start
CreateRestorePoint:
C:\Program Files (x86)\Mail.Ru\
C:\Users\User\AppData\Local\Amigo\
C:\Users\User\AppData\Local\Mail.Ru\
HKU\S-1-5-21-673572247-2133786572-878893315-1000\...\Run: [mailruhomesearch] => C:\Users\User\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe [0 2016-12-24] ()
HKU\S-1-5-21-673572247-2133786572-878893315-1000\...\Run: [amigo] => C:\Users\User\AppData\Local\Amigo\Application\amigo.exe [3394776 2016-12-07] (Mail.Ru)
HKU\S-1-5-21-673572247-2133786572-878893315-1000\...\Run: [MailRuUpdater] => C:\Users\User\AppData\Local\Mail.Ru\MailRuUpdater.exe [4167384 2017-01-18] (Mail.Ru)
HKU\S-1-5-21-673572247-2133786572-878893315-1000\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-673572247-2133786572-878893315-1000\...\MountPoints2: {01cb2f9d-463d-11e4-be40-50465da4e315} - G:\HTC_Sync_Manager_PC.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.linkzb.com
HKU\S-1-5-21-673572247-2133786572-878893315-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=818411
SearchScopes: HKU\S-1-5-21-673572247-2133786572-878893315-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=iextn&gp=811041
SearchScopes: HKU\S-1-5-21-673572247-2133786572-878893315-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=iextn&gp=811041
BHO-x32: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\User\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-12-24] (Mail.Ru)
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\bsiumuck.default -> @Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\bsiumuck.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\bsiumuck.default -> hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=818411
FF Keyword.URL: Mozilla\Firefox\Profiles\bsiumuck.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B1E01C990-A8AD-424B-ABED-DC5FF570BB51%7D&gp=811041
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bsiumuck.default\Extensions\homepage@mail.ru [2016-12-24]
FF Extension: (Поиск@Mail.Ru) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bsiumuck.default\Extensions\search@mail.ru [2016-12-24]
FF Extension: (The Safe Surfing) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bsiumuck.default\Extensions\{3B4DE07A-DE43-4DBC-873F-05835FF67DCE} [2017-01-10] [not signed]
FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bsiumuck.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-12-24]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bsiumuck.default\searchplugins\mailru.xml [2016-12-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mailru.xml [2015-02-24]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-09-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-673572247-2133786572-878893315-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
CHR HomePage: Default -> hxxp://mail.ru/cnt/10445?gp=openpart4
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=openpart4"
CHR Extension: (Tampermonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-11]
CHR Extension: (Платежі Веб-магазину Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-25]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (The Safe Surfing) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcknbenjnkkjknphmnidanjifbgphjke [2017-01-10]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [2187992 2016-10-21] (Mail.Ru)
R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [4167384 2017-01-18] (Mail.Ru)
2017-01-26 16:55 - 2017-01-26 17:10 - 00007802 _____ C:\Users\User\AppData\LocalLow\sdfEAD2.tmp
2017-01-26 16:55 - 2017-01-26 17:10 - 00000048 _____ C:\Users\User\AppData\LocalLow\brdEAD2.tmp
2017-01-26 16:55 - 2017-01-26 16:55 - 00000000 _____ C:\Users\User\AppData\LocalLow\pedEAD2.tmp
2017-01-26 16:55 - 2017-01-26 16:55 - 00000000 _____ C:\Users\User\AppData\LocalLow\icmEAD2.tmp
2017-01-26 16:55 - 2017-01-26 16:55 - 00000000 _____ C:\Users\User\AppData\LocalLow\ftdEAD2.tmp
2017-01-26 16:55 - 2017-01-26 16:55 - 00000000 _____ C:\Users\User\AppData\LocalLow\cpdEAD2.tmp
2017-01-26 16:55 - 2017-01-26 16:55 - 00000000 _____ C:\Users\User\AppData\LocalLow\0002ead2.TMP
2017-01-26 16:51 - 2017-01-26 17:10 - 00007802 _____ C:\Users\User\AppData\LocalLow\sdfB0E.tmp
2017-01-26 16:51 - 2017-01-26 17:10 - 00000048 _____ C:\Users\User\AppData\LocalLow\brdB0E.tmp
2017-01-26 16:51 - 2017-01-26 16:51 - 00000000 _____ C:\Users\User\AppData\LocalLow\pedB0E.tmp
2017-01-26 16:51 - 2017-01-26 16:51 - 00000000 _____ C:\Users\User\AppData\LocalLow\icmB0E.tmp
2017-01-26 16:51 - 2017-01-26 16:51 - 00000000 _____ C:\Users\User\AppData\LocalLow\ftdB0E.tmp
2017-01-26 16:51 - 2017-01-26 16:51 - 00000000 _____ C:\Users\User\AppData\LocalLow\cpdB0E.tmp
2017-01-26 16:51 - 2017-01-26 16:51 - 00000000 _____ C:\Users\User\AppData\LocalLow\0002b0e.TMP
2017-01-24 12:05 - 2016-12-24 15:10 - 00003072 _____ C:\Windows\System32\Tasks\MailRuUpdater
2017-01-24 12:05 - 2016-12-24 15:09 - 00000000 ____D C:\Users\User\AppData\Local\Mail.Ru
2016-12-28 11:17 - 2016-12-28 11:17 - 52703976 _____ (Mail.Ru) C:\Users\User\AppData\Local\Temp\amigo_setup.exe
Task: {14EE4178-162A-49B2-95A2-706D9307A83A} - System32\Tasks\[takeofftv] => Chrome.exe hxxp://takeofftv.su/awesome
Task: {B572DDB0-DB76-4140-9DEA-E88297A49BBB} - System32\Tasks\MailRuUpdater => C:\Users\User\AppData\Local\Mail.Ru\MailRuUpdater.exe [2017-01-18] (Mail.Ru)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Амиго.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) <===== Cyrillic
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Амиго.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) <===== Cyrillic
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> hxxp://r.mail.ru/n137257923
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> hxxp://r.mail.ru/n137257727
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения Амиго\Амиго.Музыка.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> --profile-directory=Default --app-id=mbipmajmbfjakbcfnjdldckninlnmhoe
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения Амиго\ВКонтакте.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> --profile-directory=Default --app-id=blpabnnnpcfijmjhhdihdglfhecjoknn
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения Амиго\Мини-игры Mail.Ru.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> --profile-directory=Default --app-id=eelhkjeciikfclbijaplfgdlnmnpamgk
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения Амиго\Мой Мир.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> --profile-directory=Default --app-id=oplpkihnjdodepplnehakffakpgfcpji
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения Амиго\Одноклассники.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> --profile-directory=Default --app-id=jbhbhflenehimkngcjnpeleogniobpnn
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения Амиго\Почта Mail.Ru.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> --profile-directory=Default --app-id=pgkcjlfddldjbjedihplepchglcpamne
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ВКонтакте.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> hxxp://r.mail.ru/n137257923
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk -> C:\Users\User\AppData\Local\Amigo\Application\amigo.exe (Mail.Ru) -> hxxp://r.mail.ru/n137257727
CMD: ipconfig /flushdns
CMD: gpupdate /force
CMD: bitsadmin /reset /allusers
EmptyTemp:
Reboot:
end