Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018 Ran by - (administrator) on ADMIN (09-01-2018 19:02:08) Running from R:\ Loaded Profiles: - (Available Profiles: - & Авит) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия) Internet Explorer Version 9 (Default browser: Yandex Browser) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.7.1.791\service_update.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\apsdaemon.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\-\AppData\Local\Yandex\YandexBrowser\Application\browser.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [154088 2017-12-12] (VMware, Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1129001146-3901250892-1317710060-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-12] (Apple Inc.) HKU\S-1-5-21-1129001146-3901250892-1317710060-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd) HKU\S-1-5-21-1129001146-3901250892-1317710060-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [3111712 2017-12-15] (Valve Corporation) HKU\S-1-5-21-1129001146-3901250892-1317710060-1000\...\Run: [f.lux] => C:\Users\-\AppData\Local\FluxSoftware\Flux\flux.exe [1761784 2017-12-12] (f.lux Software LLC) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4E807450-184E-4F7D-934A-3DEE8C887F31}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{86E2DBF9-796F-4C34-8114-B150D47BF4A1}: [DhcpNameServer] 192.168.73.1 Tcpip\..\Interfaces\{9F10742C-E4F0-4CE3-A200-759DCD60FB7E}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A95B82C9-9589-4946-8C4A-3137C8F7DB72}: [DhcpNameServer] 192.168.116.2 Tcpip\..\Interfaces\{C13C82BB-5346-4C10-9C98-3A1176A4B397}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{FEDB302B-1553-46C9-9F91-6A6917811F3C}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yandex.ru HKU\S-1-5-21-1129001146-3901250892-1317710060-1000\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1129001146-3901250892-1317710060-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1129001146-3901250892-1317710060-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome BHO: No Name -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2016-08-13] (Oracle Corporation) BHO: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2016-08-13] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Корпорация Майкрософт.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Корпорация Майкрософт.) FireFox: ======== FF DefaultProfile: lkjhdwyp.default FF ProfilePath: C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\lkjhdwyp.default [2018-01-09] FF Extension: (Visual Bookmarks) - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\lkjhdwyp.default\Extensions\vb@yandex.ru.xpi [2018-01-07] [Legacy] FF Extension: (Avast Online Security) - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\lkjhdwyp.default\Extensions\wrc@avast.com.xpi [2017-11-24] FF Extension: ("Yandex Elements") - C:\Users\-\AppData\Roaming\Mozilla\Firefox\Profiles\lkjhdwyp.default\Extensions\yasearch@yandex.ru.xpi [2017-12-12] [Legacy] FF Extension: (Visual Bookmarks) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\vb@yandex.ru.xpi [2016-08-02] [Legacy] FF Extension: ("Yandex Elements") - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\yasearch@yandex.ru.xpi [2016-08-02] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2016-08-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2016-08-13] (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll [2011-08-30] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-24] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-24] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File] FF Plugin HKU\S-1-5-21-1129001146-3901250892-1317710060-1000: @mail.ru/GameCenter -> C:\Users\-\AppData\Local\Mail.Ru\GAMECE~1\NPDetector.dll [No File] Chrome: ======= CHR DefaultProfile: Default CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\-\AppData\Local\Google\Chrome\User Data\Default [2017-10-02] CHR Extension: (Google Презентации) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-26] CHR Extension: (Документы Google) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-26] CHR Extension: (Диск Google) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (Adguard Антибаннер) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-07-23] CHR Extension: (YouTube) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03] CHR Extension: (Adblock Plus) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-23] CHR Extension: (Google Search) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-05] CHR Extension: (Tampermonkey) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-07-19] CHR Extension: (Google Таблицы) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-26] CHR Extension: (Google Документы офлайн) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-28] CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-17] CHR Extension: (Gmail) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26] CHR Extension: (Chrome Media Router) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-15] CHR HKU\S-1-5-21-1129001146-3901250892-1317710060-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (Советник Яндекс.Маркета) - C:\Users\-\AppData\Roaming\Opera Software\Opera Stable\Extensions\dmdhajlcfmlocjeihknhbbekjaageelh [2017-02-14] OPR Extension: (SaveFrom.net помощник) - C:\Users\-\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2017-07-08] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-03-19] (AOMEI Tech Co., Ltd.) [File not signed] S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2017-10-01] (Microsoft Corporation) [File not signed] S3 mracsvc; C:\Windows\System32\mracsvc.exe [5141208 2017-10-01] (LLC Mail.Ru) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.) R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12482024 2017-06-19] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт) S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\17.7.1.791\service_update.exe [3589624 2017-08-21] (YANDEX LLC) S4 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [File not signed] R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [File not signed] R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [File not signed] R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-10-06] () R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-11-29] (Qualcomm Atheros Co., Ltd.) S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-10-02] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-12-12] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-10-02] (Malwarebytes) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт) S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [4632032 2017-10-01] (LLC Mail.Ru) S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed] S3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider) S3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт) R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2016-09-30] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [38376 2017-05-05] (VMware, Inc.) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-09 19:01 - 2018-01-09 19:02 - 000000000 ____D C:\FRST 2018-01-09 18:57 - 2018-01-09 18:57 - 000000000 ____D C:\Users\Все пользователи\Spybot - Search & Destroy 2018-01-09 18:57 - 2018-01-09 18:57 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2018-01-07 21:08 - 2018-01-07 21:09 - 000000000 ____D C:\Users\-\AppData\LocalLow\KMPlayer 2017-12-14 02:56 - 2017-12-16 20:31 - 000000000 ____D C:\Kaspersky Rescue Disk 10.0 2017-12-13 19:26 - 2017-12-13 19:26 - 000000000 ____D C:\Users\Авит\AppData\Local\VirtualStore 2017-12-13 19:17 - 2017-12-13 21:03 - 000000000 ____D C:\Users\Авит\AppData\LocalLow\uTorrent 2017-12-12 19:13 - 2017-12-12 19:13 - 000000000 ____D C:\Users\-\AppData\LocalLow\uTorrent 2017-12-12 14:50 - 2017-12-12 15:17 - 000000000 ____D C:\Program Files\trend micro 2017-12-12 14:50 - 2017-12-12 14:50 - 000000000 ____D C:\rsit 2017-12-12 14:25 - 2017-12-12 14:25 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2017-12-12 10:35 - 2018-01-09 17:26 - 000000000 ____D C:\Users\-\Downloads\Лечение 2017-12-12 10:11 - 2017-12-12 04:33 - 013846071 _____ (Company © regist & Drongo) C:\Users\-\Desktop\AutoLogger.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-01-09 19:00 - 2015-05-15 23:38 - 000000000 ____D C:\Program Files (x86)\Steam 2018-01-09 18:59 - 2016-08-21 23:30 - 000000412 _____ C:\Windows\Tasks\Обновление Браузера Яндекс.job 2018-01-09 18:59 - 2015-10-14 20:56 - 000003390 _____ C:\Windows\System32\Tasks\Обновление Браузера Яндекс 2018-01-09 18:58 - 2017-11-24 14:22 - 000000000 ____D C:\Users\Все пользователи\VMware 2018-01-09 18:58 - 2017-11-24 14:22 - 000000000 ____D C:\ProgramData\VMware 2018-01-09 18:58 - 2016-08-21 23:30 - 000003558 _____ C:\Windows\System32\Tasks\Системное обновление Браузера Яндекс 2018-01-09 18:58 - 2016-08-21 23:30 - 000000466 _____ C:\Windows\Tasks\Системное обновление Браузера Яндекс.job 2018-01-09 18:58 - 2009-07-14 09:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-01-09 18:56 - 2015-05-15 23:23 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2018-01-09 17:06 - 2015-05-15 23:06 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-01-09 16:57 - 2009-07-14 08:45 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-01-09 16:57 - 2009-07-14 08:45 - 000021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-01-08 22:01 - 2016-12-23 00:58 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2018-01-08 22:01 - 2016-12-23 00:58 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk 2018-01-07 22:37 - 2017-11-24 23:32 - 000000000 ____D C:\Users\-\AppData\Roaming\VMware 2018-01-07 22:37 - 2017-11-24 23:32 - 000000000 ____D C:\Users\-\AppData\Local\VMware 2018-01-07 22:19 - 2015-05-15 23:10 - 000000000 ____D C:\Users\-\AppData\Roaming\Skype 2018-01-04 18:28 - 2015-06-29 11:31 - 000000000 ____D C:\Windows\System32\Tasks\Games 2017-12-22 21:31 - 2017-10-02 11:52 - 000002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-12-13 22:25 - 2017-11-24 14:25 - 000000000 ____D C:\Users\Авит\AppData\Roaming\VMware 2017-12-13 22:25 - 2017-11-24 14:25 - 000000000 ____D C:\Users\Авит\AppData\Local\VMware 2017-12-13 22:25 - 2017-11-24 14:07 - 000000000 ____D C:\Users\Авит\AppData\Roaming\uTorrent 2017-12-13 21:04 - 2017-01-12 09:36 - 000000000 ___SD C:\Users\Авит\AppData\LocalLow\Temp 2017-12-13 19:27 - 2015-06-02 23:02 - 000004442 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-12-13 19:27 - 2015-05-15 23:19 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-12-13 19:27 - 2015-05-15 23:19 - 000004378 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-12-13 19:27 - 2012-02-01 16:23 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-12-13 19:27 - 2012-02-01 16:23 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-12-13 19:27 - 2012-02-01 16:23 - 000000000 ____D C:\Windows\system32\Macromed 2017-12-12 19:30 - 2015-05-15 23:26 - 000000000 ____D C:\Users\-\AppData\Roaming\uTorrent 2017-12-12 19:30 - 2015-05-15 23:03 - 000000000 ____D C:\Users\-\AppData\Roaming\AIMP3 2017-12-12 19:13 - 2015-05-30 20:04 - 000000000 ___SD C:\Users\-\AppData\LocalLow\Temp 2017-12-12 16:31 - 2016-08-25 14:05 - 000013030 _____ C:\PDOXUSRS.NET 2017-12-12 15:20 - 2009-07-14 06:34 - 000000219 _____ C:\Windows\system.ini 2017-12-12 14:59 - 2017-10-02 12:47 - 000000000 ____D C:\Users\-\AppData\Local\Mozilla 2017-12-12 14:58 - 2017-10-02 12:47 - 000000000 ____D C:\Users\-\AppData\Roaming\Mozilla 2017-12-12 14:30 - 2016-08-13 18:58 - 000003870 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433065609 2017-12-12 14:30 - 2015-05-31 13:46 - 000000000 ____D C:\Program Files (x86)\Opera 2017-12-12 14:22 - 2011-04-12 17:26 - 002860892 _____ C:\Windows\system32\perfh019.dat 2017-12-12 14:22 - 2011-04-12 17:26 - 000875948 _____ C:\Windows\system32\perfc019.dat 2017-12-12 14:22 - 2009-07-14 09:13 - 000006930 _____ C:\Windows\system32\PerfStringBackup.INI 2017-12-12 14:21 - 2017-10-01 21:39 - 000780160 _____ C:\Windows\ntbtlog.txt 2017-12-12 14:20 - 2015-05-15 22:46 - 000000000 ____D C:\Users\- 2017-12-12 14:05 - 2017-11-24 22:25 - 004100008 _____ (Initex ) C:\Users\Авит\Downloads\ProxifierSetup.exe 2017-12-12 14:05 - 2017-11-24 14:01 - 001129816 _____ (Google Inc.) C:\Users\Авит\Downloads\ChromeSetup.exe 2017-12-12 14:05 - 2016-12-18 20:36 - 000000000 ____D C:\Users\-\Downloads\Nero.7.v.11.10.0.2008.PC 2017-12-12 14:04 - 2016-12-17 17:03 - 000000000 ____D C:\Users\-\AppData\Local\UmmyVideoDownloader 2017-12-12 14:03 - 2017-09-20 20:53 - 000000000 ____D C:\Program Files (x86)\The KMPlayer 2017-12-12 14:03 - 2016-12-15 00:51 - 000000000 ____D C:\Program Files (x86)\UltraISO 2017-12-12 14:03 - 2015-05-15 22:56 - 000000000 ____D C:\Program Files (x86)\Xvid 2017-12-12 14:03 - 2015-05-15 22:56 - 000000000 ____D C:\Program Files (x86)\x264vfw 2017-12-12 14:03 - 2012-02-01 16:21 - 000000000 ____D C:\Program Files (x86)\Uninstall Tool 2017-12-12 14:01 - 2016-08-13 18:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-12-12 14:01 - 2016-08-13 18:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-12-12 14:01 - 2015-05-15 23:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2017-12-12 14:01 - 2015-05-15 23:03 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer 2017-12-12 14:01 - 2015-05-15 22:56 - 000000000 ____D C:\Program Files (x86)\SAM CoDeC Pack 2017-12-12 14:01 - 2012-02-01 16:24 - 000000000 ____D C:\Program Files (x86)\Paint.NET 2017-12-12 14:01 - 2012-02-01 16:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-12-12 14:00 - 2017-08-30 17:59 - 000000000 ____D C:\Program Files (x86)\Apple Software Update 2017-12-12 14:00 - 2016-12-28 23:13 - 000000000 ____D C:\Program Files (x86)\Bonjour 2017-12-12 14:00 - 2016-08-13 13:41 - 000000000 ____D C:\Program Files (x86)\AOMEI Backupper 2017-12-12 14:00 - 2015-09-27 13:25 - 000000000 ____D C:\Program Files (x86)\FastStone Capture 2017-12-12 14:00 - 2015-05-15 23:03 - 000000000 ____D C:\Program Files (x86)\AIMP3 2017-12-12 14:00 - 2013-02-07 16:22 - 000050330 _____ C:\Program Files (x86)\AntiDust.exe 2017-12-12 10:38 - 2017-08-30 19:13 - 000000041 _____ C:\Windows\directx.sys 2017-12-12 09:45 - 2015-05-16 13:41 - 000000000 ____D C:\Users\-\AppData\Local\CrashDumps 2017-12-12 09:44 - 2017-01-15 10:10 - 000000000 ____D C:\Users\Авит\AppData\Local\CrashDumps ==================== Files in the root of some directories ======= 2013-02-07 16:22 - 2017-12-12 14:00 - 000050330 _____ () C:\Program Files (x86)\AntiDust.exe 2016-12-26 19:49 - 2016-12-26 19:49 - 000000017 _____ () C:\Users\-\AppData\Local\resmon.resmoncfg 2016-11-22 23:34 - 2016-11-22 23:38 - 000000000 _____ () C:\Users\-\AppData\Local\{4DDFCD11-68B9-4228-AEB8-806970168797} Some files in TEMP: ==================== 2017-10-27 15:14 - 2017-10-27 15:15 - 058881488 _____ (Skype Technologies S.A.) C:\Users\-\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-01-08 18:05 ==================== End of FRST.txt ============================