Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2017 01 Ran by Михаил (administrator) on DESKTOP-O9CN8JU (03-10-2017 21:53:58) Running from C:\Users\Михаил\Downloads Loaded Profiles: Михаил (Available Profiles: defaultuser0 & Михаил) Platform: Windows 10 Enterprise 2016 LTSB Version 1607 (X64) Language: Русский (Россия) Internet Explorer Version 11 (Default browser: "C:\Program Files\Nightly\firefox.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (ESET) C:\Program Files\ESET\ESET Security\egui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (LLC Mail.Ru) C:\Users\Михаил\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (LLC Mail.Ru) C:\Users\Михаил\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Mozilla Corporation) C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) C:\Program Files\Nightly\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27735000 2017-06-07] (Skype Technologies S.A.) HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\Run: [GameCenterMailRu] => C:\Users\Михаил\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe [6928848 2017-09-30] (LLC Mail.Ru) HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\MountPoints2: {1af29b3b-8369-11e7-8388-005022b0d442} - "F:\HTC_Sync_Manager_PC.exe" BootExecute: autocheck autochk * autocheck autochk * GroupPolicy: Restriction <==== ATTENTION GroupPolicy\User: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{7e2b1152-e00e-4dfb-b914-64cba3aa3ad0}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-3820472979-4027493990-276356326-1001\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKU\S-1-5-19 -> DefaultScope {117513C1-6909-4230-AD7C-E43D6B6FF3F5} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr= SearchScopes: HKU\S-1-5-19 -> {117513C1-6909-4230-AD7C-E43D6B6FF3F5} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr= SearchScopes: HKU\S-1-5-20 -> DefaultScope {117513C1-6909-4230-AD7C-E43D6B6FF3F5} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr= SearchScopes: HKU\S-1-5-20 -> {117513C1-6909-4230-AD7C-E43D6B6FF3F5} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr= SearchScopes: HKU\S-1-5-21-3820472979-4027493990-276356326-1001 -> {117513C1-6909-4230-AD7C-E43D6B6FF3F5} URL = hxxp://www.google.ru/search?hl=ru&q={searchTerms}&btnG=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA+%D0%B2+Google&lr= BHO: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\OldNewExplorer\OldNewExplorer64.dll [2017-05-11] (www.startisback.com) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-12] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-12] (Oracle Corporation) BHO-x32: No Name -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} -> C:\OldNewExplorer\OldNewExplorer32.dll [2017-05-11] (www.startisback.com) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-12] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-12] (Oracle Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: wszypavz.default FF ProfilePath: C:\Users\Михаил\AppData\Roaming\Mozilla\Firefox\Profiles\wszypavz.default [2017-10-03] FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-12] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-12] (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-12] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-3820472979-4027493990-276356326-1001: @mail.ru/GameCenter -> C:\Users\Михаил\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [2017-09-27] (LLC Mail.Ru) FF Plugin HKU\S-1-5-21-3820472979-4027493990-276356326-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Михаил\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) StartMenuInternet: Firefox-A3710B8EBB50CD3 - C:\Program Files\Nightly\firefox.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) S2 BitStreamSvc; C:\Windows\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S2 BitStreamSvc; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-06-13] (ESET) S3 mracsvc; C:\Windows\System32\mracsvc.exe [4913880 2017-09-28] (LLC Mail.Ru) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-09-16] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-09-17] (NVIDIA Corporation) S4 qcmtusvc; C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe [83456 2015-07-09] (QUALCOMM, Inc.) [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-05-01] (Microsoft Corporation) S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation) S4 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 S4 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 S4 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AVer7231_x64; C:\Windows\system32\DRIVERS\AVer7231_x64.sys [1637120 2009-12-18] (AVerMedia TECHNOLOGIES, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132824 2017-06-22] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-05-04] (ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14880 2017-05-04] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178056 2017-05-04] (ESET) R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50752 2017-05-04] (ESET) R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [78192 2017-05-04] (ESET) R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [101648 2017-05-04] (ESET) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-09-27] () R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-26] (Malwarebytes) S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [4405560 2017-09-28] (LLC Mail.Ru) R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrd.sys [33496 2014-03-27] (Realtek) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_63f40b686fe9309f\nvlddmkm.sys [15619320 2017-09-19] (NVIDIA Corporation) S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-06-28] (NVIDIA Corporation) S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [245248 2015-07-09] (QUALCOMM Incorporated) R3 RTL8023x64; C:\Windows\System32\drivers\Rtnic64.sys [61656 2014-01-23] (Realtek Semiconductor Corporation ) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U4 DiagTrack; no ImagePath S3 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] S3 X6va064; \??\C:\Windows\SysWOW64\Drivers\X6va064 [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-03 21:53 - 2017-10-03 21:53 - 000038504 _____ C:\Users\Михаил\Downloads\Addition.txt 2017-10-03 21:52 - 2017-10-03 21:54 - 000012615 _____ C:\Users\Михаил\Downloads\FRST.txt 2017-10-03 21:52 - 2017-10-03 21:53 - 000000000 ____D C:\FRST 2017-10-03 21:51 - 2017-10-03 21:51 - 002399744 _____ (Farbar) C:\Users\Михаил\Downloads\FRST64.exe 2017-10-03 21:17 - 2017-10-03 21:17 - 000264016 _____ C:\Windows\system32\FNTCACHE.DAT 2017-10-03 00:43 - 2016-03-15 07:10 - 001616398 _____ C:\ras 2017-10-02 21:09 - 2017-10-02 21:19 - 000000000 ____D C:\SecurityCheck 2017-10-01 22:25 - 2017-10-02 21:08 - 000000799 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Nightly.lnk 2017-10-01 22:25 - 2017-10-01 22:25 - 000000787 _____ C:\Users\Public\Desktop\Firefox Nightly.lnk 2017-10-01 22:17 - 2017-10-03 21:43 - 000000000 ____D C:\Users\Михаил\AppData\LocalLow\Mozilla 2017-10-01 22:17 - 2017-10-03 21:17 - 000000000 ____D C:\Program Files\Nightly 2017-10-01 22:17 - 2017-10-03 21:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-01 22:17 - 2017-10-01 22:20 - 000000000 ____D C:\Users\Михаил\AppData\Local\Mozilla 2017-10-01 20:41 - 2017-10-01 22:17 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\Mozilla 2017-10-01 20:40 - 2017-10-01 22:03 - 000000000 ____D C:\Program Files (x86)\K-Meleon 2017-10-01 20:32 - 2017-10-01 20:32 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\Macromedia 2017-09-29 00:28 - 2017-09-29 00:29 - 000000000 ____D C:\Program Files\CCleaner 2017-09-29 00:28 - 2017-09-29 00:28 - 000002872 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-09-29 00:28 - 2017-09-29 00:28 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-09-28 16:21 - 2017-10-03 21:18 - 000003144 _____ C:\Windows\System32\Tasks\MSIAfterburner 2017-09-27 17:33 - 2017-09-28 16:21 - 004913880 _____ (LLC Mail.Ru) C:\Windows\system32\mracsvc.exe 2017-09-27 17:33 - 2017-09-28 16:21 - 004405560 _____ (LLC Mail.Ru) C:\Windows\system32\Drivers\mracdrv.sys 2017-09-27 17:32 - 2017-09-27 17:32 - 000002294 _____ C:\Users\Михаил\Desktop\Игровой центр Mail.Ru.lnk 2017-09-27 17:32 - 2017-09-27 17:32 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru 2017-09-27 17:31 - 2017-09-27 17:31 - 000000000 ____D C:\Users\Михаил\AppData\Local\Mail.Ru 2017-09-27 16:45 - 2017-10-02 21:06 - 000000000 ____D C:\AdwCleaner 2017-09-27 16:21 - 2017-09-27 16:21 - 000001632 _____ C:\EsgInstallerResumeAction_f04cc17898bca8529d6f1d41233dcd01 2017-09-27 15:36 - 2017-09-27 15:36 - 000000000 _____ C:\autoexec.bat 2017-09-27 15:28 - 2017-09-27 15:28 - 000000000 ____D C:\Users\Михаил\AppData\Local\VirtualStore 2017-09-27 02:48 - 2017-09-27 02:48 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2017-09-27 02:48 - 2017-09-17 01:27 - 000512960 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2017-09-27 02:48 - 2017-09-17 01:27 - 000418936 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2017-09-27 02:48 - 2017-09-17 01:27 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2017-09-27 02:48 - 2017-09-16 23:54 - 000001951 _____ C:\Windows\NvContainerRecovery.bat 2017-09-27 02:48 - 2017-09-16 23:34 - 006463424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2017-09-27 02:48 - 2017-09-16 23:34 - 002478528 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2017-09-27 02:48 - 2017-09-16 23:34 - 001762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2017-09-27 02:48 - 2017-09-16 23:34 - 000548472 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2017-09-27 02:48 - 2017-09-16 23:34 - 000392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2017-09-27 02:48 - 2017-09-16 23:34 - 000082040 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2017-09-27 02:48 - 2017-09-16 23:34 - 000069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2017-09-27 02:48 - 2017-09-15 21:03 - 008248071 _____ C:\Windows\system32\nvcoproc.bin 2017-09-27 02:48 - 2017-07-20 23:21 - 000905504 _____ C:\Windows\system32\vulkan-1.dll 2017-09-27 02:48 - 2017-07-20 23:21 - 000776992 _____ C:\Windows\SysWOW64\vulkan-1.dll 2017-09-27 02:48 - 2017-07-20 23:21 - 000578848 _____ C:\Windows\system32\vulkaninfo.exe 2017-09-27 02:48 - 2017-07-20 23:21 - 000477472 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2017-09-27 02:46 - 2017-09-17 01:27 - 040240064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 035925440 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 035314112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 029020096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 023132720 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 018849784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 013782904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 012241792 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 011692856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 010087504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 004210544 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 004145088 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 003712024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 003575744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 001988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438569.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 001606592 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438569.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 001067968 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 001005176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 000972920 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 000924280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 000690504 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 000578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2017-09-27 02:46 - 2017-09-17 01:27 - 000046443 _____ C:\Windows\system32\nvinfo.pb 2017-09-27 02:46 - 2017-09-17 01:27 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2017-09-27 02:46 - 2017-09-17 01:27 - 000000669 _____ C:\Windows\system32\nv-vk64.json 2017-09-27 02:17 - 2017-09-27 02:17 - 000000868 _____ C:\Windows\system32\.crusader 2017-09-27 01:45 - 2017-09-27 02:40 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2017-09-27 01:38 - 2017-09-27 01:38 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS 2017-09-27 00:33 - 2017-09-27 00:33 - 000000000 ____D C:\Users\Михаил\AppData\Local\ESET 2017-09-27 00:31 - 2017-09-27 00:31 - 000000000 ____D C:\Users\Все пользователи\ESET 2017-09-27 00:31 - 2017-09-27 00:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2017-09-27 00:31 - 2017-09-27 00:31 - 000000000 ____D C:\ProgramData\ESET 2017-09-27 00:31 - 2017-09-27 00:31 - 000000000 ____D C:\Program Files\ESET 2017-09-26 22:44 - 2017-09-27 16:45 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\Process Hacker 2 2017-09-26 22:36 - 2017-09-26 22:36 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\70B543A7.sys 2017-09-26 00:20 - 2017-09-26 22:09 - 000000000 ____D C:\Users\Все пользователи\Kaspersky Lab 2017-09-26 00:20 - 2017-09-26 22:09 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2017-09-26 00:20 - 2017-09-26 22:09 - 000000000 ____D C:\Program Files\Common Files\AV 2017-09-26 00:07 - 2017-09-27 02:16 - 000000000 ____D C:\Users\Все пользователи\HitmanPro 2017-09-26 00:07 - 2017-09-27 02:16 - 000000000 ____D C:\ProgramData\HitmanPro 2017-09-19 23:10 - 2017-09-19 23:10 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\TestOfficePro 2017-09-16 02:08 - 2017-09-29 20:46 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\Telegram Desktop 2017-09-16 02:08 - 2017-09-16 02:08 - 000001035 _____ C:\Users\Михаил\Desktop\Telegram.lnk 2017-09-16 02:08 - 2017-09-16 02:08 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop 2017-09-03 18:53 - 2017-09-03 18:53 - 000000000 ____D C:\Program Files\Dolby Digital Plus 2017-09-03 14:38 - 2017-09-06 22:07 - 000000000 ____D C:\Windows\AppReadiness ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-03 21:49 - 2017-08-31 02:36 - 000000041 _____ C:\Users\Михаил\Desktop\хайп.txt 2017-10-03 21:43 - 2017-05-11 19:23 - 000000000 ____D C:\Windows\system32\SleepStudy 2017-10-03 21:23 - 2017-05-11 22:03 - 000004190 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AF389912-C42D-4946-A891-462858FE1059} 2017-10-03 21:17 - 2017-07-01 22:59 - 000000000 ____D C:\Users\Все пользователи\NVIDIA 2017-10-03 21:17 - 2017-07-01 22:59 - 000000000 ____D C:\ProgramData\NVIDIA 2017-10-03 21:17 - 2017-05-11 19:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-03 03:31 - 2017-05-11 22:00 - 000000000 ____D C:\Users\Михаил 2017-10-03 03:31 - 2016-07-16 12:04 - 000032768 _____ C:\Windows\system32\config\BBI 2017-10-02 21:45 - 2017-05-13 11:40 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\TS3Client 2017-10-02 21:44 - 2016-07-16 17:45 - 000000000 ____D C:\Windows\INF 2017-10-02 21:32 - 2017-05-12 22:36 - 000000000 ____D C:\Program Files (x86)\Opera 2017-10-02 21:31 - 2017-05-12 22:47 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\Opera Software 2017-10-02 21:31 - 2017-05-12 22:47 - 000000000 ____D C:\Users\Михаил\AppData\Local\Opera Software 2017-10-02 21:30 - 2017-06-02 00:12 - 000000000 ____D C:\Program Files\HP 2017-10-02 02:51 - 2017-05-13 13:13 - 000000000 ____D C:\Users\Михаил\Documents\CrossFire 2017-10-01 16:13 - 2016-07-16 17:47 - 000000000 ____D C:\Windows\system32\NDF 2017-09-29 00:31 - 2017-06-26 18:26 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\Skype 2017-09-29 00:30 - 2017-05-12 22:39 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\Notepad++ 2017-09-27 16:44 - 2017-06-28 01:10 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2017-09-27 16:28 - 2017-01-16 14:12 - 000000000 ____D C:\Users\Михаил\Desktop\cce_x64 2017-09-27 16:14 - 2017-05-17 15:36 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner 2017-09-27 02:48 - 2017-07-01 22:59 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-09-27 02:48 - 2017-07-01 22:55 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2017-09-27 02:48 - 2016-07-16 17:47 - 000000000 ____D C:\Windows\Help 2017-09-27 02:47 - 2017-07-01 22:58 - 000000000 ____D C:\Users\Все пользователи\NVIDIA Corporation 2017-09-27 02:47 - 2017-07-01 22:58 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2017-09-27 02:33 - 2017-07-03 23:31 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\NVIDIA 2017-09-27 02:17 - 2017-05-18 22:00 - 000000000 ____D C:\Users\Все пользователи\KMSAuto 2017-09-27 02:17 - 2017-05-18 22:00 - 000000000 ____D C:\ProgramData\KMSAuto 2017-09-27 00:32 - 2016-07-16 17:47 - 000000000 ___HD C:\Windows\ELAMBKUP 2017-09-26 23:42 - 2017-05-12 23:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vtope bot 2017-09-26 23:21 - 2017-06-27 21:31 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\MPC-HC 2017-09-26 23:21 - 2017-05-11 23:29 - 000000000 ____D C:\Users\Михаил\AppData\Roaming\uTorrent 2017-09-26 23:14 - 2017-05-13 14:08 - 000000000 ____D C:\Windows\pss 2017-09-26 22:59 - 2017-05-11 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4 2017-09-26 22:17 - 2017-05-15 00:44 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-09-26 22:09 - 2016-07-16 12:04 - 000032768 _____ C:\Windows\system32\config\ELAM 2017-09-26 21:25 - 2017-06-23 14:26 - 000000000 ____D C:\Program Files (x86)\CentBrowser 2017-09-26 21:20 - 2017-07-01 22:52 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-09-23 00:47 - 2017-05-18 21:25 - 000007596 _____ C:\Users\Михаил\AppData\Local\Resmon.ResmonCfg 2017-09-16 16:40 - 2017-06-24 15:12 - 000000000 ____D C:\Users\Все пользователи\SP_FT_Logs 2017-09-16 16:40 - 2017-06-24 15:12 - 000000000 ____D C:\ProgramData\SP_FT_Logs 2017-09-14 18:56 - 2017-05-13 11:40 - 000000000 ____D C:\Program Files\TeamSpeak 3 Client 2017-09-12 13:01 - 2017-07-08 21:38 - 000000113 _____ C:\Users\Михаил\Desktop\Cross Fire.url 2017-09-06 23:38 - 2017-06-23 13:26 - 000000000 ____D C:\Users\Михаил\Desktop\Новая папка 2017-09-06 23:34 - 2017-05-11 22:01 - 000000000 ____D C:\Users\Михаил\AppData\Local\Packages 2017-09-06 22:17 - 2016-07-16 17:47 - 000000000 ____D C:\Windows\SystemApps ==================== Files in the root of some directories ======= 2017-05-18 21:25 - 2017-09-23 00:47 - 000007596 _____ () C:\Users\Михаил\AppData\Local\Resmon.ResmonCfg 2017-05-11 23:04 - 2017-05-11 23:04 - 000000000 ____H () C:\ProgramData\DP45977C.lfl 2017-06-03 12:49 - 2013-12-27 15:17 - 000028856 _____ () C:\ProgramData\logo.bmp Some files in TEMP: ==================== 2017-10-02 21:30 - 2012-12-17 19:01 - 000237568 _____ () C:\Users\Михаил\AppData\Local\Temp\siuninst.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-03 21:28 ==================== End of FRST.txt ============================