Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12.02.2018 Ran by Иоанне (administrator) on ИОАННЕ-ПК (15-02-2018 20:50:20) Running from C:\Users\Иоанне\Desktop\Артем Loaded Profiles: Иоанне (Available Profiles: Иоанне) Platform: Microsoft Windows 7 Максимальная Service Pack 1 (X86) Language: Русский (Россия) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\RavMonD.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE () C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe (Realtek) C:\Program Files\REALTEK\USB Wireless LAN Utility\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe () C:\Windows\runSW.exe (Realtek) C:\Windows\SwUSB.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\RsTray.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\popwndexe.exe (Disc Soft Ltd) D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RavTRAY] => C:\Program Files\Rising\RAV\RSTRAY.EXE [178840 2011-09-08] (Beijing Rising Information Technology Co., Ltd.) HKU\S-1-5-21-3206890389-4226326889-683743756-1000\...\Run: [Viber] => C:\Users\Иоанне\AppData\Local\Viber\Viber.exe [776400 2015-02-25] () HKU\S-1-5-21-3206890389-4226326889-683743756-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7347928 2017-02-08] (Piriform Ltd) HKU\S-1-5-21-3206890389-4226326889-683743756-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [4556048 2015-02-27] (Disc Soft Ltd) BootExecute: autocheck autochk * bsmain ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.8.17 192.168.8.16 8.8.8.8 192.168.1.1 Tcpip\Parameters: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{20C8FDE2-71FF-426F-A45D-51C7A6FF6B2E}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{54B23E1C-3790-44B5-AAB3-3590C308C1FD}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{7D2789E6-79E7-4185-ACD7-3EA5C1AA9631}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{A8FE8DB1-7826-4989-AC2E-BB743F7DC2A1}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{A8FE8DB1-7826-4989-AC2E-BB743F7DC2A1}: [DhcpNameServer] 192.168.8.17 192.168.8.16 8.8.8.8 192.168.1.1 Tcpip\..\Interfaces\{BDA7C7A0-1537-4E04-ACA6-563B800FCEAC}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{C95375FB-D9B6-4085-BBBE-8F31D57B600D}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{D8211CAC-A0DC-4E90-957A-1DEDBF5D3E6E}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{DA4A4094-FF72-4B0A-ABEE-17554C1C77BF}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{DF210F57-0832-484F-85A3-B5D3D6AD2D95}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{E2E8203A-0F69-4E54-875F-9B124FCCC4A8}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{E9447770-CE6A-41FD-AA70-C465CB78347F}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{E9447770-CE6A-41FD-AA70-C465CB78347F}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{F3FC3139-0915-45AF-BE66-6824FB20D65F}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{F463534D-3530-4D44-A91A-3EA14102C5B7}: [NameServer] 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130857619385452546&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://GO.MICROSOFT.COM/FWLINK/?LINKID=54896 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ABOUT:BLANK HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://WWW.MICROSOFT.COM/ISAPI/REDIR.DLL?PRD=IE&AR=IESEARCH SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-3206890389-4226326889-683743756-1000 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2261463 SearchScopes: HKU\S-1-5-21-3206890389-4226326889-683743756-1000 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2261463 SearchScopes: HKU\S-1-5-21-3206890389-4226326889-683743756-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3206890389-4226326889-683743756-1000 -> No Name - {2F320345-AB10-4DE8-A7A5-48C0EB2F1D87} - No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: 25fz861q.default FF ProfilePath: C:\Users\Иоанне\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2018-02-15] FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://www.vtcdirect.ru/764/welcome_homepage/index.php?id=HY FF ProfilePath: C:\Users\Иоанне\AppData\Roaming\Profiles\25fz861q.default [2016-06-04] <==== ATTENTION FF user.js: detected! => C:\Users\Иоанне\AppData\Roaming\Profiles\25fz861q.default\user.js [2015-05-29] FF Homepage: Profiles\25fz861q.default -> hxxp://mail.ru/cnt/10445?gp=820521 FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Иоанне\AppData\Roaming\Profiles\25fz861q.default\Extensions\homepage@mail.ru [2016-06-04] [Legacy] FF Extension: (Поиск@Mail.Ru) - C:\Users\Иоанне\AppData\Roaming\Profiles\25fz861q.default\Extensions\search@mail.ru [2016-06-04] [Legacy] FF Extension: (eShield) - C:\Users\Иоанне\AppData\Roaming\Profiles\25fz861q.default\Extensions\toolbar11433@eshield.com [2016-06-04] [Legacy] [not signed] FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Иоанне\AppData\Roaming\Profiles\25fz861q.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-06-04] [Legacy] FF SearchPlugin: C:\Users\Иоанне\AppData\Roaming\Profiles\25fz861q.default\searchplugins\mailru.xml [2016-06-04] FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2010-05-21] (Foxit Software Company) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-08] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-08] (Google Inc.) FF Plugin HKU\S-1-5-21-3206890389-4226326889-683743756-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Иоанне\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: ChromeDefaultData CHR HomePage: ChromeDefaultData -> mail.ru CHR DefaultSearchURL: ChromeDefaultData -> hxxp://go.mail.ru/search?q={searchTerms}&fr=chxtn7.0.25__PARAM__ CHR DefaultSearchKeyword: ChromeDefaultData -> mail.ru CHR DefaultSuggestURL: ChromeDefaultData -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms} CHR Profile: C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-02-14] <==== ATTENTION CHR Extension: (Презентации) - C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-08] CHR Extension: (Документы) - C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-08] CHR Extension: (Диск Google) - C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-31] CHR Extension: (YouTube) - C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-31] CHR Extension: (Поиск Google) - C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-31] CHR Extension: (Таблицы) - C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-08] CHR Extension: (Google Документы офлайн) - C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31] CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-08] CHR Extension: (Gmail) - C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-31] CHR Extension: (Chrome Media Router) - C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-08] CHR Extension: (Пульс) - C:\Users\Иоанне\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pmpoaahleccaibbhfjfimigepmfmmbbk [2018-02-08] Opera: ======= OPR Extension: (GoCoupons) - C:\Users\Иоанне\AppData\Roaming\Opera Software\Opera Stable\Extensions\iphglenhdgpefcgkmfjnijkmpinninac [2017-03-24] OPR Extension: (AliTools) - C:\Users\Иоанне\AppData\Roaming\Opera Software\Opera Stable\Extensions\nkekkheibgkgeepapinkalkongndfajn [2018-02-09] OPR Extension: (SaveFrom.net помощник) - C:\Users\Иоанне\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2018-02-10] OPR Extension: (Adblock Plus) - C:\Users\Иоанне\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-02-08] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 ABBYY.Licensing.Lingvo.Desktop.15.0; C:\Program Files\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe [816512 2012-10-11] (ABBYY) S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт) R3 Disc Soft Lite Bus Service; D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-27] (Disc Soft Ltd) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes) R2 NativeDesktopMediaService; C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe [1226752 2018-02-05] () [File not signed] R2 RealtekWlanU; C:\Program Files\REALTEK\USB Wireless LAN Utility\RtlService.exe [48856 2014-05-19] (Realtek) R2 RsMgrSvc; C:\Program Files\Rising\RSD\RsMgrSvc.exe [220952 2017-01-12] (Beijing Rising Information Technology Co., Ltd.) R2 RsRavMon; C:\Program Files\Rising\RAV\RavMonD.exe [266240 2015-05-11] (Beijing Rising Information Technology Co., Ltd.) S2 RTLDHCPService; C:\Program Files\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-04-23] (Realtek) R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] () R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-09-19] (TuneUp Software) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-04-25] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2018-02-08] (Disc Soft Ltd) R1 hooksys; C:\Windows\system32\drivers\Hooksys.sys [176088 2015-05-11] (Beijing Rising Information Technology Co., Ltd.) R1 HookTdi; C:\Windows\system32\drivers\HookTdi.sys [24280 2015-05-11] (Beijing Rising Information Technology Co., Ltd.) R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [32568 2015-05-11] (Beijing Rising Information Technology Co., Ltd.) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78568 2017-05-07] (Корпорация Майкрософт) R2 rsdsys; C:\Windows\system32\drivers\protreg.sys [24120 2015-05-11] (Beijing Rising Information Technology Co., Ltd.) S3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [375808 2010-01-07] (Realtek Semiconductor Corporation ) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3127000 2015-04-16] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [323736 2018-02-03] (Duplex Secure Ltd.) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software) R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [296680 2017-07-07] (Корпорация Майкрософт) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys F582FC7976F1248AC5FBD6875C626B41 C:\Windows\System32\DRIVERS\AGRSM.sys 7E10E3BB9B258AD8A9300F91214D67B9 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2 C:\Windows\system32\drivers\appid.sys 20D93E913BBE39E50BB10CC7BA651910 C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys 28AF7D4427868B7CE4C00CAB1864C7F6 C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\BthEnum.sys ==> MD5 is legit C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\system32\drivers\bthpan.sys F6AA1FE6ECB2C175E9BA14D30C739FD3 C:\Windows\System32\Drivers\BTHport.sys 1153DE2E4F5941E10C399CB5592F78A1 C:\Windows\System32\Drivers\BTHUSB.sys C81E9413A25A439F436B1D4B6A0CF9E9 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys 000B58009E5D0962C0A71D6477029A3F C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 7F7D4B16389CEF932950F6B2604D2601 C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys EA9DBD76CE9254C77BAAB4339DD4C4FB C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys B7B470F163002A0D0E381EE45834BF6B C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E C:\Windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416 C:\Windows\System32\DRIVERS\dtlitescsibus.sys 4F3D9183A9A4203ED29F7AE1D0B55923 C:\Windows\System32\drivers\dxgkrnl.sys 897AE9430D037B056CF76A49CF588542 C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\system32\Drivers\exfat.sys 53E8732CC70CC0991839DF9FC8996E4A C:\Windows\system32\Drivers\fastfat.sys 24F422E5D7517FEBDA2324116F1A7BE6 C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05 C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972 C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\Hooksys.sys 7FF85D48DECBA56B8C464BB7120EC0BC C:\Windows\system32\drivers\HookTdi.sys 1B3F2AD8A09E76F47188C6B09141C620 C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys 2F50E2780F16E00369F1311B086C3E42 C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\hvm.sys 95CE9539B87C6DC2CDD2600D1B1DDF25 C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E C:\Windows\System32\DRIVERS\igdkmd32.sys AD626F6964F4D364D226C39E06872DD3 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys AD7A45E1A91028B0005EDDE9112D9357 C:\Windows\System32\Drivers\ksecpkg.sys D598526763D02DE0FB14FF148933F5BC C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys 4BA509FEF4DB0B683C46821ACDF20B9E C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys 9664F55623B43FD85D5642A202976AEE C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 06AC0310138E4B2C35AF7344D18BC686 C:\Windows\System32\DRIVERS\mrxsmb.sys CED9A2CB76D01C817B067DEF638AA26D C:\Windows\System32\DRIVERS\mrxsmb10.sys 7063F786FEEB116B1E0CCE8FD4D2DCC8 C:\Windows\System32\DRIVERS\mrxsmb20.sys 2A325EC0931F389944A1C012DC6EB23F C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys E7EB93F16956C1BE56CB9B865802F696 C:\Windows\System32\DRIVERS\nwifi.sys 5F2B9CD280C48A8015AD70FCF4DFB758 C:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys 2E226E666C6E11DC8C850071A90BE2DC C:\Windows\System32\DRIVERS\netr28.sys 652881F65B35564575255A0E05E23C55 C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys C68AA651F93450ECA51A60D45A8E266C C:\Windows\system32\Drivers\Ntfs.sys F2CBF48566BB13240D39543F445460F9 C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0 C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4 C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys 0C941A3F148B4228867908F98F394461 C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys 856D4FDA0F2FACEDD68ED8B6C52BCA14 C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6 C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321 C:\Windows\system32\drivers\protreg.sys 1A16B46FAE0E4443927FABC89432F708 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt86win7.sys 7DFD48E24479B68B258D8770121155A0 C:\Windows\System32\DRIVERS\rtl8187.sys 325590E7E9587459643BA24D2CF73BF2 C:\Windows\System32\DRIVERS\rtwlanu.sys 57E0293C27AF90306B5451F71AD32200 C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\sptd.sys B52CEF4A1D6FC9A035A629E5A01FB679 C:\Windows\System32\DRIVERS\srv.sys 381C074173702C92080AAD489F1EC6DC C:\Windows\System32\DRIVERS\srv2.sys FC411046A1391AE7206DD513061C6FDF C:\Windows\System32\DRIVERS\srvnet.sys 765C4FFF0E69F7466411C7EC3724188A C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\system32\drivers\Synth3dVsc.sys F2AD8960812FD111E20E84659EF19D43 C:\Windows\System32\drivers\tcpip.sys C25848DB4A86839A7EDD1077F62AD980 C:\Windows\System32\DRIVERS\tcpip.sys C25848DB4A86839A7EDD1077F62AD980 C:\Windows\System32\drivers\tcpipreg.sys A4BF8BE9D1F7D563C7868AC7B2561545 C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8 C:\Windows\System32\DRIVERS\tdx.sys 8F143F86FDD8CF4F7BD25973C5983F9D C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\system32\drivers\terminpt.sys E951866BAC5A23403F62A349EDBB6EEB C:\Windows\System32\DRIVERS\tssecsrv.sys 6841C85446F906E4584D43A70484E318 C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463 C:\Windows\system32\drivers\TsUsbGD.sys 7E6E0797EB91F1D63641058416044313 C:\Windows\system32\drivers\tsusbhub.sys 045ACB987C650D8186C6B4A692223860 C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys 94C4CD2D19B8C4137A46261F229FEC24 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 87632869F4350B7CE711B356B1936B2B C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041 C:\Windows\system32\drivers\usbehci.sys EF8127E7E612694F4E8FFDA37D9D00E4 C:\Windows\system32\drivers\usbhub.sys 711E9F7CA6F9A2351F4F97F31004E589 C:\Windows\system32\drivers\usbohci.sys 831F708F06CD5BF3933FBDFB388C606D C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS 144DA53294922A84FFAA3D90B1453745 C:\Windows\system32\drivers\usbuhci.sys 89BDF895EB76E3EC1C02EEF5AA18928D C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys 21D83DD717E8D681364A5E44A5459717 C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7 C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882 C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708 C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-15 20:36 - 2018-02-15 20:50 - 000000000 ____D C:\FRST 2018-02-15 20:29 - 2018-02-15 20:42 - 000000000 ____D C:\AdwCleaner 2018-02-15 18:28 - 2018-02-15 18:28 - 000002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-02-15 18:28 - 2018-02-15 18:28 - 000000000 ____D C:\Users\Все пользователи\Malwarebytes 2018-02-15 18:28 - 2018-02-15 18:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-02-15 18:28 - 2018-02-15 18:28 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-02-15 18:28 - 2018-02-15 18:28 - 000000000 ____D C:\Program Files\Malwarebytes 2018-02-15 18:28 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys 2018-02-15 17:32 - 2018-02-15 20:50 - 000000000 ____D C:\Users\Иоанне\Desktop\Артем 2018-02-15 17:29 - 2018-02-15 18:24 - 000000000 ____D C:\Users\Иоанне\Downloads\uvs_v400 2018-02-15 17:28 - 2018-02-15 17:28 - 002973143 _____ C:\Users\Иоанне\Downloads\uvs_v400.zip 2018-02-15 12:37 - 2018-02-15 12:37 - 000033484 _____ C:\Users\Иоанне\Downloads\9508-latinoamerikanskie.torrent 2018-02-14 11:48 - 2018-01-22 02:42 - 000117480 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-02-14 11:48 - 2018-01-22 02:20 - 000533504 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2018-02-14 11:48 - 2018-01-19 17:05 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2018-02-14 11:48 - 2018-01-19 17:05 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2018-02-14 11:48 - 2018-01-19 17:05 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2018-02-14 11:48 - 2018-01-19 17:05 - 000508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2018-02-14 11:48 - 2018-01-19 17:05 - 000337920 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2018-02-14 11:48 - 2018-01-19 17:05 - 000311808 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2018-02-14 11:48 - 2018-01-19 17:05 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2018-02-14 11:48 - 2018-01-19 17:05 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2018-02-13 14:55 - 2018-02-13 14:55 - 000110080 _____ C:\Users\Иоанне\AppData\Local\GDIPFONTCACHEV1.DAT 2018-02-11 20:46 - 2018-02-11 20:46 - 000410120 _____ C:\Windows\system32\FNTCACHE.DAT 2018-02-08 22:06 - 2018-02-15 12:39 - 000000000 ____D C:\Users\Иоанне\AppData\LocalLow\uTorrent 2018-02-08 19:57 - 2018-02-08 19:57 - 000000000 ____D C:\Users\Иоанне\AppData\Roaming\IsolatedStorage 2018-02-08 19:57 - 2018-02-08 19:57 - 000000000 ____D C:\Users\Все пользователи\IsolatedStorage 2018-02-08 19:57 - 2018-02-08 19:57 - 000000000 ____D C:\ProgramData\IsolatedStorage 2018-02-08 19:56 - 2018-02-08 20:02 - 000000000 ____D C:\Users\Иоанне\AppData\Local\IIIQF 2018-02-08 19:55 - 2018-02-08 19:55 - 001838144 _____ (Solvusoft) C:\Users\Иоанне\Desktop\Setup_FileViewPro_2016.exe 2018-02-08 19:55 - 2018-02-08 19:55 - 000000000 ____D C:\Spacekace 2018-02-08 19:51 - 2018-02-08 19:51 - 000000339 _____ C:\Users\Иоанне\Downloads\Marine_Recruitment_Newsletter.vcf 2018-02-08 17:00 - 2018-02-15 18:25 - 000000000 ____D C:\Users\Иоанне\AppData\Local\E4E90000-5671-513C-002D-640982731053 2018-02-08 17:00 - 2018-02-08 17:00 - 000000000 ____D C:\Program Files\Jetmedia 2018-02-08 16:59 - 2018-02-08 16:59 - 000000000 ____D C:\Users\Иоанне\AppData\Roaming\Jetmedia 2018-02-08 16:39 - 2018-02-08 16:39 - 000000000 ____D C:\Users\Все пользователи\Doctor Web 2018-02-08 16:39 - 2018-02-08 16:39 - 000000000 ____D C:\ProgramData\Doctor Web 2018-02-08 16:37 - 2018-02-08 16:38 - 165358440 _____ C:\Users\Иоанне\Desktop\3pzar80y.exe 2018-02-08 16:27 - 2018-02-08 16:27 - 000000000 ____D C:\Users\Иоанне\AppData\Roaming\Google 2018-02-08 16:17 - 2018-02-08 16:17 - 000002238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-08 16:17 - 2018-02-08 16:17 - 000002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-02-08 15:35 - 1998-09-02 11:28 - 000155408 _____ (Microsoft Corporation) C:\Windows\system32\LMRT.dll 2018-02-08 15:35 - 1998-09-02 11:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\unam4ie.exe 2018-02-08 15:35 - 1998-09-02 11:28 - 000038160 _____ (Microsoft Corporation) C:\Windows\system32\LMRTREND.dll 2018-02-08 15:35 - 1998-08-27 07:51 - 000182032 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft3.dll 2018-02-08 15:35 - 1998-08-20 14:02 - 000140800 _____ (The Duck Corporation) C:\Windows\system32\tm20dec.ax 2018-02-08 15:35 - 1998-08-20 13:38 - 000217984 _____ (Microsoft Corporation) C:\Windows\system32\strmdll.dll 2018-02-08 15:34 - 2018-02-08 15:34 - 000004608 _____ (Microsoft Corporation) C:\Windows\system32\w95inf32.dll 2018-02-08 15:34 - 2018-02-08 15:34 - 000002272 _____ (Microsoft Corporation) C:\Windows\system32\w95inf16.dll 2018-02-08 15:34 - 2018-02-08 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Серия Tell me More 2018-02-08 15:34 - 1998-09-02 11:28 - 001088272 _____ (Microsoft Corporation) C:\Windows\system32\danim.dll 2018-02-08 15:34 - 1998-09-02 11:02 - 000194320 _____ (Microsoft Corporation) C:\Windows\system32\qcut.dll 2018-02-08 15:34 - 1998-08-17 12:21 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\mciqtz.drv 2018-02-08 15:34 - 1998-08-17 12:21 - 000010240 _____ C:\Windows\system32\vidx16.dll 2018-02-08 15:34 - 1998-08-17 12:21 - 000005672 _____ C:\Windows\system32\quartz.vxd 2018-02-08 15:33 - 2018-02-08 15:35 - 000000066 _____ C:\Windows\err.txt 2018-02-08 15:30 - 2018-02-10 18:51 - 000000000 ____D C:\Users\Иоанне\AppData\Roaming\DAEMON Tools Lite 2018-02-08 15:30 - 2018-02-08 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2018-02-08 15:30 - 2018-02-08 15:30 - 000025104 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2018-02-08 15:30 - 2018-02-08 15:30 - 000000815 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2018-02-08 15:29 - 2018-02-08 15:29 - 000000000 ____D C:\Users\Все пользователи\DAEMON Tools Lite 2018-02-08 15:29 - 2018-02-08 15:29 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite 2018-02-08 15:28 - 2018-02-08 15:29 - 013146016 _____ (Disc Soft Ltd) C:\Users\Иоанне\Desktop\daemon-tools-5-0-1-multi-win.exe 2018-02-07 19:36 - 2018-02-13 14:57 - 000000000 ____D C:\Users\Иоанне\Desktop\Новая папка (2) 2018-02-06 22:39 - 2018-02-06 22:39 - 000000000 ____D C:\Users\Иоанне\Downloads\file (1) 2018-02-06 22:37 - 2018-02-06 22:37 - 000000000 ____D C:\Users\Иоанне\Downloads\file 2018-02-06 22:27 - 2018-02-06 22:27 - 024134687 _____ C:\Users\Иоанне\Downloads\7_klas_algebra_merzljak_2015.pdf 2018-02-04 13:54 - 2018-02-04 13:54 - 000007157 _____ C:\Users\Иоанне\Downloads\seaman_app.rar 2018-02-03 20:11 - 2018-02-03 20:11 - 000000124 _____ C:\Users\Иоанне\Documents\ax_files.xml 2018-02-03 20:06 - 2018-02-15 18:24 - 000000000 ____D C:\Users\Иоанне\AppData\Roaming\Keporele 2018-02-03 20:06 - 2018-02-03 20:38 - 000000000 ____D C:\Users\Все пользователи\{A1016462-2B43-EEA4-AD85-70E637C7FB28} 2018-02-03 20:06 - 2018-02-03 20:38 - 000000000 ____D C:\ProgramData\{A1016462-2B43-EEA4-AD85-70E637C7FB28} 2018-02-03 20:05 - 2018-02-03 20:08 - 000000000 ____D C:\Users\Иоанне\AppData\Local\{F014C648-D4BC-AAF0-B924-8F189D4C7380} 2018-02-03 20:05 - 2018-02-03 20:05 - 001806328 _____ C:\Users\Иоанне\Downloads\wrar531_5ef78830103ff86df870a6fc5a8f20ea.exe 2018-02-03 19:47 - 2018-02-15 20:25 - 000000000 ____D C:\Program Files\Smart File Advisor 2018-02-03 19:47 - 2018-02-03 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart File Advisor 2018-02-03 19:44 - 2018-02-03 19:44 - 000323736 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys 2018-02-03 19:41 - 2018-02-03 19:42 - 007998168 _____ (Alcohol Soft Development Team) C:\Users\Иоанне\Downloads\Alcohol120_FE_2.0.3.10121.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-02-15 20:47 - 2016-06-29 20:05 - 000000000 ____D C:\Users\Иоанне\AppData\Local\Viber 2018-02-15 20:47 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-02-15 18:33 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-02-15 18:33 - 2009-07-14 07:34 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-02-15 17:29 - 2015-05-11 14:16 - 000000000 ____D C:\Program Files\Opera 2018-02-15 12:50 - 2015-05-13 21:38 - 000000000 ____D C:\Users\Иоанне\AppData\Roaming\uTorrent 2018-02-15 12:34 - 2015-04-25 22:03 - 000000000 ____D C:\Windows\system32\appraiser 2018-02-14 19:28 - 2015-08-10 16:32 - 000000000 ____D C:\Users\Иоанне\Desktop\апликашки 2018-02-14 18:39 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf 2018-02-11 20:46 - 2015-05-11 13:50 - 000000000 ____D C:\Users\Иоанне 2018-02-11 20:46 - 2009-07-14 05:03 - 053215232 _____ C:\Windows\system32\config\SOFTWARE_tureg_old 2018-02-11 20:46 - 2009-07-14 05:03 - 017039360 _____ C:\Windows\system32\config\SYSTEM_tureg_old 2018-02-11 20:46 - 2009-07-14 05:03 - 000262144 _____ C:\Windows\system32\config\SECURITY_tureg_old 2018-02-11 20:43 - 2009-07-14 05:03 - 000262144 _____ C:\Windows\system32\config\SAM_tureg_old 2018-02-11 20:43 - 2009-07-14 05:03 - 000262144 _____ C:\Windows\system32\config\DEFAULT_tureg_old 2018-02-10 22:17 - 2009-07-14 05:37 - 000000000 __RHD C:\Users\Public\Libraries 2018-02-09 21:15 - 2011-04-12 01:46 - 000724590 _____ C:\Windows\system32\perfh019.dat 2018-02-09 21:15 - 2011-04-12 01:46 - 000150874 _____ C:\Windows\system32\perfc019.dat 2018-02-09 21:15 - 2010-11-21 00:01 - 001648402 _____ C:\Windows\system32\PerfStringBackup.INI 2018-02-08 16:31 - 2015-06-26 22:31 - 000000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2018-02-08 16:17 - 2016-03-31 20:13 - 000000000 ____D C:\Program Files\Google 2018-02-08 16:16 - 2015-08-20 15:55 - 000000000 ____D C:\Users\Иоанне\AppData\Local\Deployment 2018-02-08 15:35 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\Help 2018-02-06 22:15 - 2015-05-11 14:33 - 000000000 ____D C:\Users\Иоанне\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-02-06 22:15 - 2015-05-11 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2018-02-06 22:15 - 2015-05-11 14:33 - 000000000 ____D C:\Program Files\WinRar 2018-02-06 19:19 - 2016-03-31 20:12 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2018-02-06 19:19 - 2016-03-31 20:12 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2018-02-06 19:19 - 2015-04-26 01:48 - 000000000 ____D C:\Windows\system32\Macromed 2018-02-03 20:34 - 2009-07-14 05:04 - 000000938 _____ C:\Windows\system32\Drivers\etc\hosts.txt 2018-01-30 15:09 - 2015-05-30 11:22 - 000000000 ____D C:\Users\Иоанне\AppData\Roaming\Media Player Classic 2018-01-20 17:39 - 2009-07-14 07:53 - 000032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ „ЁбЇҐвзҐа § Јаг§ЄЁ Windows -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootmgr} device partition=C: description Windows Boot Manager locale ru-RU inherit {globalsettings} default {current} resumeobject {6ff32887-f7ca-11e4-a341-9932951cdf33} displayorder {current} toolsdisplayorder {memdiag} timeout 30 ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale ru-RU inherit {bootloadersettings} recoverysequence {6ff32889-f7ca-11e4-a341-9932951cdf33} recoveryenabled Yes testsigning No osdevice partition=C: systemroot \Windows resumeobject {6ff32887-f7ca-11e4-a341-9932951cdf33} nx OptIn ‡ Јаг§Є  Windows ------------------- Ё¤Ґ­вЁдЁЄ в®а {6ff32889-f7ca-11e4-a341-9932951cdf33} device ramdisk=[C:]\Recovery\6ff32889-f7ca-11e4-a341-9932951cdf33\Winre.wim,{6ff3288a-f7ca-11e4-a341-9932951cdf33} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\6ff32889-f7ca-11e4-a341-9932951cdf33\Winre.wim,{6ff3288a-f7ca-11e4-a341-9932951cdf33} systemroot \windows nx OptIn winpe Yes ‚л室 Ё§ ०Ё¬  ЈЁЎҐа­ жЁЁ -------------------------- Ё¤Ґ­вЁдЁЄ в®а {6ff32887-f7ca-11e4-a341-9932951cdf33} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Џа®ўҐаЄ  Ї ¬пвЁ Windows --------------------- Ё¤Ґ­вЁдЁЄ в®а {memdiag} device partition=C: path \boot\memtest.exe description „Ё Ј­®бвЁЄ  Ї ¬пвЁ locale ru-RU inherit {globalsettings} badmemoryaccess Yes Џ а ¬Ґвал EMS ------------- Ё¤Ґ­вЁдЁЄ в®а {emssettings} bootems Yes Џ а ¬Ґвал ®в« ¤зЁЄ  ------------------- Ё¤Ґ­вЁдЁЄ в®а {dbgsettings} debugtype Serial debugport 1 baudrate 115200 „ҐдҐЄвл Ћ‡“ ----------- Ё¤Ґ­вЁдЁЄ в®а {badmemory} ѓ«®Ў «м­лҐ Ї а ¬Ґвал -------------------- Ё¤Ґ­вЁдЁЄ в®а {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Џ а ¬Ґвал § Јаг§зЁЄ  -------------------- Ё¤Ґ­вЁдЁЄ в®а {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Џ а ¬Ґвал ЈЁЇҐаўЁ§®а  ------------------- Ё¤Ґ­вЁдЁЄ в®а {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Џ а ¬Ґвал § Јаг§зЁЄ  ў®ббв ­®ў«Ґ­Ёп ----------------------------------- Ё¤Ґ­вЁдЁЄ в®а {resumeloadersettings} inherit {globalsettings} Џ а ¬Ґвал гбва®©бвў ------------------- Ё¤Ґ­вЁдЁЄ в®а {6ff3288a-f7ca-11e4-a341-9932951cdf33} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\6ff32889-f7ca-11e4-a341-9932951cdf33\boot.sdi LastRegBack: 2018-02-14 12:11 ==================== End of FRST.txt ============================