Людмила13 Опубликовано 15 сентября, 2015 Share Опубликовано 15 сентября, 2015 Помогите мне расшифровать файлы с расширением xtbl и ytbl. CollectionLog-2015.09.16-01.36.zip Ссылка на комментарий Поделиться на другие сайты More sharing options...
thyrex Опубликовано 16 сентября, 2015 Share Опубликовано 16 сентября, 2015 Скачайте Farbar Recovery Scan Tool и сохраните на Рабочем столе. Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе. 1. Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением. 2. Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5". 3. Нажмите кнопку Scan. 4. После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении. 5. Если программа была запущена в первый раз, также будет создан отчет (Addition.txt). Пожалуйста, прикрепите его в следующем сообщении. Ссылка на комментарий Поделиться на другие сайты More sharing options...
Людмила13 Опубликовано 16 сентября, 2015 Автор Share Опубликовано 16 сентября, 2015 Все сделала как Вы сказали. Отчёты: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015 Ran by Людмила (administrator) on ЛЮДМИЛА-ПК (16-09-2015 13:35:26) Running from C:\Users\Людмила\Desktop Loaded Profiles: Людмила (Available Profiles: Людмила) Platform: Microsoft Windows 7 Максимальная Service Pack 1 (X86) Language: Русский (Россия) Internet Explorer Version 11 (Default browser: Yandex Browser) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe (AMD) C:\Windows\System32\atieclxx.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Qihu Software Co. Limited) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe (ASUS) C:\Program Files\Common Files\InstantOn\InsOnSrv.exe (ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (CANON INC.) C:\Windows\System32\CAPRPCSK.EXE (ASUS) C:\Program Files\P4G\BatteryLife.exe (CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE (ASUSTeK) C:\Windows\System32\ACEngSvr.exe (HP) C:\Windows\System32\HPSIsvc.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (ASUS) C:\Program Files\Common Files\InstantOn\InsOnWMI.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (ASUS) C:\Program Files\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (LLC Mail.Ru) C:\Users\Людмила\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (Ghisler Software GmbH) C:\Program Files\Total Commander\Totalcmd.exe (CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE (YANDEX LLC) C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\browser.exe () C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\43.0.2357.2877\crash_service.exe (YANDEX LLC) C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (YANDEX LLC) C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\Program Files\MegaFon Modem\MegaFon Modem.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2213160 2011-03-04] (Synaptics Incorporated) HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [258048 2011-03-18] (Alcor Micro Corp.) HKLM\...\Run: [synAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2011-03-04] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-10-14] (Realtek Semiconductor) HKLM\...\Run: [sonicMasterTray] => C:\Program Files\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKLM\...\Run: [Wireless Console 3] => C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS) HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.) HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS) HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM\...\Run: [CAPON] => C:\Windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE [28288 2007-03-23] (CANON INC.) HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1287800 2015-09-06] (QIHU 360 SOFTWARE CO. LIMITED) HKLM\...\Run: [uSB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-02-01] (Zbshareware Lab) HKU\S-1-5-21-887322933-3475441419-2763790667-1000\...\Run: [ab26f79e1bfccfbdcc131b54aac888705b660e2e] => iexplore.exe HKU\S-1-5-21-887322933-3475441419-2763790667-1000\...\Run: [AIMP3] => C:\Program Files\AIMP3\AIMP3.exe [1480192 2013-03-07] (AIMP DevTeam) HKU\S-1-5-21-887322933-3475441419-2763790667-1000\...\Run: [GameCenterMailRu] => C:\Users\Людмила\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe [4896720 2015-09-07] (LLC Mail.Ru) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-11-09] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2012-09-01] ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Total Commander.lnk [2012-10-17] ShortcutTarget: Total Commander.lnk -> C:\Program Files\Total Commander\Totalcmd.exe (Ghisler Software GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Окно состояния Canon LBP-810.LNK [2013-02-05] ShortcutTarget: Окно состояния Canon LBP-810.LNK -> C:\Windows\System32\spool\drivers\w32x86\3\CAPPSWK.EXE (CANON INC.) CHR HKU\S-1-5-21-887322933-3475441419-2763790667-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{3C1B3DA7-2B19-4DF2-923D-6DCCFE0C7ED6}: [NameServer] 10.163.182.8 10.163.182.11 Tcpip\..\Interfaces\{89CEF61E-B43C-4BD2-8811-04CA414228D5}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{8F579E4E-8A9E-4E84-8D36-4E47F1557090}: [NameServer] 10.163.182.8 10.163.182.11 Tcpip\..\Interfaces\{A3E02510-4A9A-48AD-B4B8-AD2E5D459C65}: [NameServer] 10.163.182.9 10.163.182.8 Tcpip\..\Interfaces\{B098C452-436F-401E-9503-3CCFC8BEB7C2}: [NameServer] 10.163.182.11 10.163.182.10 Tcpip\..\Interfaces\{D0CB78FC-C9BB-4EFA-B9F6-4B6ABDE3D57B}: [NameServer] 10.163.182.9 10.163.182.10 Tcpip\..\Interfaces\{E211947E-2780-46EA-BFEF-1507402FE527}: [NameServer] 10.163.182.9 10.163.182.10 Tcpip\..\Interfaces\{E70286F9-B202-4D9C-9308-AA534078CF02}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{E70286F9-B202-4D9C-9308-AA534078CF02}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EC0E473F-AB4C-47E9-AE5B-1F14DCD816DA}: [NameServer] 10.163.182.9 10.163.182.10 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-887322933-3475441419-2763790667-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://webalta.ru/search HKU\S-1-5-21-887322933-3475441419-2763790667-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ru.msn.com/?ocid=iehp HKU\S-1-5-21-887322933-3475441419-2763790667-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://webalta.ru/search HKU\S-1-5-21-887322933-3475441419-2763790667-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://webalta.ru/search HKU\S-1-5-21-887322933-3475441419-2763790667-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.yandex.ru/?win=42&clid=1872363 HKU\S-1-5-21-887322933-3475441419-2763790667-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mail.ru/cnt/7824 SearchScopes: HKU\S-1-5-21-887322933-3475441419-2763790667-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} SearchScopes: HKU\S-1-5-21-887322933-3475441419-2763790667-1000 -> Moikrug URL = hxxp://moikrug.ru/persons/?clid=904347&charset=utf-8&keywords={searchTerms}&submitted=1 SearchScopes: HKU\S-1-5-21-887322933-3475441419-2763790667-1000 -> Yandex URL = hxxp://isearch.avg.com/search?cid={34CB7626-CE62-447D-9168-D5114838043F}&mid=54b513082a8c47d0b54a73587527a168-1f4854018150a663304a3108a4ed6bf43cf8aa63&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-887322933-3475441419-2763790667-1000 -> yandex.ru-123923 URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} SearchScopes: HKU\S-1-5-21-887322933-3475441419-2763790667-1000 -> {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=RU&install_date=20121121&user_guid=FBD58D93604A4F25BEBAFC8CBFDFFF47&machine_id=fabe28d924cdd12ff3c18bd6a9247d87&browser=IE&os=win&os_version=6.1-x86-SP0&iesrc={referrer:source} SearchScopes: HKU\S-1-5-21-887322933-3475441419-2763790667-1000 -> {61EB20A4-D4D5-4276-A2C9-DCCE8CE9F633} URL = hxxp://webalta.ru/search?q={searchTerms}&from=IE SearchScopes: HKU\S-1-5-21-887322933-3475441419-2763790667-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={2C403796-E640-44EB-AC80-69496C249F22}&mid=54b513082a8c47d0b54a73587527a168-1f4854018150a663304a3108a4ed6bf43cf8aa63&lang=ru&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-22 09:35:10&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-887322933-3475441419-2763790667-1000 -> {EDCBE16C-384F-43FE-AD1F-006E94E2D855} URL = hxxp://nova.rambler.ru/search?query={searchTerms}&utm_source=r40&utm_medium=distribution&utm_content=e09&utm_campaign=3w28 SearchScopes: HKU\S-1-5-21-887322933-3475441419-2763790667-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated) BHO: StartNow Toolbar Helper -> {6E13D095-45C3-4271-9475-F3B48227DD9F} -> C:\Program Files\StartNow Toolbar\Toolbar32.dll [2012-06-22] () BHO: No Name -> {8984B388-A5BB-4DF7-B274-77B879E179DB} -> No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} -> No File BHO: DVDVideoSoft WebPageAdjuster Class -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2013-07-25] (DVDVideoSoft Ltd.) Toolbar: HKLM - Поиск WebAlta - {fe704bf8-384b-44e1-8cf2-8dbeb3637a8a} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26] () Toolbar: HKLM - StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll [2012-06-22] () Toolbar: HKU\S-1-5-21-887322933-3475441419-2763790667-1000 -> No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\Людмила\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default FF SelectedSearchEngine: Поиск@Mail.Ru FF Homepage: hxxp://mail.ru/cnt/10445?gp=newcustom3 FF Keyword.URL: hxxp://go.mail.ru/search?fr=fftb&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll [2014-12-20] () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-09-02] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin HKU\S-1-5-21-887322933-3475441419-2763790667-1000: @mail.ru/GameCenter -> C:\Users\Людмила\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [2015-08-21] (LLC Mail.Ru) FF SearchPlugin: C:\Users\Людмила\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\rambler.xml [2013-07-11] FF SearchPlugin: C:\Users\Людмила\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\webalta-search.xml [2012-03-12] FF SearchPlugin: C:\Users\Людмила\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-123924.xml [2013-02-17] FF Extension: Яндекс.Бар - C:\Users\Людмила\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru [2012-09-30] FF Extension: Спутник @Mail.Ru - C:\Users\Людмила\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [2013-02-05] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.mail.ru/cnt/7824" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\45.0.2454.85\pdf.dll => No File CHR Plugin: (AVG Internet Security) - C:\Users\Людмила\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => No File CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Людмила\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikloigadafpfgepigfclhbfehilnljkg\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll => No File CHR Plugin: (Conduit Radio Plugin) - C:\Users\Людмила\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikloigadafpfgepigfclhbfehilnljkg\10.11.21.5_0\plugins/np-cwmp.dll => No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Profile: C:\Users\Людмила\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Radio W) - C:\Users\Людмила\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikloigadafpfgepigfclhbfehilnljkg [2012-10-21] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Людмила\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-14] CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Людмила\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-23] CHR HKLM\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - <no Path\update_url> CHR HKLM\...\Chrome\Extension: [ikloigadafpfgepigfclhbfehilnljkg] - C:\Users\Людмила\AppData\Local\CRE\ikloigadafpfgepigfclhbfehilnljkg.crx [2012-10-17] CHR HKLM\...\Chrome\Extension: [jggbjbmnfmipgcanidamjfpechdeekoi] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-887322933-3475441419-2763790667-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ikloigadafpfgepigfclhbfehilnljkg] - C:\Users\Людмила\AppData\Local\CRE\ikloigadafpfgepigfclhbfehilnljkg.crx [2012-10-17] CHR HKU\S-1-5-21-887322933-3475441419-2763790667-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\Людмила\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx [2012-12-21] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS) R2 ASUS InstantOn; C:\Program Files\Common Files\InstantOn\InsOnSrv.exe [92800 2011-09-08] (ASUS) R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS) S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Корпорация Майкрософт) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [859768 2015-09-06] (QIHU 360 SOFTWARE CO. LIMITED) S3 Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) S2 Guard.Mail.ru; "C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [121936 2015-09-06] (360.cn) R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [66128 2015-09-06] (360.cn) R1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [203856 2015-09-06] (360.cn) R1 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2015-09-06] (360.cn) R1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [178384 2015-09-06] (360????) S3 4F97BC8E5817E699; C:\Users\1D1D~1\AppData\Local\Temp\20353AFDF2.sys [147400 2015-09-15] () S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [46680 2011-03-18] (Alcor Micro, Corp.) R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS) R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [102376 2011-09-28] (ASMedia Technology Inc) R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [311784 2011-09-28] (ASMedia Technology Inc) R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [14464 2011-09-07] (ASUS) R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [174672 2015-09-06] (360.cn) R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [24296 2015-09-06] (360.cn) R0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [65872 2015-09-06] (360????) R3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2012-09-29] (Huawei Technologies Co., Ltd.) R3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2012-09-29] (Huawei Technologies Co., Ltd.) R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [181760 2012-09-29] (Huawei Technologies Co., Ltd.) S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [101632 2008-03-17] (Huawei Technologies Co., Ltd.) [File not signed] R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [68208 2011-03-23] (Atheros Communications, Inc.) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41216 2011-09-22] (Intel Corporation) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78784 2015-02-03] (Корпорация Майкрософт) R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [292560 2015-09-06] (360.cn) R1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [53960 2015-09-06] (360.cn) S2 RapidPort; C:\Windows\system32\Drivers\CAPLPTN.SYS [22912 2001-04-12] (CANON INC.) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [6333672 2010-12-15] (Realtek Semiconductor Corp.) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 uti4nzex; C:\Windows\system32\Drivers\uti4nzex.sys [7168 2015-09-16] () [File not signed] R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] (Корпорация Майкрософт) S3 4F97BDB0071C4876; \?\C:\Users\1D1D~1\AppData\Local\Temp\2FFADC49.sys [X] S3 4F97BDB1E074C3A6; \?\C:\Users\1D1D~1\AppData\Local\Temp\2EB8AA3C.sys [X] S3 4F97BDB28BA9AA76; \?\C:\Users\1D1D~1\AppData\Local\Temp\FEAB4219.sys [X] S3 4F97BDB8F2BE7976; \?\C:\Users\1D1D~1\AppData\Local\Temp\122C73B39.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\Drivers\360AntiHacker.sys 148925140F53F63C8D1C991806F1E7EC C:\Windows\System32\DRIVERS\360AvFlt.sys 53C05C1714177E3D1C548753E0691531 C:\Windows\System32\DRIVERS\360Box.sys 0C29455EBB4A8A8EE4E99833447570BA C:\Windows\System32\Drivers\360Camera.sys 2255330A69644F179D0438666EEF1861 C:\Windows\System32\drivers\360SelfProtection.sys 637E29711905C87A49F4F367F50770B0 C:\Users\1D1D~1\AppData\Local\Temp\20353AFDF2.sys A9BB9571ED1013AC440062E4E45149E0 C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys FEF6346529B840AE859DE65A0F4773D2 C:\Windows\System32\DRIVERS\atikmpag.sys 0E245C8BE29BAF0084B95C4D16542A79 C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2 C:\Windows\System32\drivers\AmUStor.SYS 755D74BED450F7342F9D0AB01EFCF1AA C:\Windows\system32\drivers\appid.sys 81F97D8F8B3FB94A451CC6F7CF8B2965 C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys B9FDFA552EBA5B4BF377F7CCEC9B8BC7 C:\Windows\System32\DRIVERS\asmthub3.sys 0A0FEA9D64CCA930E5AAE8E1458330D4 C:\Windows\System32\DRIVERS\asmtxhci.sys 68064F1BAAC47DFAE494895026CA5776 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athr.sys AD0890EEBD1898E4A4F0C4D94060BFF7 C:\Windows\System32\drivers\AtihdW73.sys 95B1E9804CA10D096C0383F7C6684950 C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys B8BE87FF7942D1740ECBD6A9BB5DC0E0 C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\BAPIDRV.sys 1A922FC6D72CFC3634A079FF13D74DF3 C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1 C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 3051724F223EA48968B19567DE2A81F4 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ssudbus.sys 560B0DCE52DFED6623B27C9BAFA6F236 C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit C:\Windows\System32\Drivers\Efimon.sys E6104BF5F23AEF2FD23E7271ED1E5D66 C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ewusbwwan.sys 026F6D48CC5293C7B8A696376618B9D2 C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 57C171EA22F0A7F068FCB0CAEDD1E8E7 C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys 61A973F60E94A551BA7B15F3460444FB C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys 2262614848962DDB38FFB7C883E6FB55 C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05 C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972 C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\System32\Drivers\Hookport.sys 2EFB89125842BBC686FCEA92B1F1C8EA C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9 C:\Windows\System32\DRIVERS\ew_jucdcacm.sys 3170044AA8090F80839D3D4330BF733A C:\Windows\System32\DRIVERS\ew_jubusenum.sys F44461E66F1B7DD267957FE9BAA63ED0 C:\Windows\System32\DRIVERS\ew_juextctrl.sys 69A103138B77AC0950EC3846E2E6F655 C:\Windows\System32\DRIVERS\ew_juwwanecm.sys 7DE001BAB4056257E1792AF1FCFA489F C:\Windows\System32\DRIVERS\ewusbmdm.sys 19E6885A061011D8DABE8F64498423FA C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys DB81F413FA4E3F328CAD7B5D59EF3F21 C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHDA.sys 345AC48D17F5C2F2AA1EE50D34C3978B C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys A5B076011C853B4CAFD6296217A6E345 C:\Windows\System32\Drivers\ksecpkg.sys FD6A70D5D5B5BDF36AD265A232DAFB9A C:\Windows\System32\DRIVERS\L1C60x86.sys 8F20749245DEA31D123E664E6F87E957 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECI.sys 34A6E8BABFF9A3F5342976B9EA0E4899 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys 644905A19D0F37F2233DFCE53BC4BC19 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252 C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25 C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\Drivers\mvusbews.sys 6459E08514811CDEF51B3F635A7A2E78 C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0 C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4 C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\qutmdrv.sys 86AE3C2C621018B70155AFFC1DD763A6 C:\Windows\system32\drivers\qutmipc.sys C94FD2E64D92D1CEC22604D6802CF86C C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\system32\Drivers\CAPLPTN.SYS F210E3B0FC9E4BA24EF682B18B0B2EA1 C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys EAC76854C359D2534B25296AE425410D C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rtsuvc.sys 482904BEB1E6332DFDFC51E4C35EADC9 C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46 C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC C:\Windows\System32\DRIVERS\ssudmdm.sys 55AEB22380FB1002A5DB139429F43E97 C:\Windows\System32\DRIVERS\ssudserd.sys E0B86430E0B26C10B355B9E590FD25E0 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys 41D664DB5BFF4549D6F40ECA83A6AC20 C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8 C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0 C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46 C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041 C:\Windows\system32\drivers\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6 C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5 C:\Windows\system32\Drivers\uti4nzex.sys 524D8D450622DB4A7875B111C299A76B C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7 C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882 C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wimfltr.sys 090A2B8F055343815556A01F725F6C35 C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\system32\drivers\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708 C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-16 13:35 - 2015-09-16 13:36 - 00041836 _____ C:\Users\Людмила\Desktop\FRST.txt 2015-09-16 13:34 - 2015-09-16 13:35 - 00000000 ____D C:\FRST 2015-09-16 13:29 - 2015-09-16 13:34 - 01695232 _____ (Farbar) C:\Users\Людмила\Desktop\FRST.exe 2015-09-16 12:12 - 2015-09-16 12:21 - 02191360 _____ (Farbar) C:\Users\Людмила\Desktop\FRST64.exe 2015-09-16 01:26 - 2015-09-16 01:27 - 00000000 ____D C:\rsit 2015-09-16 01:26 - 2015-09-16 01:27 - 00000000 ____D C:\Program Files\trend micro 2015-09-16 01:17 - 2015-09-16 01:25 - 00007168 _____ C:\Windows\system32\Drivers\uti4nzex.sys 2015-09-16 01:08 - 2015-09-16 01:08 - 00000000 ____D C:\KVRT_Data 2015-09-15 23:10 - 2015-09-15 22:57 - 00047978 _____ C:\dberr.txt 2015-09-15 21:42 - 2015-09-15 21:42 - 00144944 _____ C:\Windows\Minidump\091515-28969-01.dmp 2015-09-15 21:41 - 2015-09-15 21:41 - 312063662 _____ C:\Windows\MEMORY.DMP 2015-09-15 21:02 - 2015-09-15 21:36 - 00000000 ____D C:\Users\Все пользователи\360Quarant 2015-09-15 21:02 - 2015-09-15 21:36 - 00000000 ____D C:\ProgramData\360Quarant 2015-09-14 18:23 - 2015-09-14 18:23 - 00144944 _____ C:\Windows\Minidump\091415-30388-01.dmp 2015-09-14 17:37 - 2015-09-14 17:37 - 00145088 _____ C:\Windows\Minidump\091415-32666-01.dmp 2015-09-14 17:28 - 2015-09-14 17:28 - 00145088 _____ C:\Windows\Minidump\091415-48999-01.dmp 2015-09-14 17:22 - 2015-09-14 17:22 - 00000000 ____D C:\Windows\Tasks\360Disabled 2015-09-14 17:16 - 2015-09-14 17:16 - 00000000 ____D C:\Users\Людмила\Doctor Web 2015-09-14 17:14 - 2015-06-11 20:57 - 00919552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-09-14 17:14 - 2015-06-11 20:15 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-09-14 17:14 - 2015-06-11 20:15 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2015-09-14 17:12 - 2015-06-02 02:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-09-14 17:11 - 2015-05-09 06:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-09-14 17:11 - 2015-05-09 06:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-09-14 17:11 - 2015-05-09 06:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-14 17:11 - 2015-05-09 06:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-09-14 17:11 - 2015-05-09 06:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 06:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 04:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 04:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 04:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-09-14 17:11 - 2015-05-09 04:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-09-14 17:08 - 2015-04-24 20:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-09-14 17:07 - 2015-04-29 21:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-09-14 17:07 - 2015-04-29 21:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-09-14 17:07 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-09-14 17:07 - 2015-04-29 21:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-09-14 17:07 - 2015-04-29 21:05 - 12625408 _____ (Корпорация Майкрософт (Microsoft Corp.)) C:\Windows\system32\wmploc.DLL 2015-09-14 17:04 - 2015-05-05 04:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-14 17:04 - 2015-04-18 05:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-09-14 17:04 - 2015-04-04 06:10 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-14 17:04 - 2015-04-04 06:10 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-14 17:04 - 2015-04-04 06:05 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-14 17:04 - 2015-04-04 06:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-14 17:04 - 2015-04-04 06:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-14 17:04 - 2015-04-04 06:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-14 17:04 - 2015-04-04 06:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-14 17:04 - 2015-04-04 06:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-14 17:04 - 2015-04-04 06:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-14 17:04 - 2015-04-04 06:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-14 17:04 - 2015-04-04 06:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-14 17:04 - 2015-04-04 06:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-14 17:04 - 2015-04-04 06:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-14 17:04 - 2015-04-04 06:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-14 17:04 - 2015-04-04 06:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-14 17:04 - 2015-04-04 06:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-14 17:04 - 2015-04-04 05:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-14 17:03 - 2015-04-13 06:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-09-14 17:02 - 2015-04-08 06:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-14 17:02 - 2015-04-08 06:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-09-14 17:01 - 2015-04-20 05:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-09-14 17:01 - 2015-04-20 05:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-09-14 17:01 - 2015-04-20 05:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-14 17:00 - 2015-09-14 17:16 - 00000000 ___HT C:\Windows\wusa.lock 2015-09-14 16:51 - 2015-03-17 08:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-09-14 16:51 - 2015-03-17 08:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-09-14 16:51 - 2015-03-17 07:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-14 16:51 - 2015-03-17 07:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-09-14 16:51 - 2015-03-17 07:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-09-14 16:51 - 2015-03-17 07:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-09-14 16:51 - 2015-03-17 07:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-09-14 16:51 - 2015-03-17 07:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-09-14 16:51 - 2015-03-17 07:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-09-14 16:48 - 2015-03-04 07:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-09-14 16:48 - 2015-03-04 07:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-09-14 16:46 - 2015-02-25 06:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-09-14 16:36 - 2015-09-14 16:43 - 00002460 _____ C:\Users\Людмила\Desktop\Yandex.lnk 2015-09-14 16:36 - 2015-09-14 16:36 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex 2015-09-14 16:35 - 2015-09-14 16:35 - 00257406 _____ C:\Windows\msxml4-KB2758694-chs.LOG 2015-09-14 16:21 - 2015-09-14 17:22 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\360Safe 2015-09-14 16:20 - 2015-09-15 22:56 - 00000000 _RSHD C:\360SANDBOX 2015-09-14 16:20 - 2015-09-14 17:24 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\360TotalSecurity 2015-09-14 16:20 - 2015-09-14 17:22 - 00000000 ____D C:\Users\Все пользователи\360safe 2015-09-14 16:20 - 2015-09-14 17:22 - 00000000 ____D C:\ProgramData\360safe 2015-09-14 16:20 - 2015-09-14 16:20 - 00001067 _____ C:\Users\Public\Desktop\360 Total Security.lnk 2015-09-14 16:20 - 2015-09-14 16:20 - 00000000 ____D C:\Users\Все пользователи\360TotalSecurity 2015-09-14 16:20 - 2015-09-14 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center 2015-09-14 16:20 - 2015-09-14 16:20 - 00000000 ____D C:\ProgramData\360TotalSecurity 2015-09-14 16:20 - 2015-09-06 09:43 - 00203856 _____ (360.cn) C:\Windows\system32\Drivers\360Box.sys 2015-09-14 16:20 - 2015-09-06 09:43 - 00178384 _____ (360????) C:\Windows\system32\Drivers\360SelfProtection.sys 2015-09-14 16:20 - 2015-09-06 09:43 - 00121936 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker.sys 2015-09-14 16:20 - 2015-09-06 09:43 - 00053960 _____ (360.cn) C:\Windows\system32\Drivers\qutmipc.sys 2015-09-14 16:20 - 2015-09-06 09:43 - 00034888 _____ (360.cn) C:\Windows\system32\Drivers\360Camera.sys 2015-09-14 16:19 - 2015-09-06 09:43 - 00292560 _____ (360.cn) C:\Windows\system32\Drivers\qutmdrv.sys 2015-09-14 16:19 - 2015-09-06 09:43 - 00174672 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV.SYS 2015-09-14 16:19 - 2015-09-06 09:43 - 00065872 _____ (360????) C:\Windows\system32\Drivers\hookport.sys 2015-09-14 16:18 - 2015-09-06 09:43 - 00066128 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys 2015-09-14 16:18 - 2015-09-06 09:43 - 00024296 _____ (360.cn) C:\Windows\system32\Drivers\efimon.sys 2015-09-14 16:16 - 2015-09-14 16:16 - 00000000 ____D C:\Program Files\360 2015-09-11 19:51 - 2015-09-11 19:51 - 00001409 _____ C:\Users\Людмила\Desktop\MOHAA - Ярлык.lnk 2015-09-10 11:58 - 2015-09-10 11:58 - 00001485 _____ C:\Users\Людмила\Desktop\moh_spearhead - Ярлык.lnk 2015-09-07 18:34 - 2015-09-07 18:34 - 00001512 _____ C:\Users\Людмила\Desktop\moh_Breakthrough - Ярлык.lnk 2015-09-07 16:24 - 2005-03-24 22:31 - 00074802 _____ (Microsoft Corporation) C:\Windows\system32\temp.02E 2015-09-07 16:24 - 1999-03-08 13:50 - 00147728 _____ (Microsoft Corporation) C:\Windows\system32\temp.02F 2015-09-07 16:23 - 2005-03-25 16:00 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\temp.028 2015-09-07 16:23 - 2005-03-24 22:31 - 00995384 _____ (Microsoft Corporation) C:\Windows\system32\temp.02A 2015-09-07 16:23 - 2005-03-24 22:31 - 00995383 _____ (Microsoft Corporation) C:\Windows\system32\temp.02B 2015-09-07 16:23 - 2004-08-04 00:56 - 00848384 _____ (Intel Corporation) C:\Windows\system32\temp.02C 2015-09-07 16:23 - 2004-02-23 02:00 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\temp.029 2015-09-07 16:23 - 2000-04-12 15:00 - 00598288 _____ (Microsoft Corporation) C:\Windows\system32\temp.027 2015-09-07 16:23 - 2000-03-28 17:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\temp.025 2015-09-07 16:23 - 1999-03-08 13:50 - 00164112 _____ (Microsoft Corporation) C:\Windows\system32\temp.026 2015-09-07 16:23 - 1998-12-09 13:52 - 00022288 _____ (Microsoft Corporation) C:\Windows\system32\temp.02D 2015-09-07 16:21 - 1999-03-01 21:44 - 00266293 _____ (Microsoft Corporation) C:\Windows\system32\temp.024 2015-09-07 14:19 - 2015-09-07 16:29 - 00000000 ____D C:\Program Files\DirectX 2015-09-07 14:19 - 2005-03-25 16:00 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\temp.01C 2015-09-07 14:19 - 2005-03-24 22:31 - 00995384 _____ (Microsoft Corporation) C:\Windows\system32\temp.01E 2015-09-07 14:19 - 2005-03-24 22:31 - 00995383 _____ (Microsoft Corporation) C:\Windows\system32\temp.01F 2015-09-07 14:19 - 2005-03-24 22:31 - 00074802 _____ (Microsoft Corporation) C:\Windows\system32\temp.022 2015-09-07 14:19 - 2004-08-04 00:56 - 00848384 _____ (Intel Corporation) C:\Windows\system32\temp.020 2015-09-07 14:19 - 2004-02-23 02:00 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\temp.01D 2015-09-07 14:19 - 2000-04-12 15:00 - 00598288 _____ (Microsoft Corporation) C:\Windows\system32\temp.01B 2015-09-07 14:19 - 2000-03-28 17:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\temp.019 2015-09-07 14:19 - 1999-03-08 13:50 - 00164112 _____ (Microsoft Corporation) C:\Windows\system32\temp.01A 2015-09-07 14:19 - 1999-03-08 13:50 - 00147728 _____ (Microsoft Corporation) C:\Windows\system32\temp.023 2015-09-07 14:19 - 1998-12-09 13:52 - 00022288 _____ (Microsoft Corporation) C:\Windows\system32\temp.021 2015-09-07 14:17 - 1999-03-01 21:44 - 00266293 _____ (Microsoft Corporation) C:\Windows\system32\temp.018 2015-09-07 10:33 - 2015-09-07 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Triada 2015-08-21 20:51 - 2015-08-21 20:51 - 00000000 ____D C:\Users\Людмила\AppData\Local\CrashRpt 2015-08-21 20:44 - 2015-08-21 20:44 - 00000110 _____ C:\Users\Людмила\Desktop\Warface.url 2015-08-21 17:10 - 2015-08-21 20:44 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru 2015-08-19 11:06 - 2015-08-19 11:06 - 00000000 ____D C:\Users\Людмила\AppData\Local\MFAData ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-16 13:27 - 2012-09-19 21:38 - 01924160 _____ C:\Windows\WindowsUpdate.log 2015-09-16 13:27 - 2012-09-02 00:03 - 00000000 ____D C:\Users\Все пользователи\DatacardService 2015-09-16 13:27 - 2012-09-02 00:03 - 00000000 ____D C:\ProgramData\DatacardService 2015-09-16 13:27 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\tracing 2015-09-16 13:20 - 2012-10-21 17:09 - 00000954 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-16 13:09 - 2012-10-21 17:09 - 00000958 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-16 01:45 - 2013-03-07 16:21 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\AIMP3 2015-09-16 01:30 - 2009-07-14 07:34 - 00016848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-16 01:30 - 2009-07-14 07:34 - 00016848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-16 01:29 - 2012-09-01 22:51 - 00006248 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-16 01:29 - 2009-07-14 11:41 - 02036666 _____ C:\Windows\system32\perfh019.dat 2015-09-16 01:29 - 2009-07-14 11:41 - 00609984 _____ C:\Windows\system32\perfc019.dat 2015-09-16 01:22 - 2013-09-22 16:20 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2015-09-16 01:22 - 2012-09-01 23:24 - 00045056 _____ C:\Windows\system32\acovcnt.exe 2015-09-16 01:22 - 2012-06-04 19:18 - 00000000 ___HD C:\ASUS.DAT 2015-09-16 01:22 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-16 01:22 - 2009-07-14 07:39 - 00116977 _____ C:\Windows\setupact.log 2015-09-15 23:03 - 2013-10-08 20:19 - 00107008 ___SH C:\Users\Людмила\Documents\Thumbs.db 2015-09-15 21:44 - 2014-06-21 17:54 - 00000000 ___RD C:\Users\Людмила\YandexDisk 2015-09-15 21:42 - 2013-02-05 13:51 - 00000000 ____D C:\Windows\Minidump 2015-09-15 21:37 - 2013-09-09 10:01 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\FileZilla 2015-09-15 21:37 - 2013-02-02 18:50 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\uTorrent 2015-09-15 21:37 - 2012-11-21 23:43 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\vlc 2015-09-15 21:37 - 2012-09-02 18:36 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\Babylon 2015-09-14 17:53 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-09-14 17:30 - 2009-07-14 07:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-09-14 17:20 - 2009-07-14 07:33 - 00465072 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-14 17:18 - 2009-07-14 12:14 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-14 17:18 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\ru-RU 2015-09-14 17:16 - 2012-09-01 22:47 - 00000000 ____D C:\Users\Людмила 2015-09-14 16:35 - 2014-11-05 14:08 - 00000000 ____D C:\Program Files\MSXML 4.0 2015-09-14 16:32 - 2014-11-22 09:35 - 07786680 _____ C:\Windows\system32\debug.log 2015-09-14 16:31 - 2012-10-07 22:12 - 00000000 ____D C:\Program Files\Mail.Ru 2015-09-14 16:30 - 2013-02-03 19:02 - 00000000 ____D C:\Program Files\Opera 2015-09-14 16:30 - 2012-09-30 19:17 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\Opera 2015-09-14 16:30 - 2012-09-30 19:17 - 00000000 ____D C:\Users\Людмила\AppData\Local\Opera 2015-09-14 16:25 - 2012-09-01 23:45 - 00000000 ____D C:\Users\Все пользователи\MFAData 2015-09-14 16:25 - 2012-09-01 23:45 - 00000000 ____D C:\ProgramData\MFAData 2015-09-14 16:25 - 2012-09-01 23:23 - 00184274 _____ C:\Windows\PFRO.log 2015-09-14 16:23 - 2015-07-11 17:05 - 00000000 ____D C:\Program Files\Common Files\AV 2015-09-14 15:59 - 2014-07-14 10:19 - 00000000 ____D C:\Users\Людмила\AppData\Local\Amigo 2015-09-07 16:21 - 2013-08-12 21:04 - 00000000 ____D C:\Games 2015-09-07 10:35 - 2013-08-12 21:29 - 00000000 ____D C:\Users\Людмила\Documents\EA Games 2015-09-07 10:35 - 2013-07-08 12:16 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-09-06 16:59 - 2012-09-02 18:37 - 00000000 ____D C:\Users\Людмила\AppData\Roaming\DRPSu 2015-09-01 19:59 - 2013-02-02 18:31 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-08-21 17:09 - 2014-01-06 12:58 - 00000000 ____D C:\Users\Людмила\AppData\Local\Mail.Ru ==================== Files in the root of some directories ======= 2013-08-25 19:38 - 2013-08-25 19:36 - 0030894 _____ () C:\Users\Людмила\AppData\Roaming\speedanalysis.ico 2014-01-14 15:32 - 2014-02-04 14:04 - 0004096 ____H () C:\Users\Людмила\AppData\Local\keyfile3.drm 2015-01-04 12:08 - 2015-01-04 12:08 - 0000000 _____ () C:\Users\Людмила\AppData\Local\{4AFC9AED-64E6-4326-B9D6-435F021D51EF} ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ „ЁбЇҐвзҐа § Јаг§ЄЁ Windows -------------------- Ё¤ҐвЁдЁЄ в®а {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale ru-RU inherit {globalsettings} default {current} resumeobject {696771fb-ae65-11e1-8a20-f8b4474f7036} displayorder {current} toolsdisplayorder {memdiag} timeout 30 ‡ Јаг§Є Windows ------------------- Ё¤ҐвЁдЁЄ в®а {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale ru-RU inherit {bootloadersettings} recoverysequence {696771ff-ae65-11e1-8a20-f8b4474f7036} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {696771fb-ae65-11e1-8a20-f8b4474f7036} nx OptIn ‡ Јаг§Є Windows ------------------- Ё¤ҐвЁдЁЄ в®а {696771fd-ae65-11e1-8a20-f8b4474f7036} device ramdisk=[C:]\Recovery\696771fd-ae65-11e1-8a20-f8b4474f7036\Winre.wim,{696771fe-ae65-11e1-8a20-f8b4474f7036} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\696771fd-ae65-11e1-8a20-f8b4474f7036\Winre.wim,{696771fe-ae65-11e1-8a20-f8b4474f7036} systemroot \windows nx OptIn winpe Yes ‡ Јаг§Є Windows ------------------- Ё¤ҐвЁдЁЄ в®а {696771ff-ae65-11e1-8a20-f8b4474f7036} device ramdisk=[C:]\Recovery\696771ff-ae65-11e1-8a20-f8b4474f7036\Winre.wim,{69677200-ae65-11e1-8a20-f8b4474f7036} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\696771ff-ae65-11e1-8a20-f8b4474f7036\Winre.wim,{69677200-ae65-11e1-8a20-f8b4474f7036} systemroot \windows nx OptIn winpe Yes ‚л室 Ё§ ०Ё¬ ЈЁЎҐа жЁЁ -------------------------- Ё¤ҐвЁдЁЄ в®а {696771fb-ae65-11e1-8a20-f8b4474f7036} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale ru-RU inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Џа®ўҐаЄ Ї ¬пвЁ Windows --------------------- Ё¤ҐвЁдЁЄ в®а {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description „Ё Ј®бвЁЄ Ї ¬пвЁ locale ru-RU inherit {globalsettings} badmemoryaccess Yes Џ а ¬Ґвал EMS ------------- Ё¤ҐвЁдЁЄ в®а {emssettings} bootems Yes Џ а ¬Ґвал ®в« ¤зЁЄ ------------------- Ё¤ҐвЁдЁЄ в®а {dbgsettings} debugtype Serial debugport 1 baudrate 115200 „ҐдҐЄвл Ћ‡“ ----------- Ё¤ҐвЁдЁЄ в®а {badmemory} ѓ«®Ў «млҐ Ї а ¬Ґвал -------------------- Ё¤ҐвЁдЁЄ в®а {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Џ а ¬Ґвал § Јаг§зЁЄ -------------------- Ё¤ҐвЁдЁЄ в®а {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Џ а ¬Ґвал ЈЁЇҐаўЁ§®а ------------------- Ё¤ҐвЁдЁЄ в®а {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Џ а ¬Ґвал § Јаг§зЁЄ ў®ббв ®ў«ҐЁп ----------------------------------- Ё¤ҐвЁдЁЄ в®а {resumeloadersettings} inherit {globalsettings} Џ а ¬Ґвал гбва®©бвў ------------------- Ё¤ҐвЁдЁЄ в®а {696771fe-ae65-11e1-8a20-f8b4474f7036} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\696771fd-ae65-11e1-8a20-f8b4474f7036\boot.sdi Џ а ¬Ґвал гбва®©бвў ------------------- Ё¤ҐвЁдЁЄ в®а {69677200-ae65-11e1-8a20-f8b4474f7036} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\696771ff-ae65-11e1-8a20-f8b4474f7036\boot.sdi LastRegBack: 2014-12-16 20:07 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-09-2015 Ran by Людмила (2015-09-16 13:36:40) Running from C:\Users\Людмила\Desktop Microsoft Windows 7 Максимальная Service Pack 1 (X86) (2012-09-01 19:46:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= HomeGroupUser$ (S-1-5-21-887322933-3475441419-2763790667-1002 - Limited - Enabled) Администратор (S-1-5-21-887322933-3475441419-2763790667-500 - Administrator - Disabled) Гость (S-1-5-21-887322933-3475441419-2763790667-501 - Limited - Disabled) Людмила (S-1-5-21-887322933-3475441419-2763790667-1000 - Administrator - Enabled) => C:\Users\Людмила ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: 360 Total Security (Disabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D} AS: 360 Total Security (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 360 Total Security (HKLM\...\360TotalSecurity) (Version: 7.6.0.1028 - 360 Security Center) 77zip (HKLM\...\77zip) (Version: - ) 7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader 9.3 - Russian (HKLM\...\{AC76BA86-7AD7-1049-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated) AGEIA PhysX v7.07.24 (HKLM\...\{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}) (Version: 7.07.24 - AGEIA Technologies, Inc.) AIMP3 (HKLM\...\AIMP3) (Version: v3.00.985 - AIMP DevTeam) Alcor Micro USB Card Reader (HKLM\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Alcor Micro USB Card Reader (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology) ASUS AI Recovery (HKLM\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.16 - ASUS) ASUS FancyStart (HKLM\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.) ASUS LifeFrame3 (HKLM\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{ED74696E-1781-469B-94F4-124A68B5F11C}) (Version: 1.1.45 - ASUS) ASUS SmartLogon (HKLM\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS) ASUS Virtual Camera (HKLM\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.23 - asus) ASUS_Screensaver (HKLM\...\ASUS_Screensaver) (Version: - ) ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS) Canon PhotoRecord (HKLM\...\{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}) (Version: 02.02.00013 - Cisra) Canon PIXMA iP1500 (HKLM\...\CANONBJ_Deinstall_CNMCP5y.DLL) (Version: - ) Canon Utilities Easy-PrintToolBox (HKLM\...\Easy-PrintToolBox) (Version: - ) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DriverPack Solution Updater (HKU\S-1-5-21-887322933-3475441419-2763790667-1000\...\DRPSu Updater) (Version: 0.0.25 - DriverPack Solution) Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - ) FileZilla Client 3.7.3 (HKLM\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse) Foxit Reader (HKLM\...\{BDDF6AEE-7AD7-4CDA-B57F-5BDF9417AD4F}) (Version: 5.1.3.1201 - Foxit Corporation) Free Studio version 2013 (HKLM\...\Free Studio_is1) (Version: 6.1.8.725 - DVDVideoSoft Ltd.) Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) Indeo® Software (HKLM\...\Indeo® Software) (Version: - ) InstantOn for NB (HKLM\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.1.5 - ASUS) Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden K-Lite Codec Pack 9.4.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.4.0 - ) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 3.3.0728 - KYOCERA Document Solutions Inc.) Medal of Honor - Pacific Assault (HKLM\...\Medal of Honor - Pacific Assault) (Version: - ) Medal of Honor Airborne (HKLM\...\Medal of Honor Airborne) (Version: - ) Medal Of Honour Allied Assault (HKLM\...\Medal Of Honour Allied Assault) (Version: - ) MegaFon Internet (HKLM\...\MegaFon Internet) (Version: 11.022.04.16.209 - Huawei Technologies Co.,Ltd) MegaFon Modem (HKLM\...\MegaFon Modem) (Version: 22.001.18.20.209 - Huawei Technologies Co.,Ltd) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт) Microsoft Office - профессиональный выпуск версии 2003 (HKLM\...\{90110419-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0419-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-887322933-3475441419-2763790667-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) MPEG Video Wizard DVD 5.0.0.108 (06/2010) (HKLM\...\{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1) (Version: 5.0.0.108 - Womble Multimedia, Inc.) MPEG Video Wizard DVD 5.0.0.108 (06/2010) (HKLM\...\Mpeg Video Wizard DVD 5.0) (Version: 5.0.0.108 (06/2010) - Womble Multimedia, Inc.) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Qualcomm Atheros WiFi Driver Installation (HKLM\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2000.0 - SAMSUNG Electronics Co., Ltd.) Sonic Focus (HKLM\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys ) StartNow Toolbar (HKLM\...\StartNow Toolbar) (Version: 2.5.0 - StartNow.com) <==== ATTENTION Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated) Total Commander 7.50a ExtremePack (HKLM\...\Total Commander) (Version: - ) USB Disk Security 6.0.0.126 by vovansi (HKLM\...\USB Disk Security_is1) (Version: - vovansi) USB2.0 UVC VGA WebCam (HKLM\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0083 - Realtek Semiconductor Corp.) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VKMusic 4 (HKLM\...\VKMusic 4_is1) (Version: 4.45 - ) VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) Warface (HKU\S-1-5-21-887322933-3475441419-2763790667-1000\...\Warface) (Version: 1.113 - Mail.Ru) Webalta Toolbar (HKU\S-1-5-21-887322933-3475441419-2763790667-1000\...\Webalta Toolbar) (Version: - ) WinDjView 1.0.3 (HKLM\...\WinDjView) (Version: 1.0.3 - Andrew Zhezherun) WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS) Wireless Console 3 (HKLM\...\{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}) (Version: 3.0.24 - ASUS) Yandex (HKU\S-1-5-21-887322933-3475441419-2763790667-1000\...\YandexBrowser) (Version: 15.7.2357.2877 - ООО «ЯНДЕКС») Игровой центр (HKU\S-1-5-21-887322933-3475441419-2763790667-1000\...\GameCenterMailRu) (Version: 3.1123 - ООО "Мэйл.Ру Геймз") Основные компоненты Windows Live (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Основные компоненты Windows Live (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office (HKLM\...\{90120000-0020-0419-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Почта Windows Live (Version: 16.4.3528.0331 - Корпорация Майкрософт) Hidden Принтеры Canon CAPT (HKLM\...\Canon Advanced Printing Technology) (Version: - ) Фотографии (общедоступная версия) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden ФотоШОУ PRO 5.15 (HKLM\...\{B42C6524-D740-4AF2-831A-821AF5B17006}_is1) (Version: 5.15 - AMS Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-887322933-3475441419-2763790667-1000_Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\localserver32 -> C:\Users\Людмила\AppData\Local\Yandex\Updater\yupdate-ctrl.exe (Yandex LLC) CustomCLSID: HKU\S-1-5-21-887322933-3475441419-2763790667-1000_Classes\CLSID\{5A8FF410-F3CE-4844-B31B-F18D911239E8}\InprocServer32 -> C:\Users\Людмила\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll (LLC Mail.Ru) CustomCLSID: HKU\S-1-5-21-887322933-3475441419-2763790667-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\25.0.1364.22194\delegate_execute.ex (the data entry has 10 more characters). ==================== Restore Points ========================= 07-09-2015 14:17:19 Установлено: Microsoft Visual C++ 2005 Redistributable 14-09-2015 16:18:03 Removed AVG 2015 14-09-2015 16:23:00 Removed AVG 2015 14-09-2015 16:36:18 Центр обновления Windows 14-09-2015 16:45:47 Центр обновления Windows 14-09-2015 16:47:20 Центр обновления Windows 14-09-2015 16:50:27 Центр обновления Windows 14-09-2015 16:53:53 Центр обновления Windows 14-09-2015 16:55:14 Центр обновления Windows 14-09-2015 16:58:38 Центр обновления Windows 14-09-2015 17:00:59 Центр обновления Windows 14-09-2015 17:01:56 Центр обновления Windows 14-09-2015 17:03:02 Центр обновления Windows 14-09-2015 17:04:03 Центр обновления Windows 14-09-2015 17:06:09 Центр обновления Windows 14-09-2015 17:08:12 Центр обновления Windows 14-09-2015 17:10:31 Центр обновления Windows 14-09-2015 17:12:24 Центр обновления Windows 14-09-2015 17:13:57 Центр обновления Windows ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07570A2A-9CCC-4B6B-93E2-9F7D29314313} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS) Task: {0CCD3EB6-8F05-4846-BE85-66F229CCCDF5} - System32\Tasks\ATKOSD2 => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS) Task: {3B52923B-E4DE-4C89-9B4D-37C506291AB7} - System32\Tasks\{9B2529C5-C430-4DDB-B2A6-F18889DC9575} => pcalua.exe -a E:\iv5setup.exe -d E:\ Task: {44CEDE77-CD58-442A-B4D1-5B46EB0ADD02} - System32\Tasks\Games\UpdateCheck_S-1-5-21-887322933-3475441419-2763790667-1000 Task: {46998EA4-0448-45D0-9940-C9ECB1C3000B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-20] (Adobe Systems Incorporated) Task: {479041F9-C684-4357-B4C2-B9445DE17BEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {4C2497C9-8D08-4DCC-8BA0-8038B0128BA8} - System32\Tasks\ACMON => C:\Program Files\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS) Task: {4E062114-3497-4FE4-87DF-A51B9A8259FE} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-05-31] (ASUS) Task: {582524F5-C729-448F-97AC-5FFDB6B2CDA6} - System32\Tasks\{30E56165-8E15-4F31-A794-779A917D8244} => pcalua.exe -a C:\Users\Людмила\Desktop\vkontaktedj.exe -d C:\Users\Людмила\Desktop Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-20] (Корпорация Майкрософт (Microsoft Corp.)) Task: {EE275321-B1D5-45AF-88A9-F92DAA6CEDEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {F3282426-8557-4345-8E41-5DA4F1313594} - System32\Tasks\MailRuUpdateTask => C:\Users\Людмила\AppData\Local\Mail.Ru\MailRuUpdater.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-09-14 16:18 - 2015-09-06 09:43 - 00087672 _____ () C:\Program Files\360\Total Security\deepscan\qutmload.dll 2014-06-09 15:27 - 2011-04-02 16:03 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL 2014-06-09 15:28 - 2011-04-02 16:03 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL 2011-05-30 13:48 - 2011-05-30 13:48 - 00009216 _____ () C:\Program Files\ASUS\Splendid\GLCDdll.dll 2010-07-14 16:12 - 2010-07-14 16:12 - 00021120 _____ () C:\Program Files\P4G\DevMng.dll 2013-08-07 22:25 - 2013-08-07 22:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2011-03-14 18:27 - 2011-03-14 18:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe 2012-09-01 22:58 - 2011-03-04 06:41 - 00066856 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll 2011-09-13 13:33 - 2011-09-13 13:33 - 01163264 _____ () C:\Program Files\ASUS\Wireless Console 3\acAuth.dll 2015-08-21 17:09 - 2015-08-21 17:09 - 00144896 _____ () C:\Users\Людмила\AppData\Local\Mail.Ru\GameCenter\zlib1.dll 2015-08-21 17:09 - 2015-08-21 17:09 - 00062464 _____ () C:\Users\Людмила\AppData\Local\Mail.Ru\GameCenter\pxd.dll 2015-08-21 17:09 - 2015-08-21 17:09 - 00179144 _____ () C:\Users\Людмила\AppData\Local\Mail.Ru\GameCenter\LightUpdate.dll 2015-08-21 17:09 - 2015-08-21 17:09 - 02419488 _____ () C:\Users\Людмила\AppData\Local\Mail.Ru\GameCenter\BigUp2.dll 2015-08-26 12:18 - 2015-08-26 12:18 - 50425344 _____ () C:\Users\Людмила\AppData\Local\Mail.Ru\GameCenter\Chrome\3.2454.1317\libcef.dll 2011-08-17 15:37 - 2011-08-17 15:37 - 00204800 _____ () C:\Program Files\asus\VirtualCamera\virtualCamera.ax 2015-09-14 16:43 - 2015-08-17 18:03 - 00397264 _____ () C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\43.0.2357.2877\crash_service.exe 2015-09-14 16:43 - 2015-08-17 18:03 - 01282000 _____ () C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\43.0.2357.2877\libglesv2.dll 2015-09-14 16:43 - 2015-08-17 18:03 - 00080848 _____ () C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\43.0.2357.2877\libegl.dll 2015-09-14 16:43 - 2015-08-17 18:03 - 00310224 _____ () C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\43.0.2357.2877\libexif.dll 2012-09-29 17:51 - 2012-09-29 17:52 - 00514560 _____ () C:\Program Files\MegaFon Modem\MegaFon Modem.exe 2012-09-29 17:51 - 2012-09-29 17:51 - 00413696 _____ () C:\Program Files\MegaFon Modem\core.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00270336 _____ () C:\Program Files\MegaFon Modem\sdk.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00011362 _____ () C:\Program Files\MegaFon Modem\mingwm10.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00043008 _____ () C:\Program Files\MegaFon Modem\libgcc_s_dw2-1.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 02415104 _____ () C:\Program Files\MegaFon Modem\QtCore4.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 09515520 _____ () C:\Program Files\MegaFon Modem\QtGui4.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00386048 _____ () C:\Program Files\MegaFon Modem\Proxy.DLL 2012-09-29 17:51 - 2012-09-29 17:51 - 00218624 _____ () C:\Program Files\MegaFon Modem\Common.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00135168 _____ () C:\Program Files\MegaFon Modem\Trace.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00545280 _____ () C:\Program Files\MegaFon Modem\PluginContainer.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00239104 _____ () C:\Program Files\MegaFon Modem\AtCodec.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00300544 _____ () C:\Program Files\MegaFon Modem\DeviceSrvPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00224256 _____ () C:\Program Files\MegaFon Modem\NetSrvPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00133632 _____ () C:\Program Files\MegaFon Modem\OSDialup.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00168960 _____ () C:\Program Files\MegaFon Modem\XCodec.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00157184 _____ () C:\Program Files\MegaFon Modem\DataServicePlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00175616 _____ () C:\Program Files\MegaFon Modem\CallSrvPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00262656 _____ () C:\Program Files\MegaFon Modem\AddrBookSrvPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00218624 _____ () C:\Program Files\MegaFon Modem\SmsSrvPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00142336 _____ () C:\Program Files\MegaFon Modem\USSDSrvPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00157184 _____ () C:\Program Files\MegaFon Modem\STKSrvPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00123904 _____ () C:\Program Files\MegaFon Modem\ATR2SMgr.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00337408 _____ () C:\Program Files\MegaFon Modem\DeviceAppPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00065536 _____ () C:\Program Files\MegaFon Modem\OSPowerMgr.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00106496 _____ () C:\Program Files\MegaFon Modem\Win7Support.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 01084416 _____ () C:\Program Files\MegaFon Modem\AddrBookPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00673792 _____ () C:\Program Files\MegaFon Modem\SmsAppPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00556032 _____ () C:\Program Files\MegaFon Modem\CallAppPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00547328 _____ () C:\Program Files\MegaFon Modem\CallLogSrvPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00158720 _____ () C:\Program Files\MegaFon Modem\NetConnectSrvPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00211968 _____ () C:\Program Files\MegaFon Modem\DialUpPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00101888 _____ () C:\Program Files\MegaFon Modem\OSAdapt.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00178688 _____ () C:\Program Files\MegaFon Modem\NDISPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00131584 _____ () C:\Program Files\MegaFon Modem\OSNDIS.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 01101824 _____ () C:\Program Files\MegaFon Modem\NDISAPI.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00278528 _____ () C:\Program Files\MegaFon Modem\NetInfoSrvPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00062976 _____ () C:\Program Files\MegaFon Modem\OSCall.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00224256 _____ () C:\Program Files\MegaFon Modem\tdpcvoice.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00508928 _____ () C:\Program Files\MegaFon Modem\DeviceMgrUIPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00249344 _____ () C:\Program Files\MegaFon Modem\XFramePlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00316928 _____ () C:\Program Files\MegaFon Modem\StatusBarMgrPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00366080 _____ () C:\Program Files\MegaFon Modem\NetConnectPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00097280 _____ () C:\Program Files\MegaFon Modem\NotifyServicePlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00117248 _____ () C:\Program Files\MegaFon Modem\LayoutPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00419328 _____ () C:\Program Files\MegaFon Modem\DialupUIPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00804352 _____ () C:\Program Files\MegaFon Modem\MiniFramePlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00398336 _____ () C:\Program Files\MegaFon Modem\QtXml4.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00263168 _____ () C:\Program Files\MegaFon Modem\MenuMgrPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00506880 _____ () C:\Program Files\MegaFon Modem\NetInfoUIExPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00855040 _____ () C:\Program Files\MegaFon Modem\SMSUIPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00869888 _____ () C:\Program Files\MegaFon Modem\AddrBookUIPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00497152 _____ () C:\Program Files\MegaFon Modem\USSDUIPlugin.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00269824 _____ () C:\Program Files\MegaFon Modem\LiveUpdateInterface.DLL 2012-09-29 17:51 - 2012-09-29 17:51 - 01148416 _____ () C:\Program Files\MegaFon Modem\QtNetwork4.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00082944 _____ () C:\Program Files\MegaFon Modem\plugins\imageformats\qgif4.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00081920 _____ () C:\Program Files\MegaFon Modem\plugins\imageformats\qico4.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00192000 _____ () C:\Program Files\MegaFon Modem\plugins\imageformats\qjpeg4.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00350720 _____ () C:\Program Files\MegaFon Modem\plugins\imageformats\qmng4.dll 2012-09-29 17:51 - 2012-09-29 17:51 - 00370176 _____ () C:\Program Files\MegaFon Modem\plugins\imageformats\qtiff4.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Людмила\Local Settings:wa AlternateDataStreams: C:\Users\Людмила\AppData\Local:wa AlternateDataStreams: C:\Users\Людмила\AppData\Local\Application Data:wa ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-887322933-3475441419-2763790667-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Людмила\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.163.182.11 - 10.163.182.10 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{CBEC79DF-D07E-4704-8B91-22BB6DACC28A}] => (Allow) C:\Program Files\Total Commander\Soft\uTorrent\utorrent.exe FirewallRules: [{A2DD6744-FC0C-40ED-B50C-2F6BC7788AF7}] => (Allow) C:\Program Files\Total Commander\Soft\uTorrent\utorrent.exe FirewallRules: [{6958A1EF-EA44-45CE-9F39-16CC45552224}] => (Allow) C:\Program Files\Opera\opera.exe FirewallRules: [{22BA5B52-A43D-4494-B5C4-262E843A7F72}] => (Allow) C:\Program Files\Opera\opera.exe FirewallRules: [{61457155-C831-46A6-8CF9-CC5A866CAC17}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe FirewallRules: [{0BA84D0B-F45C-4A39-A154-47FE5536EEF7}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe FirewallRules: [{EB2B3156-7615-4F5C-A030-ABBBC32A90EB}] => (Allow) C:\Users\Людмила\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{C3944C52-A92D-4DCB-9180-6A5EE581B1E3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{53E7BECD-F1BB-48A1-BD14-262097C98D70}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{B30F92D0-1B50-434B-B79E-8C063F85B8C8}] => (Allow) LPort=2869 FirewallRules: [{1656755C-9CB4-45EB-972C-075A31DC1DF5}] => (Allow) LPort=1900 FirewallRules: [{01CBAB6A-D672-485F-A9C1-51A2E1A34879}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{800BEF52-E6AA-4A05-8192-519E118707CC}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe FirewallRules: [{E76D832E-73A8-4D37-90EB-6675CFCE443F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe FirewallRules: [{CBB53322-385D-4168-9FE7-918171B8FC5B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{FF8669ED-494E-4F46-9CEE-6235EE4C6237}] => (Allow) C:\Users\Людмила\Downloads\360TS_Setup_Mini_RU_2002_1001.exe FirewallRules: [{5EA1EFC5-CD05-420D-8542-1A08A1818544}] => (Allow) C:\Users\Людмила\Downloads\360TS_Setup_Mini_RU_2002_1001.exe FirewallRules: [{BC942105-9893-4A6A-8863-92CEFF77AD74}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe FirewallRules: [{56501882-122A-4060-8049-5E705E99029D}] => (Allow) C:\Program Files\360\Total Security\LiveUpdate360.exe FirewallRules: [{FE24BA98-B901-4897-A39A-50A8BFAAE5C9}] => (Allow) C:\Users\Людмила\AppData\Local\Yandex\YandexBrowser\Application\browser.exe FirewallRules: [{7E46AF96-8F05-44E7-A5F5-4A5797D837BA}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe FirewallRules: [{66A664C4-92CA-4304-A02A-D8590F814A29}] => (Allow) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe ==================== Faulty Device Manager Devices ============= Name: Atheros AR9285 Wireless Network Adapter Description: Atheros AR9285 Wireless Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/16/2015 01:29:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: При выгрузке строк счетчиков производительности для службы WmiApRpl (WmiApRpl) произошел сбой. Первое двойное слово (DWORD) в секции данных содержит код ошибки. Error: (09/16/2015 01:29:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных. Error: (09/16/2015 01:29:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных. Error: (09/16/2015 12:50:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: При выгрузке строк счетчиков производительности для службы WmiApRpl (WmiApRpl) произошел сбой. Первое двойное слово (DWORD) в секции данных содержит код ошибки. Error: (09/16/2015 12:50:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных. Error: (09/16/2015 12:50:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных. Error: (09/15/2015 09:47:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: При выгрузке строк счетчиков производительности для службы WmiApRpl (WmiApRpl) произошел сбой. Первое двойное слово (DWORD) в секции данных содержит код ошибки. Error: (09/15/2015 09:47:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных. Error: (09/15/2015 09:47:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Строки производительности в значении реестра производительности были повреждены, когда выполнялась обработка поставщика расширенных счетчиков производительности Performance. Значение параметра BaseIndex из реестра производительности находится в первом двойном слове (DWORD) секции данных, значение LastCounter - во втором двойном слове (DWORD) секции данных, а значение LastHelp - в третьем двойном слове (DWORD) секции данных. Error: (09/15/2015 09:45:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: При выгрузке строк счетчиков производительности для службы WmiApRpl (WmiApRpl) произошел сбой. Первое двойное слово (DWORD) в секции данных содержит код ошибки. System errors: ============= Error: (09/15/2015 09:43:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "Windows Search" из-за ошибки %%1053 Error: (09/15/2015 09:43:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Windows Search". Error: (09/15/2015 09:43:49 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (09/15/2015 09:43:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Служба Windows Search была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 30000 мсек: Перезапуск службы. Error: (09/15/2015 09:43:17 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Служба "Windows Search" завершена из-за внутренней ошибки %%-1073473535. Error: (09/15/2015 09:42:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "HP SI Service" из-за ошибки %%1053 Error: (09/15/2015 09:42:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "HP SI Service". Error: (09/15/2015 09:42:08 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000050 (0xd0c2cfda, 0x00000000, 0xa516b32b, 0x00000002)C:\Windows\MEMORY.DMP091515-28969-01 Error: (09/15/2015 09:42:03 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Предыдущее завершение работы системы в 21:40:50 на ?15.?09.?2015 было неожиданным. Error: (09/15/2015 09:01:20 PM) (Source: Disk) (EventID: 11) (User: ) Description: Драйвер обнаружил ошибку контроллера \Device\Harddisk1\DR1. ==================== Memory info =========================== Processor: Intel® Celeron® CPU B815 @ 1.60GHz Percentage of memory in use: 67% Total physical RAM: 2024.13 MB Available physical RAM: 665.5 MB Total Virtual: 4048.25 MB Available Virtual: 2359.7 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:122.7 GB) (Free:63.81 GB) NTFS Drive d: (D) (Fixed) (Total:175.3 GB) (Free:147.05 GB) NTFS Drive f: (MegaFon Modem) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7C12E647) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=122.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=175.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Сообщение от модератора Mark D. Pearlstone Отчёты нужно прикреплять в том виде, в котором вас просят. Добавлен спойлер. Все сделала как Вы сказали. FRST.txt Addition.txt Ссылка на комментарий Поделиться на другие сайты More sharing options...
thyrex Опубликовано 16 сентября, 2015 Share Опубликовано 16 сентября, 2015 Логи в порядке. С расшифровкой не поможем Ссылка на комментарий Поделиться на другие сайты More sharing options...
Людмила13 Опубликовано 16 сентября, 2015 Автор Share Опубликовано 16 сентября, 2015 И ЧТО МНЕ ТЕПЕРЬ ДЕЛАТЬ? У МЕНЯ ВСЕ ФАЛЫ ПОТИХОНЕЧКУ ПРОПАДАЮТ. Ссылка на комментарий Поделиться на другие сайты More sharing options...
thyrex Опубликовано 16 сентября, 2015 Share Опубликовано 16 сентября, 2015 Что значит пропадают? Работающего шифровальщика в логах не видно Ссылка на комментарий Поделиться на другие сайты More sharing options...
Рекомендуемые сообщения
Пожалуйста, войдите, чтобы комментировать
Вы сможете оставить комментарий после входа в
Войти