Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017 Ran by admin (administrator) on NOTEBOOK (02-02-2017 19:55:41) Running from C:\Users\admin\Desktop Loaded Profiles: admin (Available Profiles: admin) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия) Internet Explorer Version 11 (Default browser: Yandex Browser) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.1.0.2034\service_update.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064 2012-09-14] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-02-03] (Zbshareware Lab) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-02-02] (AVAST Software) HKU\S-1-5-21-3397271481-1196691400-1618317599-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-3397271481-1196691400-1618317599-1000\...\RunOnce: [Application Restart #3] => C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2284024 2017-01-17] (YANDEX LLC) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-01-30] (AVAST Software) GroupPolicy: Restriction - Windows Defender <======= ATTENTION GroupPolicy\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DEF69EAD-837F-4553-91D6-2F70BF4F9A2A}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== SearchScopes: HKU\S-1-5-21-3397271481-1196691400-1618317599-1000 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2261463 SearchScopes: HKU\S-1-5-21-3397271481-1196691400-1618317599-1000 -> 3823DBF11FB47812F8C6BDED5E127DCD URL = hxxp://yandex.ru/search/?win=218&clid=2210462&text={searchTerms} SearchScopes: HKU\S-1-5-21-3397271481-1196691400-1618317599-1000 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2261463 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-02-02] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-02-02] (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-01-17] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Поиск@Mail.Ru FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Поиск@Mail.Ru FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://mail.ru/cnt/10445?gp=812257 FF Keyword.URL: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B0419105D-7662-4750-B99D-8D626D5B67F1%7D&gp=812258 FF Extension: (Домашняя страница Mail.Ru) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru [2017-01-17] FF Extension: (Поиск@Mail.Ru) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru [2017-01-17] FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-01-17] FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml [2017-01-17] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-30] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-30] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR HomePage: ChromeDefaultData -> hxxps://www.google.com/ CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-02] <==== ATTENTION CHR Extension: (Документы Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-17] CHR Extension: () - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cpegcopcfajiiibidlaelhjjblpefbjk [2017-02-02] CHR Extension: (Avast SafePrice) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-02-02] CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-02] CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-02] CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02] CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-17] CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-17] CHR Extension: (Google Презентации) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-19] CHR Extension: (Документы Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-19] CHR Extension: (Диск Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-19] CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-19] CHR Extension: () - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cpegcopcfajiiibidlaelhjjblpefbjk [2017-02-02] CHR Extension: (Google Таблицы) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-19] CHR Extension: (Google Документы офлайн) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-19] CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-19] CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-19] CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2017-01-30] (AVAST Software) S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт) R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт) S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\17.1.0.2034\service_update.exe [626168 2017-01-17] (YANDEX LLC) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2017-01-30] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2017-01-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2017-01-30] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2017-01-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2017-01-30] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2017-02-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2017-02-02] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2017-01-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-02-02] (AVAST Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-08-18] (Disc Soft Ltd) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94440 2016-06-14] (Корпорация Майкрософт) R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт) R2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-16] (Windows (R) Win 7 DDK provider) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aksdf.sys 94C0972B06C75456ED574DD46417B1D8 C:\Windows\system32\drivers\aksfridge.sys 7B0BC062CA6ABAB23F88EA483B5A538E C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys 8B73FEE96B60EE597CBCAA735A842A36 C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961 C:\Windows\system32\drivers\aswHwid.sys 9B480B472D6826E7257C90E2D0EE2954 C:\Windows\system32\drivers\aswKbd.sys 06362BBA1347CBA0996F4B39BB1D8353 C:\Windows\system32\drivers\aswMonFlt.sys 1BB00571CC2C78463ABD7E9C32970758 C:\Windows\system32\drivers\aswRdr2.sys 7010B57D708DA5C9686A5923EE621776 C:\Windows\System32\Drivers\aswRvrt.sys 937885085BFE5BD08EC1BC0245DD203B C:\Windows\system32\drivers\aswSnx.sys 0B6352251C5D84130DF4252D33D266C2 C:\Windows\system32\drivers\aswSP.sys 28213B34725B18387CC1B8C3D73858A1 C:\Windows\system32\drivers\aswStm.sys 9C58B6E9663D0A76D00D83E43C765BDF C:\Windows\System32\Drivers\aswVmm.sys D60D9201739400F0FBDB9E36A3212D91 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrx.sys 428409B5278FB8619AD6D3B4E5AD3F23 C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 41CEAFFCF3550785E59E3EC9BEE8D97A C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285 C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F C:\Windows\System32\DRIVERS\dtsoftbus01.sys 6A0E850DDCB136AA3D2FB7234382DF12 C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hardlock.sys 78FAD9117E4527F2CA82259DA10F40BD C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys CEFA6BDB4789F3DA003ACBDCC64F5877 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\IntcDAud.sys 87871AB7AC797F922A6F3D4C874CED96 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys CF11CC2B73D5155533C67354F9188E09 C:\Windows\System32\Drivers\ksecpkg.sys 2E56D51B184EFB8E353B7AF446299DC8 C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys 8ADB5445B29941CB41AF2846FD5C93C7 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F C:\Windows\System32\DRIVERS\mrxsmb.sys FCA01B0C70DAE9BE557577E719469D17 C:\Windows\System32\DRIVERS\mrxsmb10.sys 386BE96797C5B480AD31E8B50CEE337C C:\Windows\System32\DRIVERS\mrxsmb20.sys 841474CF2EB14F826038FBCC7D85B857 C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694 C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\RtsBaStor.sys 6D3832F14F53C886528FB1CA4C2EC2A6 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys B358C047E081AC70035017BD1D7ED818 C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495 C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78 C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201 C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201 C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83 C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\system32\drivers\terminpt.sys EF4469AB69EB15E5D3754E6AEAFBCD3D C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1 C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426 C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07 C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43 C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wcmvcam64.sys 8F105ADE434064ADFBBFBE198513B84F C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-02 19:55 - 2017-02-02 19:56 - 00031081 _____ C:\Users\admin\Desktop\FRST.txt 2017-02-02 19:54 - 2017-02-02 19:55 - 00000000 ____D C:\FRST 2017-02-02 17:22 - 2017-02-02 17:22 - 02420736 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe 2017-01-31 00:05 - 2017-02-02 19:37 - 00006160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-31 00:05 - 2017-02-02 19:37 - 00006160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-30 23:54 - 2017-01-30 23:54 - 00000000 ____D C:\Users\admin\AppData\Roaming\AVAST Software 2017-01-30 23:53 - 2017-02-02 19:38 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2017-01-30 23:53 - 2017-01-30 23:53 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1485809610 2017-01-30 23:53 - 2017-01-30 23:53 - 00001931 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-01-30 23:53 - 2017-01-30 23:53 - 00001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-01-30 23:53 - 2017-01-30 23:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2017-01-30 23:52 - 2017-02-02 17:28 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2017-01-30 23:52 - 2017-02-02 17:28 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2017-01-30 23:52 - 2017-02-02 17:27 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2017-01-30 23:52 - 2017-01-30 23:52 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-01-30 23:52 - 2017-01-30 23:52 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-01-30 23:52 - 2017-01-30 23:52 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-01-30 23:52 - 2017-01-30 23:52 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-01-30 23:52 - 2017-01-30 23:52 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-01-30 23:52 - 2017-01-30 23:52 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-01-30 23:52 - 2017-01-30 23:51 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2017-01-30 23:51 - 2017-01-30 23:51 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2017-01-30 23:51 - 2017-01-30 23:51 - 00000000 ____D C:\Program Files\AVAST Software 2017-01-30 23:50 - 2017-01-30 23:50 - 00001043 _____ C:\Users\Public\Desktop\USB Disk Security.lnk 2017-01-30 23:50 - 2017-01-30 23:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\Zbshareware Lab 2017-01-30 23:50 - 2017-01-30 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security 2017-01-30 23:50 - 2017-01-30 23:50 - 00000000 ____D C:\Program Files (x86)\USB Disk Security 2017-01-30 23:48 - 2016-02-14 20:27 - 04172536 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys 2017-01-30 18:57 - 2017-01-30 18:57 - 00000000 ____D C:\Windows\pss 2017-01-28 19:02 - 2017-01-30 18:53 - 00000000 ____D C:\Users\admin\AppData\LocalLow\uTorrent 2017-01-28 18:50 - 2016-08-29 18:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-01-28 18:50 - 2016-08-29 18:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2017-01-28 18:50 - 2016-08-29 18:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2017-01-28 18:50 - 2016-08-29 18:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-01-28 18:50 - 2016-08-29 18:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2017-01-28 18:50 - 2016-08-29 18:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2017-01-28 18:50 - 2016-08-29 18:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2017-01-28 18:50 - 2016-08-29 17:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2017-01-28 18:50 - 2016-07-07 18:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-01-28 18:50 - 2016-07-07 18:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2017-01-28 18:50 - 2016-07-07 18:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2017-01-28 18:50 - 2016-07-07 18:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2017-01-28 18:50 - 2016-03-09 22:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2017-01-28 18:50 - 2016-03-09 21:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll 2017-01-28 16:50 - 2017-02-02 19:52 - 00003560 _____ C:\Windows\System32\Tasks\Системное обновление Браузера Яндекс 2017-01-28 16:50 - 2017-02-02 19:52 - 00000468 _____ C:\Windows\Tasks\Системное обновление Браузера Яндекс.job 2017-01-28 16:50 - 2017-01-28 16:50 - 00000000 ____D C:\Users\Все пользователи\Yandex 2017-01-28 16:50 - 2017-01-28 16:50 - 00000000 ____D C:\ProgramData\Yandex 2017-01-28 16:50 - 2017-01-28 16:50 - 00000000 ____D C:\Program Files (x86)\Yandex 2017-01-28 16:36 - 2017-01-28 18:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\DevID 2017-01-28 16:36 - 2017-01-28 18:17 - 00000000 ____D C:\Program Files (x86)\DevID Agent 2017-01-28 16:36 - 2017-01-28 16:36 - 00001018 _____ C:\Users\admin\Desktop\DevID Agent.lnk 2017-01-28 16:36 - 2017-01-28 16:34 - 08987648 _____ C:\Users\admin\Desktop\DevID_Agent_Installer.exe 2017-01-28 15:40 - 2017-01-28 15:40 - 00000000 ____D C:\Program Files\DIFX 2017-01-28 15:36 - 2017-01-30 23:29 - 00000000 ____D C:\Users\admin\AppData\Roaming\DRPSu 2017-01-28 15:36 - 2017-01-28 15:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\DRPNano 2017-01-28 15:33 - 2017-01-28 15:29 - 00158352 _____ (Mail.Ru) C:\Users\admin\Desktop\amigo_bundle.exe 2017-01-28 15:28 - 2017-01-28 15:26 - 00941784 _____ (Carambis (ROSTPAY LTD.)) C:\Users\admin\Desktop\InstallerDU-2.4.2.9633.exe 2017-01-18 18:38 - 2017-01-25 18:19 - 00000000 ____D C:\Program Files\75amba5r 2017-01-17 20:37 - 2017-01-17 20:37 - 00000000 ____D C:\Program Files (x86)\418a3f60-7d82-4369-960a-79733d3250011484674669 2017-01-17 20:35 - 2017-02-02 17:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\phoenix.engine.v01.212711 2017-01-17 20:33 - 2017-01-17 20:33 - 00000000 ____D C:\Users\Все пользователи\Avira 2017-01-17 20:33 - 2017-01-17 20:33 - 00000000 ____D C:\Users\Все пользователи\Avg 2017-01-17 20:33 - 2017-01-17 20:33 - 00000000 ____D C:\ProgramData\Avira 2017-01-17 20:33 - 2017-01-17 20:33 - 00000000 ____D C:\ProgramData\Avg 2017-01-16 20:46 - 2017-01-16 20:46 - 00396430 _____ C:\Users\admin\Downloads\vykhodnoy_REShAAAT_33_33_33_33.pdf 2017-01-16 19:47 - 2017-01-16 20:23 - 00000000 ____D C:\Users\admin\Desktop\тд 2017-01-12 22:16 - 2017-01-12 22:20 - 00000000 ____D C:\Users\admin\Desktop\ЭКОНОМИКА 2017-01-11 22:26 - 2017-01-11 22:26 - 01411072 _____ C:\Users\admin\Downloads\resonance.ppt 2017-01-06 11:19 - 2017-01-06 11:24 - 00000000 ____D C:\Windows\system32\appmgmt 2017-01-04 22:17 - 2017-01-04 22:17 - 00935745 _____ C:\Users\admin\Downloads\эээээээ э.э., ээээээээ э.э., ээээээээ э.э., эээээээээ э.э., ээээээээ э.э. эээээээээээээээээ ээээээээээээ ээээээээээээ эээээээ эээээээээээ эээээээээээээ эээээээээээээээ ээээээ ээээээээээfile.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-02 19:52 - 2016-07-28 22:43 - 00003386 _____ C:\Windows\System32\Tasks\Обновление Браузера Яндекс 2017-02-02 19:52 - 2016-07-28 22:43 - 00000398 _____ C:\Windows\Tasks\Обновление Браузера Яндекс.job 2017-02-02 19:52 - 2015-08-18 20:18 - 00000000 __SHD C:\Users\admin\IntelGraphicsProfiles 2017-02-02 19:52 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-02 19:48 - 2015-08-18 17:44 - 00000000 ____D C:\Users\admin 2017-02-02 19:22 - 2016-11-20 20:47 - 00001562 _____ C:\Users\admin\Desktop\Войны престолов.lnk 2017-02-02 17:36 - 2015-08-18 20:18 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2017-02-02 17:33 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2017-02-02 17:28 - 2016-06-14 16:33 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-02 17:28 - 2015-08-18 20:04 - 00000000 ____D C:\Users\Все пользователи\Skype 2017-02-02 17:28 - 2015-08-18 20:04 - 00000000 ____D C:\ProgramData\Skype 2017-02-02 17:21 - 2016-05-22 23:55 - 00000000 ____D C:\Windows\Minidump 2017-02-02 17:07 - 2016-11-20 20:38 - 00000000 ____D C:\Users\admin\AppData\Local\ComDev 2017-02-02 17:04 - 2011-04-12 16:26 - 00724590 _____ C:\Windows\system32\perfh019.dat 2017-02-02 17:04 - 2011-04-12 16:26 - 00150874 _____ C:\Windows\system32\perfc019.dat 2017-02-02 17:04 - 2009-07-14 08:13 - 01648402 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-01 16:19 - 2016-03-06 17:39 - 00002541 _____ C:\Users\admin\Desktop\рр.lnk 2017-01-31 00:29 - 2016-03-06 16:31 - 00000000 ____D C:\Users\admin\AppData\Local\Mail.Ru 2017-01-31 00:29 - 2016-03-06 16:31 - 00000000 ____D C:\Program Files (x86)\Mail.Ru 2017-01-31 00:23 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF 2017-01-30 23:52 - 2015-08-18 19:18 - 00000000 ____D C:\Users\Все пользователи\AVAST Software 2017-01-30 23:52 - 2015-08-18 19:18 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-30 19:11 - 2015-08-20 01:11 - 00000000 ___SD C:\Windows\system32\GWX 2017-01-30 19:11 - 2011-04-12 16:37 - 00000000 ____D C:\Windows\ShellNew 2017-01-30 19:01 - 2015-08-19 17:24 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-01-30 19:01 - 2015-08-19 17:24 - 00000000 ____D C:\Windows\system32\MRT 2017-01-30 18:57 - 2016-03-06 17:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent 2017-01-28 18:59 - 2015-08-19 22:41 - 00000000 ___SD C:\Windows\system32\CompatTel 2017-01-28 18:59 - 2015-08-19 22:41 - 00000000 ____D C:\Windows\system32\appraiser 2017-01-28 18:59 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration 2017-01-28 18:59 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2017-01-28 18:18 - 2015-08-18 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2017-01-28 18:18 - 2015-08-18 19:21 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite 2017-01-28 10:46 - 2016-04-09 18:09 - 00000000 ____D C:\Users\Все пользователи\34BE82C4-E596-4e99-A191-52C6199EBF69 2017-01-28 10:46 - 2016-04-09 18:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2017-01-28 10:42 - 2016-08-03 17:51 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics 2017-01-25 16:43 - 2015-08-18 19:20 - 00000000 ____D C:\Users\admin\AppData\Local\Google 2017-01-18 07:05 - 2016-11-20 22:08 - 00000258 __RSH C:\Users\admin\ntuser.pol 2017-01-17 21:05 - 2016-11-20 20:41 - 00000824 __RSH C:\Users\Все пользователи\ntuser.pol 2017-01-17 21:05 - 2016-11-20 20:41 - 00000824 __RSH C:\ProgramData\ntuser.pol 2017-01-17 20:33 - 2016-04-23 14:25 - 00000000 ____D C:\Program Files (x86)\Steam 2017-01-17 20:33 - 2015-12-27 00:12 - 00000000 ____D C:\Program Files (x86)\Python26 2017-01-17 20:33 - 2015-08-18 19:24 - 00000000 ____D C:\Program Files (x86)\JetAudio 2017-01-12 22:23 - 2016-08-21 10:29 - 00000000 ____D C:\Users\admin\Desktop\учёба 2017-01-12 22:21 - 2015-10-29 11:16 - 00000000 ____D C:\Users\admin\Desktop\Новая папка (2) 2017-01-06 23:28 - 2016-04-23 14:39 - 00000000 ____D C:\Users\admin\AppData\Local\Steam 2017-01-06 11:27 - 2015-08-22 23:09 - 00000000 ____D C:\Program Files (x86)\MegaFon Internet 2017-01-06 11:24 - 2016-04-09 11:05 - 00000000 ____D C:\Users\admin\AppData\Local\Package Cache 2017-01-06 11:24 - 2016-03-06 17:35 - 00000000 ____D C:\Users\admin\AppData\Local\Yandex 2017-01-06 11:24 - 2016-03-06 17:34 - 00000000 ____D C:\Users\admin\AppData\Roaming\Yandex ==================== Files in the root of some directories ======= 2015-08-19 19:45 - 2015-08-19 19:45 - 0007605 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg 2016-03-12 20:50 - 2016-04-03 00:32 - 0000020 _____ () C:\ProgramData\event.txt ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ „ЁбЇҐвзҐа § Јаг§ЄЁ Windows -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale ru-RU inherit {globalsettings} default {current} resumeobject {ce3be23a-45be-11e5-933c-ec7dc9445e84} displayorder {current} toolsdisplayorder {memdiag} timeout 30 ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale ru-RU inherit {bootloadersettings} recoverysequence {ce3be23c-45be-11e5-933c-ec7dc9445e84} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {ce3be23a-45be-11e5-933c-ec7dc9445e84} nx OptIn ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {ce3be23c-45be-11e5-933c-ec7dc9445e84} device ramdisk=[C:]\Recovery\ce3be23c-45be-11e5-933c-ec7dc9445e84\Winre.wim,{ce3be23d-45be-11e5-933c-ec7dc9445e84} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\ce3be23c-45be-11e5-933c-ec7dc9445e84\Winre.wim,{ce3be23d-45be-11e5-933c-ec7dc9445e84} systemroot \windows nx OptIn winpe Yes ‚л室 Ё§ ०Ё¬  ЈЁЎҐа­ жЁЁ -------------------------- Ё¤Ґ­вЁдЁЄ в®а {ce3be23a-45be-11e5-933c-ec7dc9445e84} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Џа®ўҐаЄ  Ї ¬пвЁ Windows --------------------- Ё¤Ґ­вЁдЁЄ в®а {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description „Ё Ј­®бвЁЄ  Ї ¬пвЁ locale ru-RU inherit {globalsettings} badmemoryaccess Yes Џ а ¬Ґвал EMS ------------- Ё¤Ґ­вЁдЁЄ в®а {emssettings} bootems Yes Џ а ¬Ґвал ®в« ¤зЁЄ  ------------------- Ё¤Ґ­вЁдЁЄ в®а {dbgsettings} debugtype Serial debugport 1 baudrate 115200 „ҐдҐЄвл Ћ‡“ ----------- Ё¤Ґ­вЁдЁЄ в®а {badmemory} ѓ«®Ў «м­лҐ Ї а ¬Ґвал -------------------- Ё¤Ґ­вЁдЁЄ в®а {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Џ а ¬Ґвал § Јаг§зЁЄ  -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Џ а ¬Ґвал ЈЁЇҐаўЁ§®а  ------------------- Ё¤Ґ­вЁдЁЄ в®а {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Џ а ¬Ґвал § Јаг§зЁЄ  ў®ббв ­®ў«Ґ­Ёп ----------------------------------- Ё¤Ґ­вЁдЁЄ в®а {resumeloadersettings} inherit {globalsettings} Џ а ¬Ґвал гбва®©бвў ------------------- Ё¤Ґ­вЁдЁЄ в®а {ce3be23d-45be-11e5-933c-ec7dc9445e84} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\ce3be23c-45be-11e5-933c-ec7dc9445e84\boot.sdi LastRegBack: 2016-10-07 14:17 ==================== End of FRST.txt ============================