Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02 Ran by Andriy (administrator) on ANDRIY-ПК (05-06-2016 21:17:43) Running from F:\Andriy\files\FRST Loaded Profiles: Andriy (Available Profiles: Andriy) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [USB Safely Remove] => C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [6477168 2015-04-29] (Crystal Rich Ltd) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.) HKU\S-1-5-18\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.50 Tcpip\..\Interfaces\{EEDD55FD-04BF-442E-9EEF-E17BC4BFE6AA}: [DhcpNameServer] 192.168.1.50 Internet Explorer: ================== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2016-06-04] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2016-06-04] (Oracle Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\System32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] () FF Plugin: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2016-06-04] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2016-06-04] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-04] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Презентації) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-04] CHR Extension: (Google Документи) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-04] CHR Extension: (Диск Google) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-04] CHR Extension: (YouTube) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-04] CHR Extension: (Google Таблиці) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-04] CHR Extension: (Google Документи офлайн) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-04] CHR Extension: (AdBlock) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-04] CHR Extension: (Платежі Веб-магазину Chrome) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-04] CHR Extension: (Gmail) - C:\Users\Andriy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-04] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-04] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-04] (Dropbox, Inc.) S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [File not signed] R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1666416 2015-04-28] (Crystal Rich Ltd) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-05-06] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт) S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 ip100Avista; C:\Windows\System32\DRIVERS\ipfnd51.sys [37888 2010-11-23] (IC Plus Corp. ) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-05-06] (Корпорация Майкрософт) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2016-06-05] (secr9tos) [File not signed] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys 8A22BE3663C0A93F7E4C1A458FC0817A C:\Windows\System32\DRIVERS\atikmpag.sys C0C27A1094F6EA978FB2CAACFDE0E594 C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102 C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtihdW76.sys F270AFC3848C54C67E3BFB892CE9B9C6 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285 C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7 C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys CF1F6326AC44C42F4615D4BD53188AC5 C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868 C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfnd51.sys 733F61BC6995212518386812CE6FD40D C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 063C09DB965E3DFD6F4F08416F6DB8F5 C:\Windows\System32\Drivers\ksecpkg.sys 1FA627E63195BF3BF636BFEF0D7190D4 C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26 C:\Windows\System32\DRIVERS\MpFilter.sys DA0FAEE45D6F03D7647851A20977A7D0 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A C:\Windows\System32\DRIVERS\mrxsmb.sys 211FB7D41E50BCBFEFC3512290E0339E C:\Windows\System32\DRIVERS\mrxsmb10.sys E94368D48ADF90F03AA65112461AD02B C:\Windows\System32\DRIVERS\mrxsmb20.sys 5162FAE8A13CF1F5B6DCD863D09173C7 C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys AA0C2BA3782E92BD85E2264BE418E67C C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6D79C8CB73187FBEAAD1F680FADF98D3 C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\System32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\oem-drv64.sys AF62313D78CC96909B78083E6832D4A0 C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys 71B6F78D6444CCE6F77BC42917A4E8F7 C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\system32\drivers\Synth3dVsc.sys C3A39C4079305480972D29C44B868C78 C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65 C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1 C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426 C:\Windows\system32\drivers\TsUsbGD.sys D34789988234DCC8FA55FA9A485AF0EC C:\Windows\system32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\system32\drivers\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\system32\drivers\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-05 21:17 - 2016-06-05 21:17 - 00000000 ____D C:\FRST 2016-06-05 21:11 - 2016-06-05 21:13 - 00000000 ____D C:\AdwCleaner 2016-06-05 21:10 - 2016-06-05 21:10 - 03677248 _____ C:\Users\Andriy\Desktop\adwcleaner_5.119.exe 2016-06-05 20:25 - 2016-06-05 20:26 - 00001518 _____ C:\Users\Andriy\Desktop\Malwarebytes.txt 2016-06-05 20:09 - 2016-06-05 20:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-05 20:09 - 2016-06-05 20:09 - 00000000 ____D C:\Users\Все пользователи\Malwarebytes 2016-06-05 20:09 - 2016-06-05 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-06-05 20:09 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-06-05 20:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-06-05 20:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-06-05 20:08 - 2016-06-05 20:08 - 22851472 _____ (Malwarebytes ) C:\Users\Andriy\Downloads\mbam-setup-2.2.1.1043.exe 2016-06-05 15:07 - 2015-02-18 10:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2016-06-05 15:07 - 2015-02-18 10:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2016-06-05 14:01 - 2016-06-05 14:01 - 00568984 _____ C:\Users\Andriy\Desktop\ANDRIY-ПК_2016-06-05_13-54-14.7z 2016-06-05 13:47 - 2016-06-05 13:47 - 00000000 ____D C:\Users\Andriy\AppData\Roaming\MK10 2016-06-05 13:39 - 2016-06-05 13:39 - 00001039 _____ C:\Users\Andriy\Desktop\Mortal Kombat X Premium Edition.lnk 2016-06-05 13:39 - 2016-06-05 13:39 - 00000000 ____D C:\Windows\SysWOW64\directx 2016-06-05 10:35 - 2016-06-05 10:35 - 00001382 _____ C:\Users\Andriy\Desktop\uTorrent.lnk 2016-06-04 22:48 - 2016-06-04 22:48 - 00001226 _____ C:\Users\Andriy\Desktop\Dropbox.lnk 2016-06-04 22:46 - 2016-06-04 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-06-04 22:44 - 2016-06-05 21:14 - 00000958 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-06-04 22:44 - 2016-06-05 20:50 - 00000962 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-06-04 22:44 - 2016-06-04 22:46 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-06-04 22:44 - 2016-06-04 22:44 - 00690584 _____ (Dropbox, Inc.) C:\Users\Andriy\Downloads\DropboxInstaller.exe 2016-06-04 22:44 - 2016-06-04 22:44 - 00003958 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2016-06-04 22:44 - 2016-06-04 22:44 - 00003706 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2016-06-04 22:44 - 2016-06-04 22:44 - 00000000 ____D C:\Users\Все пользователи\Dropbox 2016-06-04 22:44 - 2016-06-04 22:44 - 00000000 ____D C:\Users\Andriy\AppData\Roaming\Dropbox 2016-06-04 22:44 - 2016-06-04 22:44 - 00000000 ____D C:\ProgramData\Dropbox 2016-06-04 17:22 - 2016-06-04 17:22 - 00002645 _____ C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2016-06-04 17:21 - 2016-06-05 12:39 - 00000000 ____D C:\Users\Andriy\AppData\Roaming\uTorrent 2016-06-04 16:59 - 2016-06-04 16:59 - 00000000 ____D C:\Users\Все пользователи\ATI 2016-06-04 16:59 - 2016-06-04 16:59 - 00000000 ____D C:\Users\Andriy\AppData\Roaming\ATI 2016-06-04 16:59 - 2016-06-04 16:59 - 00000000 ____D C:\ProgramData\ATI 2016-06-04 16:57 - 2016-06-04 16:57 - 00000000 _____ C:\Windows\ativpsrm.bin 2016-06-04 16:54 - 2016-06-04 16:54 - 00000000 ____D C:\Users\Andriy\AppData\Roaming\library_dir 2016-06-04 16:53 - 2016-06-04 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2016-06-04 16:52 - 2016-06-04 16:52 - 00000000 ____D C:\Program Files (x86)\AMD 2016-06-04 16:51 - 2016-06-04 16:52 - 00000000 ____D C:\Program Files\AMD 2016-06-04 16:51 - 2016-06-04 16:51 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2016-06-04 16:49 - 2016-06-04 16:49 - 00000000 ____D C:\AMD 2016-06-04 16:43 - 2016-06-04 16:43 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2016-06-04 16:43 - 2016-06-04 16:43 - 00001945 _____ C:\Windows\epplauncher.mif 2016-06-04 16:43 - 2016-06-04 16:43 - 00000000 ____D C:\Program Files\Microsoft Security Client 2016-06-04 16:43 - 2016-06-04 16:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2016-06-04 16:41 - 2016-06-05 21:14 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-04 16:41 - 2016-06-05 20:51 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-04 16:41 - 2016-06-04 16:46 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-06-04 16:41 - 2016-06-04 16:46 - 00003790 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-06-04 16:41 - 2016-06-04 16:41 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-04 16:41 - 2016-06-04 16:41 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-04 16:41 - 2016-06-04 16:41 - 00000000 ____D C:\Users\Andriy\AppData\Local\Apps\2.0 2016-06-04 16:41 - 2016-06-04 16:41 - 00000000 ____D C:\Program Files (x86)\Google 2016-06-04 16:33 - 2016-06-05 21:14 - 00000000 ____D C:\Users\Andriy\AppData\Roaming\USBSafelyRemove 2016-06-04 16:32 - 2016-06-04 16:32 - 00321448 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2016-06-04 16:32 - 2016-06-04 16:32 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2016-06-04 16:32 - 2016-06-04 16:32 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2016-06-04 16:32 - 2016-06-04 16:32 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-06-04 16:32 - 2016-06-04 16:32 - 00001405 _____ C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 _SHDL C:\Users\Andriy\Шаблоны 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 _SHDL C:\Users\Andriy\Мои документы 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 _SHDL C:\Users\Andriy\Главное меню 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 _SHDL C:\Users\Andriy\Documents\Моя музыка 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 _SHDL C:\Users\Andriy\Documents\Мои рисунки 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 _SHDL C:\Users\Andriy\Documents\Мои видеозаписи 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 _SHDL C:\Users\Andriy\AppData\Roaming\Microsoft\Windows\Start Menu\Программы 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 ____D C:\Windows\system32\Macromed 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 ____D C:\Users\Andriy 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-06-04 16:32 - 2016-06-04 16:32 - 00000000 ____D C:\Program Files\Java 2016-06-04 16:32 - 2015-05-07 14:02 - 00000000 ____D C:\Users\Andriy\AppData\Roaming\Adobe 2016-06-04 16:32 - 2015-04-14 13:28 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-06-04 16:32 - 2015-04-14 13:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-06-04 16:32 - 2010-11-21 05:50 - 00000020 ___SH C:\Users\Andriy\ntuser.ini 2016-06-04 16:30 - 2016-06-05 18:46 - 01613418 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-06-04 16:29 - 2016-06-05 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-06-04 16:28 - 2016-06-05 19:18 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-06-04 16:28 - 2016-06-05 19:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-06-04 16:28 - 2016-06-04 16:28 - 00000000 ____D C:\Users\Все пользователи\USBSRService 2016-06-04 16:28 - 2016-06-04 16:28 - 00000000 ____D C:\ProgramData\USBSRService 2016-06-04 16:28 - 2016-06-04 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Safely Remove 2016-06-04 16:28 - 2016-06-04 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2016-06-04 16:28 - 2016-06-04 16:28 - 00000000 ____D C:\Program Files (x86)\USB Safely Remove 2016-06-04 16:28 - 2016-06-04 16:28 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite 2016-06-04 16:28 - 2015-03-17 19:15 - 02082304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll 2016-06-04 16:28 - 2015-03-17 19:15 - 01260544 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll 2016-06-04 16:28 - 2015-03-17 19:15 - 00384512 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll 2016-06-04 16:28 - 2015-03-17 19:15 - 00384512 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libssl32.dll 2016-06-04 16:28 - 2015-03-17 19:15 - 00292864 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll 2016-06-04 16:28 - 2015-03-17 19:15 - 00292864 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libssl32.dll 2016-06-04 16:28 - 2015-01-10 11:59 - 00802304 _____ (Implbits Software) C:\Windows\system32\HashTab.dll 2016-06-04 16:28 - 2014-09-10 19:14 - 00163480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 01070232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00660120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00617896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00444328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MShflxgd.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00416408 _____ (Microsoft Corporation ) C:\Windows\SysWOW64\comct332.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00279192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdatgrd.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00259736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msflxgrd.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00253080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdatlst.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00222360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00219288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00218776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dblist32.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00212112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mci32.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00179352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmask32.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00170920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00131728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinet.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00130712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msstdfmt.dll 2016-06-04 16:28 - 2013-11-25 16:27 - 00127640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswinsck.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00119960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscomm32.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00108696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTKPRP.DLL 2016-06-04 16:28 - 2013-11-25 16:27 - 00104088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\picclp32.ocx 2016-06-04 16:28 - 2013-11-25 16:27 - 00084624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysinfo.ocx 2016-06-04 16:28 - 2011-01-12 22:36 - 01054208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll 2016-06-04 16:28 - 2011-01-12 22:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71DEU.DLL 2016-06-04 16:28 - 2011-01-12 22:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71ITA.DLL 2016-06-04 16:28 - 2011-01-12 22:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71FRA.DLL 2016-06-04 16:28 - 2011-01-12 22:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71ESP.DLL 2016-06-04 16:28 - 2011-01-12 22:25 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71ENU.DLL 2016-06-04 16:28 - 2011-01-12 22:25 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71KOR.DLL 2016-06-04 16:28 - 2011-01-12 22:25 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71JPN.DLL 2016-06-04 16:28 - 2011-01-12 22:25 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71CHT.DLL 2016-06-04 16:28 - 2011-01-12 22:25 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71CHS.DLL 2016-06-04 16:28 - 2011-01-12 22:19 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll 2016-06-04 16:28 - 2011-01-12 21:53 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll 2016-06-04 16:28 - 2010-06-11 18:16 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2016-06-04 16:28 - 2010-06-11 18:16 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2016-06-04 16:28 - 2010-06-11 18:16 - 00123480 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2016-06-04 16:28 - 2010-06-11 18:16 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2016-06-04 16:28 - 2008-04-15 15:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvbvm50.dll 2016-06-04 16:28 - 2007-02-01 19:13 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2016-06-04 16:28 - 2007-02-01 16:11 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2016-06-04 16:28 - 2007-01-30 19:04 - 00339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll 2016-06-04 16:28 - 2006-08-25 23:28 - 01017344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70u.dll 2016-06-04 16:28 - 2006-08-25 23:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70ita.dll 2016-06-04 16:28 - 2006-08-25 23:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70fra.dll 2016-06-04 16:28 - 2006-08-25 23:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70esp.dll 2016-06-04 16:28 - 2006-08-25 23:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70deu.dll 2016-06-04 16:28 - 2006-08-25 23:15 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70enu.dll 2016-06-04 16:28 - 2006-08-25 23:15 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70kor.dll 2016-06-04 16:28 - 2006-08-25 23:15 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70jpn.dll 2016-06-04 16:28 - 2006-08-25 23:15 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70cht.dll 2016-06-04 16:28 - 2006-08-25 23:15 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70chs.dll 2016-06-04 16:28 - 2006-08-25 23:07 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll 2016-06-04 16:28 - 2006-08-25 22:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl70.dll 2016-06-04 16:28 - 2006-04-10 23:41 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL32.OCX 2016-06-04 16:28 - 2005-01-20 18:25 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvci70.dll 2016-06-04 16:28 - 2002-01-05 04:40 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP70.DLL 2016-06-04 16:28 - 1996-01-12 03:00 - 00935632 _____ (Microsoft Corporation) C:\Windows\system\Vb40016.dll 2016-06-04 16:28 - 1996-01-12 03:00 - 00722192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vb40032.dll 2016-06-04 16:28 - 1994-11-18 00:00 - 00210944 _____ C:\Windows\SysWOW64\msvcrt10.dll 2016-06-04 16:28 - 1993-05-11 20:00 - 00398416 _____ (Microsoft Corporation) C:\Windows\system\Vbrun300.dll 2016-06-04 16:28 - 1992-10-21 01:00 - 00356992 _____ (Microsoft Corporation) C:\Windows\system\vbrun200.dll 2016-06-04 16:28 - 1991-05-10 02:00 - 00271264 _____ C:\Windows\system\vbrun100.dll 2016-06-04 16:27 - 2016-06-05 13:40 - 00000000 ____D C:\Users\Все пользователи\Package Cache 2016-06-04 16:27 - 2016-06-05 13:40 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-04 16:12 - 2016-06-04 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2016-06-04 16:12 - 2016-06-04 16:12 - 00000000 ____D C:\Program Files\Unlocker 2016-06-04 16:12 - 2016-06-04 16:12 - 00000000 ____D C:\Program Files\7-Zip 2016-06-04 16:11 - 2016-06-04 16:11 - 00001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AkelPad.lnk 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Underwater 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Sexy Underground Moves 2 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Sexy Underground Moves 1 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Sexy Dance 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Restful Winter 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Passion Lips 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\No Signal 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Night Traffic 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Molecular White 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Molecular Black 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Manhattan Night 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Hight Fly 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\CPLDAPU 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Christmas Clock & Countdown 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Bird Life 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Aqua Surface 3 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Aqua Surface 2 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Windows\SysWOW64\Aqua Surface 1 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Program Files\WinRAR 2016-06-04 16:11 - 2016-06-04 16:11 - 00000000 ____D C:\Program Files\AkelPad 2016-06-04 16:11 - 2015-02-11 17:21 - 00000059 _____ C:\Windows\SysWOW64\Bird Life.ini 2016-06-04 16:11 - 2015-02-11 17:13 - 00000075 _____ C:\Windows\SysWOW64\Christmas Clock & Countdown.ini 2016-06-04 16:11 - 2015-02-11 17:03 - 00000057 _____ C:\Windows\SysWOW64\Hight Fly.ini 2016-06-04 16:11 - 2015-02-11 16:57 - 00000063 _____ C:\Windows\SysWOW64\Manhattan Night.ini 2016-06-04 16:11 - 2015-02-11 16:52 - 00000063 _____ C:\Windows\SysWOW64\Night Traffic.ini 2016-06-04 16:11 - 2015-02-11 16:46 - 00000062 _____ C:\Windows\SysWOW64\Passion Lips.ini 2016-06-04 16:11 - 2015-02-11 16:32 - 00000064 _____ C:\Windows\SysWOW64\Restful Winter.ini 2016-06-04 16:11 - 2014-11-25 12:23 - 00261632 _____ C:\Windows\SysWOW64\Restful Winter.scr 2016-06-04 16:11 - 2014-11-25 12:23 - 00261632 _____ C:\Windows\SysWOW64\Night Traffic.scr 2016-06-04 16:11 - 2014-11-25 12:23 - 00261632 _____ C:\Windows\SysWOW64\Manhattan Night.scr 2016-06-04 16:11 - 2014-11-25 12:23 - 00261632 _____ C:\Windows\SysWOW64\Hight Fly.scr 2016-06-04 16:11 - 2014-11-25 12:23 - 00261632 _____ C:\Windows\SysWOW64\Christmas Clock & Countdown.scr 2016-06-04 16:11 - 2014-11-25 12:23 - 00261632 _____ C:\Windows\SysWOW64\Bird Life.scr 2016-06-04 16:11 - 2014-11-25 12:22 - 00261632 _____ C:\Windows\SysWOW64\Passion Lips.scr 2016-06-04 16:11 - 2014-03-08 19:23 - 00382464 _____ C:\Windows\SysWOW64\cpldapu.exe 2016-06-04 16:11 - 2014-03-08 00:19 - 00000831 _____ C:\Windows\SysWOW64\cpldapu.ini 2016-06-04 16:11 - 2013-09-09 22:34 - 00000060 _____ C:\Windows\SysWOW64\Underwater.ini 2016-06-04 16:11 - 2013-09-09 22:33 - 00000072 _____ C:\Windows\SysWOW64\Sexy Underground Moves 2.ini 2016-06-04 16:11 - 2013-09-09 22:33 - 00000072 _____ C:\Windows\SysWOW64\Sexy Underground Moves 1.ini 2016-06-04 16:11 - 2013-09-09 22:33 - 00000065 _____ C:\Windows\SysWOW64\Molecular White.ini 2016-06-04 16:11 - 2013-09-09 22:33 - 00000059 _____ C:\Windows\SysWOW64\No Signal.ini 2016-06-04 16:11 - 2013-09-09 22:33 - 00000058 _____ C:\Windows\SysWOW64\Sexy Dance.ini 2016-06-04 16:11 - 2013-09-09 22:32 - 00000065 _____ C:\Windows\SysWOW64\Molecular Black.ini 2016-06-04 16:11 - 2013-09-09 22:32 - 00000064 _____ C:\Windows\SysWOW64\Aqua Surface 3.ini 2016-06-04 16:11 - 2013-09-09 22:32 - 00000064 _____ C:\Windows\SysWOW64\Aqua Surface 2.ini 2016-06-04 16:11 - 2013-09-09 22:31 - 00000064 _____ C:\Windows\SysWOW64\Aqua Surface 1.ini 2016-06-04 16:11 - 2013-06-21 10:37 - 00261632 _____ C:\Windows\SysWOW64\Underwater.scr 2016-06-04 16:11 - 2013-06-21 10:36 - 00261632 _____ C:\Windows\SysWOW64\No Signal.scr 2016-06-04 16:11 - 2013-06-19 22:41 - 00261632 _____ C:\Windows\SysWOW64\Aqua Surface 3.scr 2016-06-04 16:11 - 2013-06-19 22:40 - 00261632 _____ C:\Windows\SysWOW64\Aqua Surface 2.scr 2016-06-04 16:11 - 2013-06-19 22:40 - 00261632 _____ C:\Windows\SysWOW64\Aqua Surface 1.scr 2016-06-04 16:11 - 2013-06-16 20:29 - 00261632 _____ C:\Windows\SysWOW64\Molecular White.scr 2016-06-04 16:11 - 2013-06-07 00:03 - 00261632 _____ C:\Windows\SysWOW64\Sexy Underground Moves 2.scr 2016-06-04 16:11 - 2013-06-07 00:02 - 00261632 _____ C:\Windows\SysWOW64\Sexy Underground Moves 1.scr 2016-06-04 16:11 - 2013-06-03 22:29 - 00261632 _____ C:\Windows\SysWOW64\Sexy Dance.scr 2016-06-04 16:11 - 2013-06-03 22:29 - 00261632 _____ C:\Windows\SysWOW64\Molecular Black.scr 2016-06-04 16:11 - 2012-09-13 01:36 - 00106496 _____ C:\Windows\SysWOW64\Startup.cpl 2016-06-04 16:10 - 2016-06-04 16:10 - 00000931 _____ C:\Users\Public\Desktop\Control Center.lnk 2016-06-04 16:09 - 2016-06-04 16:10 - 00000000 ____D C:\Program Files (x86)\Control Center 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Все пользователи\Шаблоны 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Все пользователи\Рабочий стол 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Все пользователи\Избранное 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Все пользователи\Документы 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Все пользователи\Главное меню 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Все пользователи 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Public\Documents\Моя музыка 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Public\Documents\Мои рисунки 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Public\Documents\Мои видеозаписи 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Default\Шаблоны 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Default\Мои документы 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Default\Главное меню 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Default\Documents\Моя музыка 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Default\Documents\Мои рисунки 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Default\Documents\Мои видеозаписи 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Программы 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Default User\Documents\Моя музыка 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Default User\Documents\Мои рисунки 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Default User\Documents\Мои видеозаписи 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Программы 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\ProgramData\Шаблоны 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\ProgramData\Рабочий стол 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\ProgramData\Избранное 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\ProgramData\Документы 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\ProgramData\Главное меню 2016-06-04 16:08 - 2016-06-04 16:08 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Программы 2016-06-04 16:06 - 2016-06-05 21:13 - 00042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys 2016-06-04 16:06 - 2015-04-16 09:31 - 00455575 _____ (Microsoft Corporation) C:\Windows\system32\comparevers.exe 2016-06-04 16:06 - 2015-04-15 16:23 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\xOsLoad.exe 2016-06-04 16:06 - 2015-04-15 14:47 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\xNtKrnl.exe 2016-06-04 16:04 - 2016-06-04 16:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2016-06-04 16:03 - 2016-06-05 19:42 - 00286616 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-04 16:03 - 2016-06-04 16:03 - 00000000 ____D C:\Windows\CSC 2016-06-04 16:02 - 2016-06-04 16:32 - 00000000 ____D C:\Windows\Panther ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-05 21:18 - 2015-05-07 14:07 - 00000000 ____D C:\Temp 2016-06-05 21:14 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-05 20:17 - 2009-07-14 07:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-05 20:17 - 2009-07-14 07:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-05 20:08 - 2011-04-12 16:26 - 00715790 _____ C:\Windows\system32\perfh019.dat 2016-06-05 20:08 - 2011-04-12 16:26 - 00150096 _____ C:\Windows\system32\perfc019.dat 2016-06-05 20:08 - 2009-07-14 08:13 - 01647438 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-05 20:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2016-06-05 19:40 - 2015-05-06 20:21 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-06-05 19:40 - 2015-05-06 20:21 - 00000000 ____D C:\Windows\system32\appraiser 2016-06-05 19:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2016-06-05 19:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-06-04 16:38 - 2009-07-14 06:20 - 00000000 __RHD C:\Users\Public\Libraries 2016-06-04 16:37 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\AppCompat 2016-06-04 16:33 - 2009-07-14 07:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-06-04 16:28 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system 2016-06-04 16:27 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-06-04 16:10 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Cursors 2016-06-04 16:08 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Windows NT 2016-06-04 16:01 - 2009-07-14 08:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template 2016-06-04 16:01 - 2009-07-14 07:45 - 00000000 ____D C:\Windows\Setup ==================== Files in the root of some directories ======= 2016-06-04 17:18 - 2016-06-05 14:17 - 0007605 _____ () C:\Users\Andriy\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe [2010-11-21 06:24] - [2010-11-21 06:24] - 0030720 ____A (Microsoft Corporation) 8A23A8204DDD0FC3B2E6C30B67A845C6 C:\Windows\SysWOW64\userinit.exe [2010-11-21 06:23] - [2010-11-21 06:23] - 0026624 ____A (Microsoft Corporation) 9FCF19DFE8E2D11B0D0855A389D4DBE6 C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION ==================== BCD ================================ „ЁбЇҐвзҐа § Јаг§ЄЁ Windows -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootmgr} device partition=\Device\HarddiskVolume4 description Windows Boot Manager locale ru-RU inherit {globalsettings} default {current} resumeobject {7f0669c8-2a54-11e6-b1c4-b1d4bc0ab7ff} displayorder {current} toolsdisplayorder {memdiag} timeout 30 ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {current} device partition=C: path \Windows\System32\xOsLoad.exe description Windows 7 locale ru-RU inherit {bootloadersettings} recoverysequence {7f0669ca-2a54-11e6-b1c4-b1d4bc0ab7ff} recoveryenabled Yes nointegritychecks Yes osdevice partition=C: systemroot \Windows kernel xNtKrnl.exe resumeobject {7f0669c8-2a54-11e6-b1c4-b1d4bc0ab7ff} nx OptIn ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {7f0669ca-2a54-11e6-b1c4-b1d4bc0ab7ff} device ramdisk=[C:]\Recovery\7f0669ca-2a54-11e6-b1c4-b1d4bc0ab7ff\Winre.wim,{7f0669cb-2a54-11e6-b1c4-b1d4bc0ab7ff} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\7f0669ca-2a54-11e6-b1c4-b1d4bc0ab7ff\Winre.wim,{7f0669cb-2a54-11e6-b1c4-b1d4bc0ab7ff} systemroot \windows nx OptIn winpe Yes ‚л室 Ё§ ०Ё¬  ЈЁЎҐа­ жЁЁ -------------------------- Ё¤Ґ­вЁдЁЄ в®а {7f0669c8-2a54-11e6-b1c4-b1d4bc0ab7ff} device partition=C: path \Windows\System32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Џа®ўҐаЄ  Ї ¬пвЁ Windows --------------------- Ё¤Ґ­вЁдЁЄ в®а {memdiag} device partition=\Device\HarddiskVolume4 path \boot\memtest.exe description „Ё Ј­®бвЁЄ  Ї ¬пвЁ locale ru-RU inherit {globalsettings} badmemoryaccess Yes Џ а ¬Ґвал EMS ------------- Ё¤Ґ­вЁдЁЄ в®а {emssettings} bootems Yes Џ а ¬Ґвал ®в« ¤зЁЄ  ------------------- Ё¤Ґ­вЁдЁЄ в®а {dbgsettings} debugtype Serial debugport 1 baudrate 115200 „ҐдҐЄвл Ћ‡“ ----------- Ё¤Ґ­вЁдЁЄ в®а {badmemory} ѓ«®Ў «м­лҐ Ї а ¬Ґвал -------------------- Ё¤Ґ­вЁдЁЄ в®а {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Џ а ¬Ґвал § Јаг§зЁЄ  -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Џ а ¬Ґвал ЈЁЇҐаўЁ§®а  ------------------- Ё¤Ґ­вЁдЁЄ в®а {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Џ а ¬Ґвал § Јаг§зЁЄ  ў®ббв ­®ў«Ґ­Ёп ----------------------------------- Ё¤Ґ­вЁдЁЄ в®а {resumeloadersettings} inherit {globalsettings} Џ а ¬Ґвал гбва®©бвў ------------------- Ё¤Ґ­вЁдЁЄ в®а {7f0669cb-2a54-11e6-b1c4-b1d4bc0ab7ff} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\7f0669ca-2a54-11e6-b1c4-b1d4bc0ab7ff\boot.sdi LastRegBack: 2016-06-04 22:02 ==================== End of FRST.txt ============================