Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Дима at 2015-06-16 15:33:44 Run:1
Running from C:\Users\Дима\Desktop\Farbar Recovery Scan Tool
Loaded Profiles: Дима (Available Profiles: Дима)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [gmsd_ru_284] => [X]
HKLM\...\Run: [gmsd_ru_005010002] => [X]
HKU\S-1-5-21-1709350910-542430628-2805290135-1000\...\Run: [czuhoxlzbw] => explorer "http://unzanat.ru/?utm_source=uoua03&utm_content=3e28325493e1e0a44613b44603728f36"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page =
http://webalta.ru
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://webalta.ru
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://webalta.ru/poisk
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://webalta.ru/poisk
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page =
http://webalta.ru/poisk
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page =
http://webalta.ru
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://webalta.ru
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://webalta.ru/poisk
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://webalta.ru/poisk
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page =
http://webalta.ru/poisk
BHO: No Name -> {1b090c00-8c45-419d-b72d-f8af391e62c7} -> No File
BHO: No Name -> {4c54ce3d-6b7d-4f21-9e69-200632a98540} -> No File
BHO: No Name -> {7bcc228a-c730-4004-93f9-72cbb7033a62} -> No File
BHO: MailRuBHO Class -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll No File
Toolbar: HKLM - No Name - {7bcc228a-c730-4004-93f9-72cbb7033a62} - No File
CHR HKLM\...\Chrome\Extension: [clpdgmdkdnijjbgmnajolnbnjejoeogm] -
https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dfachbhccemanebkkbeppgnnhkpicifp] -
https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [dhngkpgdbpbkopndlpkicfaiffphdkbo] -
https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gndaciceccgapjhpniecknjlmmlanaem] -
https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [odkmedfomghphdnmmemhkpoanggcfbbe] -
https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] -
https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pchfckkccldkbclgdepkaonamkignanh] -
http://clients2.google.com/service/update2/crx
OPR Extension: (Air Globe) - C:\Users\Дима\AppData\Roaming\Opera Software\Opera Stable\Extensions\delfldcjcinjaflpogfgfocnccmgoofi [2015-06-12]
StartMenuInternet: (HKLM) Opera - c:\program files\opera\opera.exe
http://www.mystartsearch.com/?type=s...1EA01937319373
S2 ccsvc_1.10.0.5; "C:\Program Files\ClickCaption_1.10.0.5\Service\ccsvc.exe" [X]
S2 zedepory; C:\Users\Дима\AppData\Roaming\2AA63CE0-1433933292-11B2-8000-C11ED739BDF8\hnsm5BD3.tmp [X]
S3 TSSK; C:\windows\System32\tssk.sys [67896 2015-06-10] (电脑管家)
2015-06-14 15:03 - 2015-06-14 15:05 - 00000000 ____D C:\Program Files\MiuiTab
2015-06-14 15:03 - 2015-06-14 15:03 - 00000000 ____D C:\Users\Дима\AppData\Local\6559
2015-06-10 14:14 - 2015-06-10 14:14 - 00000000 ____D C:\Users\Все пользователи\TXQMPC
2015-06-10 14:14 - 2015-06-10 14:14 - 00000000 ____D C:\ProgramData\TXQMPC
2015-06-10 13:58 - 2015-06-10 13:56 - 00067896 _____ (电脑管家) C:\windows\system32\TSSK.sys
2015-06-10 13:54 - 2015-06-15 21:35 - 00000258 __RSH C:\Users\Все пользователи\ntuser.pol
2015-06-10 13:54 - 2015-06-15 21:35 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-06-10 13:49 - 2009-06-11 00:39 - 00000824 _____ C:\windows\system32\Drivers\etc\hp.bak
2015-06-10 13:48 - 2015-06-13 21:41 - 00000000 ____D C:\Users\Дима\AppData\Roaming\2AA63CE0-1433933292-11B2-8000-C11ED739BDF8
2015-06-10 13:45 - 2015-06-10 13:45 - 00000156 ____H C:\Users\Дима\AppData\Local\BrowserManager.bat
2015-06-10 13:45 - 2015-06-10 13:45 - 00000147 ____H C:\Users\Дима\AppData\Local\chrome.bat
2015-06-10 13:45 - 2015-06-10 13:45 - 00000008 __RSH C:\Users\Дима\ntuser.pol
2015-06-10 13:45 - 2015-06-08 09:41 - 00908408 ____H (Opera Software) C:\lаunсhеr.bаt.exe
2015-06-10 13:45 - 2015-04-22 04:48 - 00815304 ____H (Microsoft Corporation) C:\iехplоrе.bаt.exe
2015-06-10 13:45 - 2015-04-01 20:07 - 01427752 ____H (Yandex LLC) C:\Users\Дима\AppData\Local\ВrоwsеrМаnаgеr.bаt.exe
2015-06-10 13:45 - 2014-12-22 21:16 - 00104776 ____H C:\Users\Дима\AppData\Local\Yаndех.bаt.exe
2015-06-10 13:45 - 2014-05-14 01:03 - 00879456 ____H (Opera Software) C:\оpеrа.bаt.exe
2015-06-10 13:45 - 2013-08-07 14:48 - 00779792 ____H (The Chromium Authors) C:\Users\Дима\AppData\Local\сhrоmе.bаt.exe
2015-06-10 21:18 - 2015-06-10 21:18 - 0613255 _____ (CMI Limited) C:\Users\Дима\AppData\Local\nsdF96.tmp
2015-06-12 18:29 - 2015-06-12 18:29 - 0613255 _____ (CMI Limited) C:\Users\Дима\AppData\Local\nse8F24.tmp
2015-06-12 13:29 - 2015-06-12 13:29 - 0613255 _____ (CMI Limited) C:\Users\Дима\AppData\Local\nsj2EC0.tmp
2015-06-11 21:40 - 2015-06-11 21:40 - 0613255 _____ (CMI Limited) C:\Users\Дима\AppData\Local\nso796B.tmp
2015-06-10 21:00 - 2015-06-10 20:59 - 0613255 _____ (CMI Limited) C:\Users\Дима\AppData\Local\nsq3479.tmp
2015-06-10 16:22 - 2015-06-10 16:22 - 0613255 _____ (CMI Limited) C:\Users\Дима\AppData\Local\nswF758.tmp
2015-06-10 13:45 - 2014-12-22 21:16 - 0104776 ____H () C:\Users\Дима\AppData\Local\Yаndех.bаt.exe
2015-01-21 17:09 - 2015-01-21 17:23 - 0000000 _____ () C:\Users\Дима\AppData\Local\{1E9020E3-AE08-448D-BF31-7CB4A3147AD7}
2015-06-10 13:45 - 2015-04-01 20:07 - 1427752 ____H (Yandex LLC) C:\Users\Дима\AppData\Local\ВrоwsеrМаnаgеr.bаt.exe
2015-06-10 13:45 - 2013-08-07 14:48 - 0779792 ____H (The Chromium Authors) C:\Users\Дима\AppData\Local\сhrоmе.bаt.exe
2010-10-21 02:55 - 2010-10-21 02:55 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-10-21 02:53 - 2010-10-21 02:54 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-10-21 02:49 - 2010-10-21 02:50 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-21 02:54 - 2010-10-21 02:55 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-10-21 02:49 - 2010-10-21 02:49 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-21 02:50 - 2010-10-21 02:53 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Task: {5A4E9586-3245-4B4E-9DA7-99351FC06C80} - System32\Tasks\Bidaily Synchronize Task[74c7] => c:\programdata\{8ae9d7f8-bb30-9423-8ae9-9d7f8bb35fe2}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\windows\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{8ae9d7f8-bb30-9423-8ae9-9d7f8bb35fe2}\hqghumeaylnlf.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
FirewallRules: [{207A1FD6-6DDC-4032-83D1-06DAEEB4C353}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{C9A89A67-33FB-4C34-A1B0-3CA7E5E8A82E}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_ru_284 => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_ru_005010002 => value removed successfully.
HKU\S-1-5-21-1709350910-542430628-2805290135-1000\Software\Microsoft\Windows\CurrentVersion\Run\\czuhoxlzbw => value removed successfully.
C:\windows\system32\GroupPolicy\Machine => moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b090c00-8c45-419d-b72d-f8af391e62c7}" => key removed successfully.
HKCR\CLSID\{1b090c00-8c45-419d-b72d-f8af391e62c7} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c54ce3d-6b7d-4f21-9e69-200632a98540}" => key removed successfully.
HKCR\CLSID\{4c54ce3d-6b7d-4f21-9e69-200632a98540} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bcc228a-c730-4004-93f9-72cbb7033a62}" => key removed successfully.
HKCR\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}" => key removed successfully.
"HKCR\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7bcc228a-c730-4004-93f9-72cbb7033a62} => value removed successfully.
HKCR\CLSID\{7bcc228a-c730-4004-93f9-72cbb7033a62} => key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\clpdgmdkdnijjbgmnajolnbnjejoeogm" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dfachbhccemanebkkbeppgnnhkpicifp" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dhngkpgdbpbkopndlpkicfaiffphdkbo" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gndaciceccgapjhpniecknjlmmlanaem" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\odkmedfomghphdnmmemhkpoanggcfbbe" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ofdgafmdegfkhfdfkmllfefmcmcjllec" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pchfckkccldkbclgdepkaonamkignanh" => key removed successfully.
C:\Users\Дима\AppData\Roaming\Opera Software\Opera Stable\Extensions\delfldcjcinjaflpogfgfocnccmgoofi => moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => value restored successfully
ccsvc_1.10.0.5 => Service removed successfully.
zedepory => Service removed successfully.
TSSK => Service removed successfully.
C:\Program Files\MiuiTab => moved successfully.
C:\Users\Дима\AppData\Local\6559 => moved successfully.
C:\Users\Все пользователи\TXQMPC => moved successfully.
"C:\ProgramData\TXQMPC" => File/Folder not found.
C:\windows\system32\TSSK.sys => moved successfully.
C:\Users\Все пользователи\ntuser.pol => moved successfully.
"C:\ProgramData\ntuser.pol" => File/Folder not found.
C:\windows\system32\Drivers\etc\hp.bak => moved successfully.
C:\Users\Дима\AppData\Roaming\2AA63CE0-1433933292-11B2-8000-C11ED739BDF8 => moved successfully.
C:\Users\Дима\AppData\Local\BrowserManager.bat => moved successfully.
C:\Users\Дима\AppData\Local\chrome.bat => moved successfully.
C:\Users\Дима\ntuser.pol => moved successfully.
C:\lаunсhеr.bаt.exe => moved successfully.
C:\iехplоrе.bаt.exe => moved successfully.
C:\Users\Дима\AppData\Local\ВrоwsеrМаnаgеr.bаt.exe => moved successfully.
C:\Users\Дима\AppData\Local\Yаndех.bаt.exe => moved successfully.
C:\оpеrа.bаt.exe => moved successfully.
C:\Users\Дима\AppData\Local\сhrоmе.bаt.exe => moved successfully.
C:\Users\Дима\AppData\Local\nsdF96.tmp => moved successfully.
C:\Users\Дима\AppData\Local\nse8F24.tmp => moved successfully.
C:\Users\Дима\AppData\Local\nsj2EC0.tmp => moved successfully.
C:\Users\Дима\AppData\Local\nso796B.tmp => moved successfully.
C:\Users\Дима\AppData\Local\nsq3479.tmp => moved successfully.
C:\Users\Дима\AppData\Local\nswF758.tmp => moved successfully.
"C:\Users\Дима\AppData\Local\Yаndех.bаt.exe" => File/Folder not found.
C:\Users\Дима\AppData\Local\{1E9020E3-AE08-448D-BF31-7CB4A3147AD7} => moved successfully.
"C:\Users\Дима\AppData\Local\ВrоwsеrМаnаgеr.bаt.exe" => File/Folder not found.
"C:\Users\Дима\AppData\Local\сhrоmе.bаt.exe" => File/Folder not found.
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully.
C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log => moved successfully.
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully.
C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log => moved successfully.
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully.
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A4E9586-3245-4B4E-9DA7-99351FC06C80}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A4E9586-3245-4B4E-9DA7-99351FC06C80}" => key removed successfully.
C:\Windows\System32\Tasks\Bidaily Synchronize Task[74c7] => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[74c7]" => key removed successfully.
C:\windows\Tasks\Bidaily Synchronize Task[74c7].job => moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP" => key removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP" => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{207A1FD6-6DDC-4032-83D1-06DAEEB4C353} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9A89A67-33FB-4C34-A1B0-3CA7E5E8A82E} => value removed successfully.
EmptyTemp: => 7.1 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 15:43:41 ====
Скрыть