Помогите вылечить файлы от xtbl шифратора. Он попортил все мои рабочие файлы!!!

[shishkas83]

Скрытый текст

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Shishka at 2015-07-09 10:41:04
Running from C:\Users\Shishka\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

HomeGroupUser$ (S-1-5-21-782209906-3566099330-2817917399-1002 - Limited - Enabled)
Shishka (S-1-5-21-782209906-3566099330-2817917399-1000 - Administrator - Enabled) => C:\Users\Shishka
Администратор (S-1-5-21-782209906-3566099330-2817917399-500 - Administrator - Disabled)
Гость (S-1-5-21-782209906-3566099330-2817917399-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-782209906-3566099330-2817917399-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Ace Stream Media 2.1.10.1 (HKU\S-1-5-21-782209906-3566099330-2817917399-1000\...\AceStream) (Version: 2.1.10.1 - Ace Stream Media) <==== ATTENTION!
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM-x32\...\{E7C95B46-4554-4F45-B4E9-3D1BFF134D64}_is1) (Version: - Adobe)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader 9.1 - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{FB07515A-48AC-9996-16EE-3A3DC8CF8D8E}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2250 - AVG Technologies)
AVG 2012 (Version: 12.0.4365 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2250 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.5.0.909 - AVG Technologies)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
BurnAware Free 6.4 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
Bus Driver (x32 Version: 2.2.0.82 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.0909.1412.23625 - Название организации) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Codec Package Packages (HKU\S-1-5-21-782209906-3566099330-2817917399-1000\...\Codec Package Packages) (Version: - ) <==== ATTENTION
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X3 (HKLM-x32\...\_{63218538-4A69-497F-8455-904261B0E9E4}) (Version: - Corel Corporation)
CorelDRAW Graphics Suite X3 (x32 Version: 13.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - RU (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version: - )
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.15.0.27 - DVDVideoSoftTB)
EN (x32 Version: 13.1 - Corel Corporation) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
etranslator (HKU\S-1-5-21-782209906-3566099330-2817917399-1000\...\etranslator) (Version: - etranslator)
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Geeks3D.com FurMark 1.9.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKU\S-1-5-21-782209906-3566099330-2817917399-1000\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{7C79C018-FA9A-4ADB-BBC3-D08453A1DF54}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10144.3282 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3727 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.2.2513 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.2511 - Hewlett-Packard)
HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)
HP QuickWeb Installer (HKLM-x32\...\{394FA67A-FF0A-4356-BB77-D85E5A300BDE}) (Version: 1.2.9.1 - DeviceVM Inc.)
HP Setup (HKLM-x32\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{2EF6F5C7-CCE8-4991-B48F-E3069D9D7512}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Tone Control (HKLM\...\{9207D4A1-586E-49CA-A002-FC9F475AB1A3}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0176 (HKLM-x32\...\{20B88A14-02F9-48D4-ACEC-6D8F5F3E8A83}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{DDB9783C-914C-45ED-9ECA-B262F0DE2A2E}) (Version: 4.0.3.2 - Hewlett-Packard)
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
IsoBuster 3.5 (HKLM-x32\...\IsoBuster_is1) (Version: 3.5 - Smart Projects)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Malwarebytes Anti-Malware, версия 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{737E2345-2897-4B75-9C9B-D541F7394D6B}) (Version: 08.05.0822 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden
Mozilla Firefox 29.0.1 (x86 ru) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 ru)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB97368 (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2512 - CyberLink Corp.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
Update for Codec Package (HKU\S-1-5-21-782209906-3566099330-2817917399-1000\...\DSite) (Version: - ) <==== ATTENTION
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\7E38E30BB92ED94B21CF062A7386554CBA991FEB) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Sync (HKLM-x32\...\{40EF92EA-B347-442D-AC94-03F21965F2EF}) (Version: 14.0.8089.726 - Microsoft Corporation)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Zona (HKLM-x32\...\Zona)) (Version: - )
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden
Архиватор WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Звуковое устройство IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6265.0 - IDT)
Основные компоненты Windows Live (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Основные компоненты Windows Live (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Поддержка программ Apple (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Помощник по входу в Windows Live (HKLM-x32\...\{518A8485-E038-4A8C-A76B-1C868D95F13E}) (Version: 5.000.818.5 - Microsoft Corporation)
Почта Windows Live (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Справочник лекарственных средств (HKU\S-1-5-21-782209906-3566099330-2817917399-1000\...\Справочник лекарственных средств) (Version: 2010 - Keepsoft)
Средство передачи Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Фотоальбом Windows Live (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-782209906-3566099330-2817917399-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Shishka\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-782209906-3566099330-2817917399-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Shishka\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2013-09-14 14:33 - 00001487 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 activate-sea.adobe.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04E5C103-C7A3-42A1-93DB-C6612DF15E5B} - System32\Tasks\DSite => C:\Users\Shishka\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {08695676-EDBA-4B44-86AD-703939767200} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-782209906-3566099330-2817917399-1000UA => C:\Users\Shishka\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {0D641D2E-E160-4A26-9A8C-F0930EAE5814} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)
Task: {1B9090E3-0AAB-4DA1-9A0A-C50E37BA970F} - System32\Tasks\{0EC79E5D-4341-4A92-A04E-9A189AD10AB6} => pcalua.exe -a "C:\MYDISK\PROGS\programs\Autodesk AutoCAD 2008 Russian\Autodesk AutoCAD 2008 Russian.exe" -d "C:\MYDISK\PROGS\programs\Autodesk AutoCAD 2008 Russian"
Task: {1DF9F7BC-97CA-40F8-8332-1D126280B5D1} - System32\Tasks\{AC60E9A2-93ED-46EC-A631-1983B1A28FFE} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {1ED597A7-A4F4-4AC1-9963-174EA6B7AB88} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2012-12-17] (Apple Inc.)
Task: {2982C6E6-8326-4946-A59E-70C321B5837A} - System32\Tasks\HPCeeScheduleForShishka => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {2AD44E24-3C4C-4B66-8A18-9177E4ECF9C6} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-26] ()
Task: {2E780403-876F-4B80-B1CF-B77F6BA97AFF} - System32\Tasks\3sgg => C:\Users\Shishka\AppData\Local\Temp\3fe31.exe <==== ATTENTION
Task: {40BCF867-01FC-41A4-9574-D8200562474C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {49557799-820E-45DE-AE15-89C2990BE30E} - System32\Tasks\{A49E5846-7F18-4985-AECA-0C1613D3990F} => pcalua.exe -a C:\programs\antivirus\sc-kis8.0.0.454ru.exe -d C:\programs\antivirus
Task: {4BCC3EE9-3E6C-4D0E-BD93-D619F03F11D9} - System32\Tasks\{9C2C7198-F1AC-44C0-AC31-B2C5874C45B5} => pcalua.exe -a C:\MYDISK\PROGS\programs\graphic\Adobe.Photoshop.CS5.Extended.12.0.1.RePack.exe -d C:\MYDISK\PROGS\programs\graphic
Task: {649CF638-F1B4-4075-BB5D-F4434E2FD867} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6F62E04B-A4A3-4C2D-8A48-E7BFD19B18E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {704ED648-DF2B-4F81-976B-0ECCA9CFA3B2} - System32\Tasks\{46F03BC3-DC9C-4C0A-8FC9-B30A6BDEACB2} => pcalua.exe -a "G:\MYDISK\PROGS\2013\!!!Graphic ProgS!!!\Adobe_Illustrator_CS5\Adobe Illustrator CS5\Adobe_Illustrator_CS5.exe" -d "G:\MYDISK\PROGS\2013\!!!Graphic ProgS!!!\Adobe_Illustrator_CS5\Adobe Illustrator CS5"
Task: {726030DE-11BF-4253-B477-DFA96290EA47} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {93EDF747-BDB4-4646-AF58-A2E6D9E274F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-782209906-3566099330-2817917399-1000Core => C:\Users\Shishka\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {9690D596-B99C-44D2-8957-B0A452106AA9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-02-04] (Microsoft)
Task: {9EA3DA77-C289-4B25-AB79-FBC1BA38CA8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A58C2BE8-9CA1-4591-B177-A4E08B3B1FE1} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\SYSTEM32\aitagent.exe [2010-11-20] (Корпорация Майкрософт (Microsoft Corp.))
Task: {B47B7ADD-04A0-4C3D-AADC-58DC2F004FEB} - System32\Tasks\{55014842-E3EA-4AA1-AA44-1E0DC9AC068F} => pcalua.exe -a "C:\Users\Shishka\AppData\Local\Temp\CProgram Files (x86)Opera\Opera_1101_int_Setup.exe" -d "C:\Program Files (x86)\Opera"
Task: {B8CC7DF3-0044-42F6-BF20-EB2C2C19DD52} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-26] ()
Task: {BAA9BE74-7EF4-4B92-AB46-F0EBAAC36DF3} - System32\Tasks\{AE7443B5-B033-442D-883B-B88281B9BDDD} => pcalua.exe -a C:\Users\Shishka\Desktop\Adobe_Photoshop_Lightroom_4.exe -d C:\Users\Shishka\Desktop
Task: {BC454F09-05D8-431A-A2D4-905CBE62D440} - System32\Tasks\AdobeAAMUpdater-1.0-Shishka-PC-Shishka => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {BCAF33CE-B6A0-446E-B57F-65E934B8FB11} - System32\Tasks\Digital Sites => C:\Users\Shishka\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CE4201D7-151F-43E2-AE92-4B523B1D77D6} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {D2196E33-F664-44E4-883F-EBD86F0C08EE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DB0D2CD4-C787-4616-A00C-601D78F7F7DF} - System32\Tasks\VKSaverUpdate => C:\ProgramData\VKSaver\VKSaver.exe <==== ATTENTION
Task: {E3C000CF-3C77-4AF2-9F09-1AEFA12F0096} - System32\Tasks\{FB41A8DC-EE90-4E02-9B4F-41DABE9F5F8C} => pcalua.exe -a G:\MYDISK\PROGS\Nero-7.0.1.4_rus_\Nero-7.0.1.4_rus_no_yt.exe -d G:\MYDISK\PROGS\Nero-7.0.1.4_rus_
Task: {E4CB0AF9-49AB-47AA-A670-55B0BECA75C6} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {E6695D37-9DAD-48F4-B08A-7066082BC08A} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {E6C55E52-3260-43CA-AB08-C69980C40FC6} - System32\Tasks\{887C244A-EFAF-40A1-A463-2E4652EFE3E0} => pcalua.exe -a "G:\MYDISK\PROGS\2013\!!!Graphic ProgS!!!\ADOBE PHOTOSHOP\Adobe.Photoshop.CS5.Extended.12.0.1.RePack.exe" -d "G:\MYDISK\PROGS\2013\!!!Graphic ProgS!!!\ADOBE PHOTOSHOP"
Task: C:\Windows\Tasks\3sgg.job => C:\Users\Shishka\AppData\Local\Temp\3fe31.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Shishka\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Shishka\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-782209906-3566099330-2817917399-1000Core.job => C:\Users\Shishka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-782209906-3566099330-2817917399-1000UA.job => C:\Users\Shishka\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForShishka.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (Whitelisted) ==============

2009-12-29 13:19 - 2009-12-29 13:19 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-02-25 11:21 - 2010-03-15 12:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2012-12-17 18:14 - 2012-12-17 18:14 - 00954848 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2010-01-18 14:04 - 2010-01-18 14:04 - 00020480 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2006-11-02 21:40 - 2006-11-02 21:40 - 00174656 _____ () C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe
2015-05-14 00:44 - 2015-05-14 00:44 - 00166848 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\loggingserver.exe
2010-01-20 15:20 - 2010-01-20 15:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-06-09 00:44 - 2012-11-20 01:03 - 00812544 _____ () C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
2013-08-19 22:14 - 2015-05-14 00:44 - 02510784 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2010-09-09 16:50 - 2010-09-09 16:50 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-09 15:11 - 2010-09-09 15:11 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-16 14:51 - 2009-12-16 14:51 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2009-12-16 14:51 - 2009-12-16 14:51 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2012-08-27 22:33 - 2012-08-27 22:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 22:33 - 2012-08-27 22:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-14 00:44 - 2015-05-14 00:44 - 00526784 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\log4cplusU.dll
2013-04-27 09:27 - 2012-04-26 14:38 - 20758016 _____ () C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll
2011-01-09 23:12 - 2014-05-30 21:37 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2011-01-09 23:12 - 2014-05-30 21:37 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2011-01-09 23:12 - 2014-05-30 21:37 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2011-01-09 23:12 - 2014-05-30 21:37 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2011-12-09 23:37 - 2014-05-30 21:37 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2011-01-09 23:12 - 2014-05-30 21:37 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2011-01-09 23:12 - 2014-05-30 21:37 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2011-01-09 23:12 - 2014-05-30 21:37 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2011-01-09 23:12 - 2014-05-30 21:37 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2011-01-09 23:12 - 2014-05-30 21:37 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2011-01-09 23:12 - 2014-05-30 21:37 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2011-01-09 23:12 - 2014-05-30 21:37 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
2015-07-08 22:11 - 2015-07-08 22:11 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Shishka\Local Settings:init
AlternateDataStreams: C:\Users\Shishka\AppData\Local:init
AlternateDataStreams: C:\Users\Shishka\AppData\Local\Application Data:init

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-782209906-3566099330-2817917399-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Shishka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AceStream => C:\Users\Shishka\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Shishka\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C2A55B5A-730D-458D-83F4-ED0D5DDDB9CC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{15F67DFC-0019-4673-92C9-070F60B9CA17}] => (Allow) svchost.exe
FirewallRules: [{53D95469-0ED6-4B6F-AEED-B435529642F1}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{2F11407E-74D5-4009-B065-515782FF5794}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{8380AAD5-5294-4E48-B5AF-AACD912CE1CA}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{9C1CE52A-3956-47CD-9063-7CC356A59D43}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\iTV\HPiTV.exe
FirewallRules: [{5E0DE2DF-8331-48AC-8883-D76793F92C4E}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{7A83CE65-1A98-4751-8958-96408FDC59F7}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{C897A58C-CDD8-4E24-AEEB-A7B95A8A473F}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikHelper.exe
FirewallRules: [{3AE7B49A-2AA5-47E0-990D-903F9AA85529}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikHelper.exe
FirewallRules: [{BEAD3363-4566-487A-98C0-A1B33A6F546E}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikHelper.exe
FirewallRules: [{BA66A5A3-5902-48F8-989B-B80A0DE7D3A5}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikHelper.exe
FirewallRules: [{72DFDC12-495D-49C7-8033-AC9B482C2E3B}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
FirewallRules: [{39DC4369-7BDC-44CB-87E3-CA1BC946799C}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
FirewallRules: [{826C02F6-BB1A-4238-8C9B-7F849A3C0BBF}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
FirewallRules: [{075E8EB7-83FF-4BE2-8B0E-8DC78BA9160D}] => (Allow) C:\Program Files (x86)\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
FirewallRules: [TCP Query User{2D789E71-31C0-49A6-94E7-67DF04E01470}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [UDP Query User{9B2CEECC-9ACF-4639-B000-034CFB8929CA}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [{F8D34EFA-FB40-4F65-A89A-4AE4D5615958}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D33921A3-D6D5-49AB-89D1-C04BA9F88011}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{CE929E38-629E-4A0E-8623-02645597CD29}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{01FC02B9-148E-4F16-9778-2A51393E9265}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{07DC8945-EE8F-4707-8715-09132EAFD0E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6352EF66-B049-4CF3-83B1-9466888F5DD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7DD80424-9115-40AD-B3F3-FDC6CFACC487}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{74296A48-7B77-4D20-9907-E805AB66F407}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDE13FEC-A066-41B5-8906-5A95DE4F3A3D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1A08247B-EDD4-4E08-8866-F2A6E89E57DC}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{73AEF784-9824-4B29-9124-8D69755D090A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{793D9214-C5D5-4662-BE1D-FAF556072290}] => (Allow) C:\Program Files (x86)\TorrentExpress\SmallTE.exe
FirewallRules: [{4A0FF69C-47F0-4927-BC67-FB5A6AF1B868}] => (Allow) C:\Program Files (x86)\TorrentExpress\SmallTE.exe
FirewallRules: [{3590F91A-2C6C-47CB-9296-14544F20625A}] => (Allow) C:\Users\Shishka\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54540CC3-BEF7-4804-A181-66458AB0CCE3}] => (Allow) C:\Users\Shishka\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{824C2DAF-EE92-40ED-843B-5FA3D2D2ABD8}C:\users\shishka\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\shishka\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{552F1AA2-E7DA-44B9-80F1-749548DADF61}C:\users\shishka\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\shishka\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [TCP Query User{C9CD0AB4-115E-4C42-B5FF-881F22138955}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe
FirewallRules: [UDP Query User{8BC37E57-86BE-44CC-AB29-1AB2EC75AA3B}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe
FirewallRules: [TCP Query User{23ABDB74-D507-454E-95CF-AB9BF964EFB2}G:\wstorrent\wstorrent.exe] => (Allow) G:\wstorrent\wstorrent.exe
FirewallRules: [UDP Query User{043BA4A7-F2C1-4F01-9B0D-886F6A0ACD52}G:\wstorrent\wstorrent.exe] => (Allow) G:\wstorrent\wstorrent.exe
FirewallRules: [{663ABDAC-B1B7-447D-99ED-F0908A21D511}] => (Allow) C:\Users\Shishka\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{2CA21B91-FF70-4D41-9DCC-B443D82AB864}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{D95F4FC0-7CBA-4901-ACB0-62299EBC662B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{3684CFFD-FFD3-40E6-B978-F8CFCC6E6325}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{320462A6-F4F5-444F-8322-2D30859D9CF5}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{A7A71F36-03F3-4FF1-9BD5-3A28864B5704}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{0461D0F9-EF06-4C0B-A434-9B7E093CEE3B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2015 10:33:49 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: При выгрузке строк счетчиков производительности для службы WmiApRpl (WmiApRpl) произошел сбой. Первое двойное слово (DWORD) в секции данных содержит код ошибки.

Error: (07/09/2015 10:33:49 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных.

Error: (07/09/2015 10:33:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных.

Error: (07/09/2015 09:39:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: При выгрузке строк счетчиков производительности для службы WmiApRpl (WmiApRpl) произошел сбой. Первое двойное слово (DWORD) в секции данных содержит код ошибки.

Error: (07/09/2015 09:39:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных.

Error: (07/09/2015 09:39:27 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных.

Error: (07/09/2015 05:49:21 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Не удалось создать точку восстановления (Процесс = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Описание = Запланированная контрольная точка; HR = 0x80070422).

Error: (07/08/2015 10:01:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: При выгрузке строк счетчиков производительности для службы WmiApRpl (WmiApRpl) произошел сбой. Первое двойное слово (DWORD) в секции данных содержит код ошибки.

Error: (07/08/2015 10:01:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных.

Error: (07/08/2015 10:01:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных.


System errors:
=============
Error: (07/08/2015 09:56:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "MBAMService" неожиданно прервана. Это произошло (раз): 1.

Error: (07/08/2015 09:56:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "MBAMScheduler" из-за ошибки
%%1053

Error: (07/08/2015 09:56:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "MBAMScheduler".

Error: (07/07/2015 06:48:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "MBAMService" неожиданно прервана. Это произошло (раз): 1.

Error: (07/07/2015 06:48:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "MBAMScheduler" из-за ошибки
%%1053

Error: (07/07/2015 06:48:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "MBAMScheduler".

Error: (07/07/2015 06:48:02 PM) (Source: EventLog) (EventID: 600 (User: )
Description: Предыдущее завершение работы системы в 12:12:25 на ‎06.‎07.‎2015 было неожиданным.

Error: (07/06/2015 07:09:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "MBAMService" неожиданно прервана. Это произошло (раз): 1.

Error: (07/06/2015 07:09:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы "MBAMScheduler" из-за ошибки
%%1053

Error: (07/06/2015 07:09:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "MBAMScheduler".


Microsoft Office:
=========================
Error: (11/30/2012 00:02:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 79%
Total physical RAM: 3893.86 MB
Available physical RAM: 814.68 MB
Total Virtual: 7785.93 MB
Available Virtual: 4593.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.67 GB) (Free:21.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.96 GB) (Free:3.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: (Новый том) (Fixed) (Total:326.84 GB) (Free:55.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3D287441)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=16 KB) - (Type=42)
Partition 4: (Not Active) - (Size=117.7 GB) - (Type=42)

==================== End of log ============================

Скрыть

[Info_bot]

Уважаемый(ая) shishkas83, спасибо за обращение на наш форум!

Удаление вирусов - абсолютно бесплатная услуга на VirusInfo.Info. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи.

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.

[mike 1]

Логи пришлите те, которые требуется по правилам!

http://virusinfo.info/showthread.php?t=121951 (Новую тему создавать не нужно)