Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-08-2017 Ran by Админ (administrator) on АДМИН-ПК (15-08-2017 17:48:44) Running from C:\Users\Админ\Desktop Loaded Profiles: Админ (Available Profiles: Админ) Platform: Microsoft Windows 7 Профессиональная Service Pack 1 (X86) Language: Русский (Россия) Internet Explorer Version 11 (Default browser: Yandex Browser) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe () C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe (YANDEX LLC) C:\Program Files\Yandex\YandexBrowser\17.7.1.719\service_update.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe () C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (ООО Яндекс) C:\Program Files\Yandex\Punto Switcher\punto.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CANON INC.) C:\Windows\System32\CNAB4RPK.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [8017416 2016-10-21] (Realtek Semiconductor) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKU\S-1-5-21-2263108007-2722397969-2212713462-1001\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [315392 2007-12-07] () HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-11-01] (Microsoft Corporation) Startup: C:\Users\Админ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk [2017-08-15] ShortcutTarget: Punto Switcher.lnk -> C:\Program Files\Yandex\Punto Switcher\punto.exe (ООО Яндекс) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 78.36.171.200 212.48.193.36 Tcpip\..\Interfaces\{3A8BB3B1-760B-4D97-98A4-8604CF6E9964}: [DhcpNameServer] 78.36.171.200 212.48.193.36 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2263108007-2722397969-2212713462-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: [S-1-5-21-2263108007-2722397969-2212713462-1001] ATTENTION => Default URLSearchHook is missing Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: dc1uk5zt.default FF ProfilePath: C:\Users\Админ\AppData\Roaming\Mozilla\Firefox\Profiles\dc1uk5zt.default [2017-08-15] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\dc1uk5zt.default -> Google FF SelectedSearchEngine: Mozilla\Firefox\Profiles\dc1uk5zt.default -> Google FF Keyword.URL: Mozilla\Firefox\Profiles\dc1uk5zt.default -> hxxps://www.google.com/search?q= FF Extension: (Firefox Hotfix) - C:\Users\Админ\AppData\Roaming\Mozilla\Firefox\Profiles\dc1uk5zt.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-01] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed] S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2241992 2016-12-14] (ESET) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes) S4 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2153336 2011-12-12] () R2 ppped; C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [872448 2008-02-05] () [File not signed] S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) R2 YandexBrowserService; C:\Program Files\Yandex\YandexBrowser\17.7.1.719\service_update.exe [3589624 2017-08-07] (YANDEX LLC) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [73928 2015-03-30] (Advanced Micro Devices) R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [36040 2015-03-30] (Advanced Micro Devices) R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices) S3 BR_MCU; C:\Windows\System32\Drivers\br_mcu2usb.sys [19968 2009-12-22] (Windows (R) Win 7 DDK provider) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [113544 2017-01-17] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [91104 2017-01-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [140984 2017-01-17] (ESET) R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [62528 2017-01-17] (ESET) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [221600 2017-08-15] (Malwarebytes) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78568 2016-06-14] (Корпорация Майкрософт) S3 ute4oda4; C:\Windows\system32\Drivers\ute4oda4.sys [7168 2017-08-15] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 93B49FA857F7036A4EFF32371F6E7391 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2 C:\Windows\System32\DRIVERS\amd_sata.sys 4B3C8095DD9EBCB67F1D1A7DEDE99201 C:\Windows\System32\DRIVERS\amd_xata.sys B38C9AE266D34A18BA4C8609AD9C7B48 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys C44ACA940360C90C0274C35944AE63D3 C:\Windows\system32\drivers\appid.sys 2803361B68FFCA70D84DE3C2BEC54419 C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\system32\drivers\atikmdag.sys 712D8A95E45B070114C5309ADA7358FF C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys 28AF7D4427868B7CE4C00CAB1864C7F6 C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\Drivers\br_mcu2usb.sys 67BAA789B7216F8B2CAC097FBD92F78F C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys 56F817905DB79573D95E84DC407B1204 C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 7F7D4B16389CEF932950F6B2604D2601 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys EA9DBD76CE9254C77BAAB4339DD4C4FB C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys B7B470F163002A0D0E381EE45834BF6B C:\Windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416 C:\Windows\System32\drivers\dxgkrnl.sys 4B21D102E49E9D44C478D6766A7FCBE5 C:\Windows\System32\DRIVERS\eamonm.sys E4886DA861390319998F5ECAEB81A636 C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\edevmon.sys 73C742CF7E9AD38F2F645B238DB4107D C:\Windows\System32\DRIVERS\ehdrv.sys 1D44C037FCE6DF6EC63112416CB54B08 C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\epfwwfpr.sys 1C778B69F30B1C42E1066B41667A78AF C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fltsrv.sys 27C75AC6D6FC808D8244D9C9CEA681D1 C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys B74B0578FD1D3F897E95F2A2B69EA051 C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05 C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972 C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHDA.sys 104703916AE2A18EC126BF135F8A5FF7 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9 C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys E60EC294C18BAD5812309DCDCC5AE8E4 C:\Windows\System32\Drivers\ksecpkg.sys 58097853B579B12601CABACD5176A944 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\drivers\MBAMSwissArmy.sys B72EBB5C4727E67BAFDBC7FEA5A8D49F C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys D1BDF813C9FE5ED53134EDF360927735 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 06AC0310138E4B2C35AF7344D18BC686 C:\Windows\System32\DRIVERS\mrxsmb.sys E3DFD23D6205F839BFB946392A0CC347 C:\Windows\System32\DRIVERS\mrxsmb10.sys A81652F841CBE168E605859591424070 C:\Windows\System32\DRIVERS\mrxsmb20.sys 5FEE87B90B3778F7EAD695E700ABE7AF C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys A00996C9BFEF29A93B9F21DBE1DC502D C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\system32\Drivers\Ntfs.sys 978E7A2E4BF4E8E70D0776EF0D9E97FB C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvlddmkm.sys 3A8F9493B7D844563D7EDDF15053D3E9 C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0 C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4 C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys 0C941A3F148B4228867908F98F394461 C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6 C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rtnicxp.sys 4E20765744BFBC16F6D6E5BD5598786B C:\Windows\System32\DRIVERS\Rt86win7.sys F3547C1CE0C396BE8F2AE875E57E212F C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\snapman.sys 5583054EF09D13CA953DA1FAE287D80D C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 90FBF12A93BB60360993F690CF0ACF45 C:\Windows\System32\DRIVERS\srv2.sys 14B6849E81F75ECDCA29261F707686E8 C:\Windows\System32\DRIVERS\srvnet.sys 4589FBE14AB0E789D7BD43B04A0BB618 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys C7E41209132B9CF084CCEA8593F61328 C:\Windows\System32\DRIVERS\tcpip.sys C7E41209132B9CF084CCEA8593F61328 C:\Windows\System32\drivers\tcpipreg.sys A4BF8BE9D1F7D563C7868AC7B2561545 C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8 C:\Windows\System32\DRIVERS\tdx.sys BB8817D0508DD5EA69C770C8DEF5AB67 C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys B89F89A2308E9569A1022A50F78C5506 C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 325A69967CC7B4BFB170F5636143A94A C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041 C:\Windows\system32\drivers\usbehci.sys 5D57798CAE5A0DD0B8F61C52B8E7C3D1 C:\Windows\System32\DRIVERS\usbfilter.sys 78BA6C76EAB8AEECD43C06E0E63FAD3D C:\Windows\system32\drivers\usbhub.sys 3835ECC1E928042F92D7AA1963D40523 C:\Windows\system32\drivers\usbohci.sys 81E1E90305A4C7A13BADC5DFA22ABA37 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS 144DA53294922A84FFAA3D90B1453745 C:\Windows\system32\drivers\usbuhci.sys B4A1789BE90403D9549EF9DBAD37A429 C:\Windows\System32\DRIVERS\usb8023x.sys AF77716205C97E902E6C5B78DECE2CCA C:\Windows\system32\Drivers\ute4oda4.sys 524D8D450622DB4A7875B111C299A76B C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708 C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-15 17:48 - 2017-08-15 17:49 - 000024006 _____ C:\Users\Админ\Desktop\FRST.txt 2017-08-15 17:48 - 2017-08-15 17:48 - 000000000 ____D C:\FRST 2017-08-15 17:47 - 2017-08-15 17:47 - 001792000 _____ (Farbar) C:\Users\Админ\Downloads\FRST.exe 2017-08-15 17:47 - 2017-08-15 17:47 - 001792000 _____ (Farbar) C:\Users\Админ\Desktop\FRST.exe 2017-08-15 17:45 - 2017-08-15 17:45 - 000003122 _____ C:\Users\Админ\Desktop\AdwCleaner[C0].txt 2017-08-15 17:41 - 2017-08-15 17:41 - 000003358 _____ C:\Users\Админ\Desktop\AdwCleaner[S1].txt 2017-08-15 17:33 - 2017-08-15 17:44 - 000000000 ____D C:\AdwCleaner 2017-08-15 17:33 - 2017-08-15 17:33 - 008185288 _____ (Malwarebytes) C:\Users\Админ\Downloads\adwcleaner_7.0.1.0.exe 2017-08-15 17:33 - 2017-08-15 17:33 - 008185288 _____ (Malwarebytes) C:\Users\Админ\Desktop\adwcleaner_7.0.1.0.exe 2017-08-15 16:35 - 2017-08-15 16:35 - 000024159 _____ C:\Users\Админ\Desktop\Malwarebytes.результаты.txt 2017-08-15 16:28 - 2017-08-15 17:45 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-08-15 16:28 - 2017-08-15 16:28 - 000162240 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-08-15 16:28 - 2017-08-15 16:28 - 000085400 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-08-15 16:28 - 2017-08-15 16:28 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-08-15 16:28 - 2017-08-15 16:28 - 000040352 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-08-15 16:28 - 2017-08-15 16:28 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-08-15 16:28 - 2017-08-15 16:28 - 000000000 ____D C:\Users\Все пользователи\Malwarebytes 2017-08-15 16:28 - 2017-08-15 16:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-08-15 16:28 - 2017-08-15 16:28 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-15 16:28 - 2017-08-15 16:28 - 000000000 ____D C:\Program Files\Malwarebytes 2017-08-15 16:28 - 2017-06-27 12:06 - 000059936 _____ C:\Windows\system32\Drivers\mbae.sys 2017-08-15 16:27 - 2017-08-15 16:26 - 065033984 _____ (Malwarebytes ) C:\Users\Админ\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe 2017-08-15 16:26 - 2017-08-15 16:27 - 000000000 ____D C:\Users\Админ\Desktop\uvs_latest 2017-08-15 16:26 - 2017-08-15 16:26 - 000000000 ____D C:\Users\Админ\Desktop\avz4 2017-08-15 16:26 - 2017-08-15 16:26 - 000000000 ____D C:\Users\Админ\Desktop\aida64extreme592 2017-08-15 16:25 - 2017-08-15 16:26 - 065033984 _____ (Malwarebytes ) C:\Users\Админ\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe 2017-08-15 16:15 - 2017-08-15 16:15 - 000000000 ____R C:\Windows\perfc 2017-08-15 16:14 - 2017-02-11 18:50 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-08-15 16:14 - 2017-02-11 18:50 - 000311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2017-08-15 16:14 - 2017-02-11 18:50 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2017-08-15 16:14 - 2017-02-10 19:17 - 000628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2017-08-15 16:14 - 2017-02-10 19:17 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2017-08-15 16:14 - 2017-02-10 17:33 - 001251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-08-15 16:14 - 2017-02-10 17:33 - 000909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-08-15 16:14 - 2017-02-09 19:19 - 004000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2017-08-15 16:14 - 2017-02-09 19:19 - 003945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-08-15 16:14 - 2017-02-09 19:19 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-08-15 16:14 - 2017-02-09 19:19 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-08-15 16:14 - 2017-02-09 19:16 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-08-15 16:14 - 2017-02-09 19:14 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2017-08-15 16:14 - 2017-02-09 18:53 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2017-08-15 16:14 - 2017-02-09 18:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2017-08-15 16:14 - 2017-02-09 18:53 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-08-15 16:14 - 2017-02-09 18:53 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2017-08-15 16:14 - 2017-02-09 18:53 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2017-08-15 16:14 - 2017-02-09 18:52 - 002400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-08-15 16:14 - 2017-02-09 18:51 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2017-08-15 16:14 - 2017-02-09 18:51 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll 2017-08-15 16:14 - 2017-02-09 18:49 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-08-15 16:14 - 2017-02-09 18:49 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-08-15 16:14 - 2017-02-09 18:49 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-08-15 16:14 - 2017-02-09 18:49 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2017-08-15 16:14 - 2017-02-09 18:49 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-08-15 16:14 - 2017-02-09 18:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-08-15 16:14 - 2017-02-09 18:49 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-08-15 16:14 - 2017-02-06 19:03 - 000497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2017-08-15 16:14 - 2017-01-13 20:45 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2017-08-15 16:14 - 2017-01-13 20:45 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2017-08-15 16:14 - 2017-01-11 20:43 - 001241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2017-08-15 16:14 - 2017-01-11 20:43 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2017-08-15 16:14 - 2017-01-06 20:44 - 001329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2017-08-15 16:14 - 2016-11-20 17:07 - 000373896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-08-15 16:14 - 2016-10-08 16:05 - 000534600 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2017-08-15 15:33 - 2017-08-15 15:33 - 000286865 _____ C:\Users\Админ\Desktop\SysInspector-АДМИН-ПК-170815-153007.zip 2017-08-15 15:05 - 2017-08-15 15:05 - 000484953 _____ C:\Users\Админ\Desktop\АДМИН-ПК_2017-08-15_15-01-35.7z 2017-08-15 14:59 - 2017-08-15 16:22 - 000000000 ____D C:\Users\Админ\Downloads\uvs_latest 2017-08-15 14:58 - 2017-08-15 14:59 - 003391308 _____ C:\Users\Админ\Downloads\uvs_latest.zip 2017-08-15 14:58 - 2017-08-15 14:40 - 000036306 _____ C:\Users\Админ\Desktop\virusinfo_syscure.zip 2017-08-15 14:57 - 2017-08-15 14:57 - 000045932 _____ C:\Users\Админ\Desktop\система.txt 2017-08-15 14:57 - 2017-08-15 14:57 - 000000000 ____D C:\Users\Админ\Documents\AIDA64 Reports 2017-08-15 14:47 - 2017-08-15 14:48 - 000000000 ____D C:\Users\Админ\Downloads\aida64extreme592 2017-08-15 14:46 - 2017-08-15 14:47 - 052931944 _____ C:\Users\Админ\Downloads\aida64extreme592.zip 2017-08-15 14:38 - 2017-08-15 14:38 - 000007168 _____ C:\Windows\system32\Drivers\ute4oda4.sys 2017-08-15 14:37 - 2017-08-15 14:37 - 000000000 ____D C:\Users\Админ\Downloads\avz4 2017-08-15 14:36 - 2017-08-15 14:36 - 010112832 _____ C:\Users\Админ\Downloads\avz4.zip 2017-08-14 10:06 - 2017-08-14 10:06 - 001204208 _____ (Adobe Systems Incorporated) C:\Users\Админ\Downloads\flashplayer26au_ha_install.exe 2017-08-13 11:57 - 2017-08-15 16:17 - 000295424 _____ C:\Windows\system32\FNTCACHE.DAT 2017-08-13 11:57 - 2017-08-13 11:57 - 000064784 _____ C:\Users\Админ\AppData\Local\GDIPFONTCACHEV1.DAT 2017-08-12 15:03 - 2017-08-12 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Яндекс 2017-08-12 15:02 - 2017-08-12 15:02 - 004262760 _____ (Microsoft Corporation) C:\Users\Админ\Downloads\PuntoSwitcherSetup.exe 2017-08-12 14:59 - 2017-08-12 14:59 - 000001069 _____ C:\Users\Админ\Downloads\MCM.zip 2017-08-08 07:32 - 2017-08-08 07:32 - 000588721 _____ C:\Users\Админ\Downloads\document_072017.pdf 2017-08-04 17:28 - 2017-08-04 17:28 - 000000000 ____D C:\Users\Админ\AppData\Local\Freelancer 2017-08-04 17:27 - 2017-08-04 17:27 - 000000000 ____D C:\Users\Админ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2017-08-03 23:01 - 2017-08-03 23:02 - 000000000 ____D C:\Users\Все пользователи\360Quarant 2017-08-03 23:01 - 2017-08-03 23:02 - 000000000 ____D C:\ProgramData\360Quarant 2017-08-03 23:01 - 2017-08-03 23:01 - 000000000 ____D C:\Windows\Tasks\360Disabled 2017-08-03 22:47 - 2017-08-03 22:49 - 072408680 _____ C:\Users\Админ\Downloads\360TS_Setup_9.2.0.1090.exe 2017-08-03 19:22 - 2017-08-03 19:22 - 000000000 ____D C:\Users\Админ\DoctorWeb 2017-07-30 18:22 - 2017-08-01 23:46 - 000000000 ____D C:\Windows\Minidump 2017-07-26 16:51 - 2017-08-08 19:22 - 000000000 ____D C:\Users\Админ\Desktop\Практика ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-15 17:46 - 2016-11-23 21:48 - 000000000 ____D C:\Users\Админ\AppData\LocalLow\Mozilla 2017-08-15 17:45 - 2016-11-01 08:45 - 000000000 ____D C:\Program Files\CyberPower PowerPanel Personal Edition 2017-08-15 17:45 - 2016-10-31 20:40 - 000000454 _____ C:\Windows\Tasks\Системное обновление Браузера Яндекс.job 2017-08-15 17:45 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-15 17:39 - 2009-07-14 07:34 - 000018944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-15 17:39 - 2009-07-14 07:34 - 000018944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-15 16:49 - 2016-10-31 20:48 - 000002436 _____ C:\Users\Админ\Desktop\Yandex.lnk 2017-08-15 16:25 - 2010-05-31 19:47 - 001647438 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-15 16:25 - 2009-07-14 11:41 - 000723936 _____ C:\Windows\system32\perfh019.dat 2017-08-15 16:25 - 2009-07-14 11:41 - 000150252 _____ C:\Windows\system32\perfc019.dat 2017-08-15 16:25 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf 2017-08-15 16:22 - 2016-10-31 21:38 - 000000000 ____D C:\Users\Админ\AppData\LocalLow\Temp 2017-08-15 16:16 - 2009-07-14 07:52 - 000000000 ____D C:\Program Files\DVD Maker 2017-08-12 22:55 - 2016-10-31 22:02 - 000000000 ____D C:\Users\Админ\AppData\Roaming\Media Player Classic 2017-08-12 15:03 - 2016-10-31 20:39 - 000000000 ____D C:\Users\Все пользователи\Yandex 2017-08-12 15:03 - 2016-10-31 20:39 - 000000000 ____D C:\Users\Админ\AppData\Roaming\Yandex 2017-08-12 15:03 - 2016-10-31 20:39 - 000000000 ____D C:\ProgramData\Yandex 2017-08-12 15:03 - 2016-10-31 20:39 - 000000000 ____D C:\Program Files\Yandex 2017-08-04 18:16 - 2016-12-24 20:40 - 000000000 ____D C:\Users\Админ\Documents\My Games 2017-08-03 23:36 - 2009-07-31 11:18 - 000000000 ____D C:\Windows\Panther 2017-08-03 23:01 - 2009-07-14 05:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2017-08-03 22:51 - 2016-10-31 21:51 - 000000000 ____D C:\Program Files\Common Files\AV 2017-08-03 19:22 - 2016-10-31 19:39 - 000000000 ____D C:\Users\Админ 2017-08-01 23:46 - 2016-11-13 15:36 - 000000000 ____D C:\Users\Админ\AppData\Local\CrashDumps 2017-08-01 10:29 - 2016-11-05 13:31 - 000000000 ____D C:\Users\Админ\AppData\Roaming\foobar2000 2017-07-27 12:56 - 2017-03-18 18:03 - 000000000 ____D C:\Users\Админ\AppData\Roaming\uTorrent 2017-07-26 16:51 - 2016-12-24 19:57 - 000000000 ____D C:\Program Files\Common Files\Steam ==================== Files in the root of some directories ======= 2016-10-31 20:19 - 2016-10-31 20:19 - 000000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== 2017-08-09 15:43 - 2017-08-09 15:43 - 057060856 _____ (YANDEX LLC) C:\Users\Админ\AppData\Local\Temp\Setup-yabrowser.exe 2017-08-15 16:48 - 2017-08-01 13:01 - 000501032 _____ (Yandex LLC) C:\Users\Админ\AppData\Local\Temp\yupdate-exec-yabrowser.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ „ЁбЇҐвзҐа § Јаг§ЄЁ Windows -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootmgr} device partition=C: description Windows Boot Manager locale ru-RU inherit {globalsettings} default {current} resumeobject {ca50b793-9f87-11e6-8fe2-c82e0495d354} displayorder {current} toolsdisplayorder {memdiag} timeout 30 ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale ru-RU inherit {bootloadersettings} recoverysequence {ca50b795-9f87-11e6-8fe2-c82e0495d354} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {ca50b793-9f87-11e6-8fe2-c82e0495d354} nx OptIn ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {ca50b795-9f87-11e6-8fe2-c82e0495d354} device ramdisk=[C:]\Recovery\ca50b795-9f87-11e6-8fe2-c82e0495d354\Winre.wim,{ca50b796-9f87-11e6-8fe2-c82e0495d354} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\ca50b795-9f87-11e6-8fe2-c82e0495d354\Winre.wim,{ca50b796-9f87-11e6-8fe2-c82e0495d354} systemroot \windows nx OptIn winpe Yes ‚л室 Ё§ ०Ё¬  ЈЁЎҐа­ жЁЁ -------------------------- Ё¤Ґ­вЁдЁЄ в®а {ca50b793-9f87-11e6-8fe2-c82e0495d354} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Џа®ўҐаЄ  Ї ¬пвЁ Windows --------------------- Ё¤Ґ­вЁдЁЄ в®а {memdiag} device partition=C: path \boot\memtest.exe description „Ё Ј­®бвЁЄ  Ї ¬пвЁ locale ru-RU inherit {globalsettings} badmemoryaccess Yes Џ а ¬Ґвал EMS ------------- Ё¤Ґ­вЁдЁЄ в®а {emssettings} bootems Yes Џ а ¬Ґвал ®в« ¤зЁЄ  ------------------- Ё¤Ґ­вЁдЁЄ в®а {dbgsettings} debugtype Serial debugport 1 baudrate 115200 „ҐдҐЄвл Ћ‡“ ----------- Ё¤Ґ­вЁдЁЄ в®а {badmemory} ѓ«®Ў «м­лҐ Ї а ¬Ґвал -------------------- Ё¤Ґ­вЁдЁЄ в®а {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Џ а ¬Ґвал § Јаг§зЁЄ  -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Џ а ¬Ґвал ЈЁЇҐаўЁ§®а  ------------------- Ё¤Ґ­вЁдЁЄ в®а {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Џ а ¬Ґвал § Јаг§зЁЄ  ў®ббв ­®ў«Ґ­Ёп ----------------------------------- Ё¤Ґ­вЁдЁЄ в®а {resumeloadersettings} inherit {globalsettings} Џ а ¬Ґвал гбва®©бвў ------------------- Ё¤Ґ­вЁдЁЄ в®а {ca50b796-9f87-11e6-8fe2-c82e0495d354} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\ca50b795-9f87-11e6-8fe2-c82e0495d354\boot.sdi LastRegBack: 2017-08-01 08:25 ==================== End of FRST.txt ============================