.
Error: (05/27/2015 10:25:54 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841170816
Error: (05/27/2015 01:32:57 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\uti0mji0.sys
Error: (05/27/2015 01:11:28 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\Drivers\uti0mji0.sys
Error: (05/27/2015 00:59:57 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (05/27/2015 00:59:57 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Microsoft Office:
=========================
Error: (05/27/2015 04:42:10 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 04:40:48 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 04:31:17 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 04:30:36 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 04:30:20 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 04:30:06 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 03:15:59 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/27/2015 03:05:51 PM) (Source: UEIPSvc) (EventID: 0) (User: )
Description: Сбой при обработке изменения сеанса. System.InvalidOperationException: Нулевой объект должен иметь значение.
в System.Nullable`1.get_Value()
в UBTService.UBTService.OnSessionChange(SessionChangeDescription changeDescription)
в System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (05/25/2015 08:39:27 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/25/2015 08:27:13 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
CodeIntegrity Errors:
===================================
Date: 2015-05-27 10:27:40.850
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-27 00:59:28.410
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-25 14:58:45.661
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-24 15:26:58.957
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-24 15:15:04.443
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-24 15:07:55.513
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-24 14:11:00.157
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-22 17:24:51.628
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-21 13:49:13.311
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-19 20:26:32.213
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 34%
Total physical RAM: 8106.33 MB
Available physical RAM: 5317 MB
Total Pagefile: 10282.33 MB
Available Pagefile: 7133.64 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:914.29 GB) (Free:744.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4670BF7
Partition: GPT Partition Type.
==================== End of log ============================Скрыть
Последний раз редактировалось thyrex; 28.05.2015 в 08:18.
Логи (оба) прикрепите к сообщению, а не превращайте сообщение в простыню
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
Извиняюсь)
Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку, откуда была запущена утилита Farbar Recovery Scan Tool:
Код:CreateRestorePoint: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS&q={searchTerms} HKU\S-1-5-21-2528612331-2164593856-3550426308-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=ds&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=ds&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=ds&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=ds&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS&q={searchTerms} SearchScopes: HKU\S-1-5-21-2528612331-2164593856-3550426308-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=ds&ts=1431984450&z=f01f87fc8d0d93227172b88g6z9ceg5t5baz0z9wac&from=cmi&uid=TOSHIBAXMQ01ABD100_84A2S57XSXX84A2S57XS&q={searchTerms} FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] CHR Extension: (Quick Searcher) - C:\Users\Артём\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2015-05-19] 2015-05-19 02:35 - 2015-05-24 16:20 - 00000000 ____D () C:\Program Files (x86)\gmsd_ru_246 2015-05-19 02:35 - 2015-05-19 13:59 - 00000000 ____D () C:\Users\Артём\AppData\Local\gmsd_ru_246 2015-05-19 02:33 - 2015-05-19 14:42 - 00000000 ____D () C:\Users\Артём\AppData\Local\SmartWeb 2015-05-19 02:33 - 2015-05-19 02:33 - 00004026 _____ () C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task 2015-05-19 02:25 - 2015-05-19 02:25 - 00000000 ____D () C:\Program Files\Common Files\Tencent 2015-05-19 02:24 - 2015-05-19 02:24 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys 2015-05-19 02:23 - 2015-05-19 02:25 - 00000000 ____D () C:\Users\Артём\AppData\Roaming\Tencent 2015-05-19 02:23 - 2015-05-19 02:24 - 00000000 ____D () C:\Users\Все пользователи\Tencent 2015-05-19 02:23 - 2015-05-19 02:24 - 00000000 ____D () C:\ProgramData\Tencent 2015-05-19 02:23 - 2015-05-19 02:23 - 00000000 ____D () C:\Program Files (x86)\Tencent 2015-05-19 02:17 - 2015-05-19 15:29 - 00000000 ____D () C:\Users\Артём\AppData\Local\E8E5E3ED-1432001831-E411-AA1F-F0761C3C1276 2015-05-19 02:16 - 2015-05-19 15:28 - 00000000 ____D () C:\Users\Артём\AppData\Local\E8E5E3ED-1432001815-E411-AA1F-F0761C3C1276 2015-05-19 02:14 - 2015-05-19 02:40 - 00000000 ____D () C:\Users\Артём\AppData\Local\E8E5E3ED-1432001676-E411-AA1F-F0761C3C1276 DomainProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\QMAccountProtection.exe] => Enabled:????-??? DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\Tencent\QQDownload\130\Tencentdl.exe] => Enabled:腾讯产品下载组件 DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\Tencent\QQDownload\130\bugreport_xf.exe] => Enabled:腾讯产品下载组件Crash上报 StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Tencent\QQDownload\130\Tencentdl.exe] => Enabled:腾讯产品下载组件 StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Tencent\QQDownload\130\bugreport_xf.exe] => Enabled:腾讯产品下载组件Crash上报 Reboot:
- Запустите FRST, нажмите один раз на кнопку Fix и подождите. Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
- Обратите внимание, что компьютер будет перезагружен.
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
высылаю
Что с проблемой?
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 ReconnectАнтивирусная помощь
все работает спасибо!
Уважаемый(ая) Spiritmoon, наши специалисты оказали Вам всю возможную помощь по вашему обращению.
В целях поддержания безопасности вашего компьютера настоятельно рекомендуем:
Чтобы всегда быть в курсе актуальных угроз в области информационной безопасности и сохранять свой компьютер защищенным, рекомендуем следить за последними новостями ИТ-сферы портала Anti-Malware.ru:
Надеемся больше никогда не увидеть ваш компьютер зараженным!
Если Вас не затруднит, пополните пожалуйста нашу базу безопасных файлов.
Ваши права в разделе
