Kas-Tos спросил 9 лет назад
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
Ran by Kostik (administrator) on KOSTJA (20-07-2016 19:44:09)
Running from C:\Users\Kostik\Downloads
Loaded Profiles: Kostik (Available Profiles: Kostik)
Platform: Windows 8.1 Pro (Update) (X64) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\…\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\…\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM-x32\…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-12] (AVAST Software)
HKLM-x32\…\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\Run: [uTorrent] => C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-18] (BitTorrent Inc.)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\Run: [Viber] => C:\Users\Kostik\AppData\Local\Viber\Viber.exe [69528656 2016-05-16] (Viber Media S.Ã r.l.)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\Run: [GoogleChromeAutoLaunch_ACFF5128E12935783DB96BD092DCE8DB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\MountPoints2: {28bf9aa0-39f1-11e6-82c6-fcaa14b63ce8} — «F:\Startme.exe»
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\MountPoints2: {84637c41-0e8a-11e6-82b5-fcaa14b63ce8} — «F:\Startme.exe»
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-11-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-01] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
Startup: C:\Users\Kostik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Отправка в OneNote.lnk [2015-12-30]ShortcutTarget: Отправка в OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 195.122.12.242 80.232.230.242
Tcpip\..\Interfaces\{CCE226A7-A470-411C-8941-AEB2444C03E2}: [DhcpNameServer] 195.122.12.242 80.232.230.242
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=802851
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B776BD540-263F-4920-8F5A-0710A0688AAA%7D&gp=802861
SearchScopes: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001 -> 833DF741FA87F717497AA7DB56FED6A3 URL = hxxps://yandex.ru/search/?win=233&clid=2257055&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B776BD540-263F-4920-8F5A-0710A0688AAA%7D&gp=802861
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-01] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-01] (AVAST Software)
BHO-x32: Поиск@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Kostik\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-07-20] (Mail.Ru)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Handler: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c — {91774881-D725-4E58-B298-07617B9B86A8} — C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF DefaultSearchEngine: Поиск@Mail.Ru
FF SelectedSearchEngine: Поиск@Mail.Ru
FF Homepage: hxxp://mail.ru/cnt/10445?gp=802851
FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7B49687A6A-B572-4917-BDDB-2CCEB8E943C9%7D&gp=802861
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\mailru.xml [2016-07-20]FF SearchPlugin: C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-225921.xml [2016-06-17]FF Extension: Домашняя страница Mail.Ru — C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\homepage@mail.ru [2016-07-20]FF Extension: Поиск@Mail.Ru — C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\search@mail.ru [2016-07-20]FF Extension: Визуальные закладки @Mail.Ru — C:\Users\Kostik\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-07-20]FF HKLM\…\Firefox\Extensions: [wrc@avast.com] — C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security — C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-04]FF HKLM\…\Firefox\Extensions: [sp@avast.com] — C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice — C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-04]FF HKLM-x32\…\Firefox\Extensions: [wrc@avast.com] — C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\…\Firefox\Extensions: [sp@avast.com] — C:\Program Files\AVAST Software\Avast\SafePrice\FF
Chrome:
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR Profile: C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]CHR Extension: (Tampermonkey) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-20]CHR Extension: (Avast SafePrice) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-29]CHR Extension: (Точный прогноз погоды) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifoegajimhkofnmlhkdoomoinadohdjn [2016-02-02]CHR Extension: (KMPlayer for Chrome) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipanhlgdkijihdflgmdobeohanbfamho [2016-01-26]CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\Kostik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]CHR HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [dbaonaocldpohelilahfhnkmjankmbcc] — hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\SOFTWARE\Google\Chrome\Extensions\…\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] — C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-15]CHR HKLM-x32\…\Chrome\Extension: [gdljkkmghdkckhaogaemgbgdfophkfco] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] — C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-15]CHR HKLM-x32\…\Chrome\Extension: [hpcghcdjnehpkdecaflpedhklimnejia] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [lgdnilodcpljomelbbnpgdogdbmclbni] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] — C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]CHR HKLM-x32\…\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] — hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR StartupUrls: «hxxps://www.yandex.ru/?win=233&clid=2257054»
OPR Extension: (Tampermonkey) — C:\Users\Kostik\AppData\Roaming\Opera Software\Opera Stable\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-01] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-01] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-07-01] (AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-18] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-20] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-09-25] (VIA Technologies, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [297472 2013-09-25] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-20 19:44 — 2016-07-20 19:44 — 00019954 _____ C:\Users\Kostik\Downloads\FRST.txt
2016-07-20 19:43 — 2016-07-20 19:44 — 00000000 ____D C:\FRST
2016-07-20 19:42 — 2016-07-20 19:42 — 02393600 _____ (Farbar) C:\Users\Kostik\Downloads\FRST64.exe
2016-07-20 19:38 — 2016-07-20 19:38 — 02369272 _____ C:\Users\Kostik\Downloads\uvs_v386.zip
2016-07-20 19:36 — 2016-07-20 19:36 — 00388608 _____ (Trend Micro Inc.) C:\Users\Kostik\Downloads\HijackThis (1).exe
2016-07-20 19:16 — 2016-07-20 19:16 — 00000000 ____D C:\Users\Kostik\Downloads\backups
2016-07-20 19:15 — 2016-07-20 19:15 — 00388608 _____ (Trend Micro Inc.) C:\Users\Kostik\Downloads\HijackThis.exe
2016-07-20 10:28 — 2016-07-20 10:29 — 00000000 ____D C:\Users\Kostik\Documents\Assassin’s Creed Unity
2016-07-20 10:28 — 2016-07-20 10:28 — 00000000 ____D C:\Users\Все пользователи\Orbit
2016-07-20 10:28 — 2016-07-20 10:28 — 00000000 ____D C:\ProgramData\Orbit
2016-07-20 09:51 — 2016-07-20 09:51 — 03712064 _____ C:\Users\Kostik\Downloads\Не подтвержден 805837.crdownload
2016-07-20 09:51 — 2016-07-20 09:51 — 03712064 _____ C:\Users\Kostik\Downloads\adwcleaner_5.201.exe
2016-07-20 09:51 — 2016-07-20 09:51 — 00000000 ____D C:\AdwCleaner
2016-07-20 08:57 — 2016-07-20 08:57 — 00844760 _____ ( ) C:\Users\Kostik\Downloads\SFHelper-Web-Installer-366065c8ae-[308].exe
2016-07-20 08:52 — 2016-07-20 10:56 — 00000000 ____D C:\Users\Kostik\AppData\Local\MediaGet2
2016-07-20 08:52 — 2016-07-20 08:52 — 00001138 _____ C:\Users\Kostik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet.lnk
2016-07-20 08:52 — 2016-07-20 08:52 — 00001130 _____ C:\Users\Kostik\Desktop\MediaGet.lnk
2016-07-20 08:52 — 2016-07-20 08:52 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2
2016-07-20 08:52 — 2016-07-20 08:52 — 00000000 ____D C:\Users\Kostik\AppData\Local\Media Get LLC
2016-07-20 08:50 — 2016-07-20 08:51 — 22192888 _____ (MediaGet LLC ) C:\Users\Kostik\Downloads\MediaGet_id2448283ids2s.exe
2016-07-20 08:15 — 2016-07-20 08:15 — 00096654 _____ C:\Users\Kostik\Downloads\K._CHICHINADZE_CV_ENGLISH.PDF
2016-07-20 08:00 — 2016-07-20 08:00 — 00000762 _____ C:\Users\Kostik\Desktop\Загрузки — Ярлык.lnk
2016-07-20 07:40 — 2016-07-20 07:46 — 00000000 ____D C:\Users\Kostik\AppData\LocalLow\Unity
2016-07-20 07:40 — 2016-07-20 07:46 — 00000000 ____D C:\Users\Kostik\AppData\Local\Unity
2016-07-20 07:40 — 2016-07-20 07:46 — 00000000 ____D C:\Program Files (x86)\Mail.Ru
2016-07-20 07:38 — 2016-07-20 07:40 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\MailProducts
2016-07-20 07:36 — 2016-07-20 07:37 — 00000000 ____D C:\Users\Kostik\Documents\[R.G. Mechanics] Assassin’s Creed Unity
2016-07-20 06:45 — 2016-07-20 06:45 — 00000000 ____D C:\Windows\EOONotify
2016-07-19 10:56 — 2016-07-19 10:56 — 00242013 _____ C:\Users\Kostik\Desktop\Horvatija.zip
2016-07-19 10:51 — 2016-07-19 11:13 — 00000000 ____D C:\Users\Kostik\Desktop\Horvatija
2016-07-13 19:53 — 2016-07-13 19:53 — 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-07-13 19:53 — 2016-07-13 19:53 — 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-07-13 19:50 — 2016-05-25 16:22 — 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-07-13 19:50 — 2016-05-25 16:22 — 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-07-13 19:50 — 2016-05-25 16:12 — 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-07-13 19:50 — 2016-05-25 16:12 — 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-07-13 18:32 — 2016-07-13 18:32 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-07-13 18:32 — 2016-07-13 18:32 — 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2016-07-13 18:31 — 2016-07-13 18:31 — 00000000 ____D C:\Windows\PCHEALTH
2016-07-13 18:31 — 2016-07-13 18:31 — 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-07-13 18:30 — 2016-07-13 18:30 — 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-07-13 18:29 — 2016-07-14 12:43 — 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2016-07-13 18:29 — 2016-07-13 18:31 — 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-13 18:29 — 2016-07-13 18:29 — 00000000 __RHD C:\MSOCache
2016-07-13 18:29 — 2016-07-13 18:29 — 00000000 ____D C:\Users\Kostik\AppData\Local\Microsoft Help
2016-07-13 18:28 — 2016-07-13 18:28 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2010
2016-07-13 18:27 — 2016-07-13 18:28 — 00000000 ____D C:\Program Files (x86)\Word 2010
2016-07-13 11:28 — 2016-07-13 11:36 — 00000000 ____D C:\Users\Kostik\Desktop\DACHA
2016-07-13 06:12 — 2016-06-25 23:05 — 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-13 06:12 — 2016-06-25 21:13 — 00165376 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 06:12 — 2016-06-25 19:24 — 00345600 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 06:12 — 2016-06-25 19:15 — 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 06:12 — 2016-06-25 19:13 — 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 06:12 — 2016-06-25 19:05 — 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 06:12 — 2016-06-22 16:48 — 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-13 06:12 — 2016-06-21 21:32 — 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-07-13 06:12 — 2016-06-21 17:12 — 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-07-13 06:12 — 2016-06-21 16:48 — 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-13 06:12 — 2016-06-21 16:48 — 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-13 06:12 — 2016-06-11 22:45 — 07445856 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-13 06:12 — 2016-06-11 20:56 — 25812992 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 06:12 — 2016-01-30 22:50 — 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-07-13 06:12 — 2016-01-30 22:00 — 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2016-07-13 06:12 — 2016-01-30 21:48 — 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-07-13 06:12 — 2016-01-30 21:18 — 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2016-07-13 06:12 — 2016-01-30 20:48 — 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2016-07-13 06:12 — 2016-01-30 20:41 — 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-07-13 06:11 — 2016-06-11 21:14 — 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 06:11 — 2016-06-11 21:11 — 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 06:11 — 2016-06-11 20:56 — 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 06:11 — 2016-06-11 20:42 — 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 06:11 — 2016-06-11 20:23 — 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 06:11 — 2016-06-11 20:22 — 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-13 06:11 — 2016-06-11 20:22 — 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-07-13 06:11 — 2016-06-11 20:21 — 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-13 06:11 — 2016-06-11 20:20 — 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 06:11 — 2016-06-11 20:13 — 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-13 06:11 — 2016-06-11 20:12 — 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-13 06:11 — 2016-06-11 20:12 — 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-07-13 06:11 — 2016-06-11 20:07 — 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-13 06:11 — 2016-06-11 20:03 — 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 06:11 — 2016-06-11 20:01 — 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 06:11 — 2016-06-11 20:00 — 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 06:11 — 2016-06-11 20:00 — 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 06:11 — 2016-06-11 19:57 — 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 06:11 — 2016-06-11 19:44 — 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-07-13 06:11 — 2016-06-11 19:43 — 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-13 06:11 — 2016-06-11 19:38 — 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-07-13 06:11 — 2016-06-11 19:33 — 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-13 06:11 — 2016-06-11 19:31 — 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-13 06:11 — 2016-06-11 19:31 — 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-13 06:11 — 2016-06-11 19:31 — 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-13 06:11 — 2016-06-11 19:30 — 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 06:11 — 2016-06-11 19:29 — 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-13 06:11 — 2016-06-11 19:26 — 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 06:11 — 2016-06-11 19:15 — 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-13 06:11 — 2016-06-11 19:12 — 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 06:11 — 2016-06-11 19:02 — 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 06:11 — 2016-06-11 18:59 — 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-13 06:11 — 2016-06-11 18:56 — 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-13 06:11 — 2016-06-11 18:56 — 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-13 06:11 — 2016-06-11 00:35 — 04167680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-11 14:29 — 2016-07-11 14:30 — 00000000 ____D C:\Windows\KMSAutoS
2016-07-04 07:45 — 2016-07-01 03:35 — 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-01 03:35 — 2016-07-01 03:35 — 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-06-30 23:18 — 2016-07-13 18:29 — 00000000 ____D C:\Program Files (x86)\DtsFilter
2016-06-23 08:51 — 2016-07-20 19:28 — 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-23 08:36 — 2016-06-23 08:36 — 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-23 08:36 — 2016-06-23 08:36 — 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2016-06-23 08:36 — 2016-06-23 08:36 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-23 08:36 — 2016-06-23 08:36 — 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-23 08:36 — 2016-06-23 08:36 — 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-23 08:36 — 2016-03-10 14:09 — 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-23 08:36 — 2016-03-10 14:08 — 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-23 08:36 — 2016-03-10 14:08 — 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-23 08:07 — 2016-06-23 08:07 — 00002788 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-06-23 08:07 — 2016-06-23 08:07 — 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-23 08:07 — 2016-06-23 08:07 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-06-23 08:07 — 2016-06-23 08:07 — 00000000 ____D C:\Program Files\CCleaner
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-20 19:29 — 2015-07-10 17:47 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\Skype
2016-07-20 19:28 — 2015-07-10 15:00 — 00000000 __SHD C:\Users\Kostik\IntelGraphicsProfiles
2016-07-20 19:28 — 2013-08-22 17:45 — 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-20 19:27 — 2013-08-22 16:25 — 00262144 ___SH C:\Windows\system32\config\BBI
2016-07-20 19:15 — 2015-07-10 19:52 — 00003944 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F4FC177E-2E54-4018-B573-FC12BC03C920}
2016-07-20 19:15 — 2015-07-10 19:44 — 00000000 ____D C:\Users\Kostik\AppData\Local\VirtualStore
2016-07-20 11:07 — 2015-07-10 19:51 — 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3529388977-2612259316-3712491006-1001
2016-07-20 10:40 — 2015-07-10 18:00 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\uTorrent
2016-07-20 10:26 — 2015-04-25 14:43 — 00000000 ____D C:\Windows\SysWOW64\directx
2016-07-20 10:01 — 2015-07-10 17:56 — 00000000 ____D C:\Program Files\Microsoft Office
2016-07-20 10:00 — 2013-08-22 18:36 — 00000000 ____D C:\Users\Все пользователи\regid.1991-06.com.microsoft
2016-07-20 10:00 — 2013-08-22 18:36 — 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-20 10:00 — 2013-08-22 18:36 — 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-20 09:33 — 2016-06-17 22:59 — 00000000 ____D C:\Users\Kostik\AppData\Local\Yandex
2016-07-20 08:43 — 2016-05-08 15:22 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\ViberPC
2016-07-20 07:58 — 2016-05-18 14:15 — 00000000 ____D C:\Users\Kostik\AppData\LocalLow\uTorrent
2016-07-20 07:46 — 2015-10-26 22:48 — 00000000 ____D C:\Users\Kostik\AppData\Local\Mail.Ru
2016-07-20 06:47 — 2015-04-25 14:29 — 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-20 06:47 — 2015-04-25 14:29 — 00000000 ___SD C:\Windows\system32\GWX
2016-07-20 06:47 — 2013-08-22 18:20 — 00000000 ____D C:\Windows\CbsTemp
2016-07-20 06:08 — 2013-08-22 18:36 — 00000000 ____D C:\Windows\AppReadiness
2016-07-19 11:52 — 2015-07-14 07:22 — 01732096 ___SH C:\Users\Kostik\Desktop\Thumbs.db
2016-07-19 11:11 — 2015-07-30 21:23 — 04344832 ___SH C:\Users\Kostik\Downloads\Thumbs.db
2016-07-19 06:43 — 2013-08-22 16:36 — 00000000 ____D C:\Windows\Inf
2016-07-19 06:34 — 2015-07-27 00:20 — 00000000 ____D C:\Windows\Minidump
2016-07-17 19:41 — 2015-12-05 15:24 — 00000000 ____D C:\Users\Kostik\Documents\ViberDownloads
2016-07-16 11:22 — 2014-11-22 06:10 — 01808886 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-16 11:22 — 2014-11-22 05:13 — 00789920 _____ C:\Windows\system32\perfh019.dat
2016-07-16 11:22 — 2014-11-22 05:13 — 00162140 _____ C:\Windows\system32\perfc019.dat
2016-07-15 23:17 — 2015-07-10 19:44 — 00000000 ____D C:\Users\Kostik
2016-07-15 08:53 — 2013-08-22 18:36 — 00000000 ____D C:\Windows\rescache
2016-07-14 12:47 — 2015-04-25 18:22 — 00486856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 12:43 — 2015-04-25 14:29 — 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 12:43 — 2014-11-22 05:43 — 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 12:43 — 2013-08-22 18:36 — 00000000 ___RD C:\Windows\ToastData
2016-07-14 07:19 — 2015-12-28 11:05 — 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-14 07:18 — 2015-12-28 11:05 — 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-13 19:59 — 2015-04-25 14:02 — 00000000 ____D C:\Windows\system32\MRT
2016-07-13 19:55 — 2015-04-25 14:02 — 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-13 19:37 — 2015-07-27 00:18 — 00000000 ____D C:\Users\Kostik\AppData\Local\CrashDumps
2016-07-13 18:47 — 2015-07-10 17:37 — 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-13 18:17 — 2015-07-10 19:44 — 00000000 ____D C:\Users\Kostik\AppData\Local\Packages
2016-07-05 15:32 — 2016-05-23 15:55 — 00000000 ____D C:\Users\Kostik\AppData\Local\Viber
2016-07-04 07:45 — 2016-05-05 23:58 — 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-07-04 07:45 — 2016-04-22 11:10 — 00003902 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1461312650
2016-07-04 07:45 — 2016-04-22 11:10 — 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-04 07:45 — 2015-07-10 17:38 — 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-02 07:29 — 2016-06-19 18:21 — 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-02 07:29 — 2016-06-19 18:21 — 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-02 01:25 — 2015-07-10 17:47 — 00000000 ____D C:\Users\Все пользователи\Skype
2016-07-02 01:25 — 2015-07-10 17:47 — 00000000 ____D C:\ProgramData\Skype
2016-07-01 03:35 — 2016-04-15 21:10 — 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.146733339382802
2016-07-01 03:35 — 2015-07-10 17:37 — 00290088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-07-01 03:35 — 2015-07-10 17:37 — 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-06-29 13:08 — 2016-04-30 12:12 — 00000000 _____ C:\Windows\SysWOW64\last.dump
2016-06-23 09:02 — 2013-08-22 18:36 — 00000000 __RHD C:\Users\Public\Libraries
2016-06-23 08:30 — 2013-08-22 18:36 — 00000000 ___HD C:\Program Files\WindowsApps
2016-06-23 08:27 — 2016-04-10 01:52 — 00000000 ____D C:\Program Files (x86)\R.G. ReCoding
2016-06-23 08:26 — 2016-04-15 21:30 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\ACEStream
2016-06-23 08:25 — 2016-04-15 21:31 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\.ACEStream
2016-06-23 08:20 — 2015-07-18 23:38 — 00000000 ____D C:\Users\Kostik\AppData\Roaming\DAEMON Tools Lite
2016-06-23 08:19 — 2015-04-25 11:46 — 00000000 ____D C:\Windows\Panther
Some files in TEMP:
====================
C:\Users\Kostik\AppData\Local\Temp\BANDIZIP-SETUP.EXE
C:\Users\Kostik\AppData\Local\Temp\KB4D62A5BE865BB8BB.exe
C:\Users\Kostik\AppData\Local\Temp\KB90EB8BACE06EE61.exe
C:\Users\Kostik\AppData\Local\Temp\mediaget-uninstaller.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-20 06:43
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2016
Ran by Kostik (2016-07-20 19:44:49)
Running from C:\Users\Kostik\Downloads
Windows 8.1 Pro (Update) (X64) (2015-07-10 16:44:22)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
HomeGroupUser$ (S-1-5-21-3529388977-2612259316-3712491006-1003 — Limited — Enabled)
Kostik (S-1-5-21-3529388977-2612259316-3712491006-1001 — Administrator — Enabled) => C:\Users\Kostik
Администратор (S-1-5-21-3529388977-2612259316-3712491006-500 — Administrator — Disabled)
Гость (S-1-5-21-3529388977-2612259316-3712491006-501 — Limited — Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled — Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled — Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled — Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled — Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with «Hidden» flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\uTorrent) (Version: 3.4.7.42330 — BitTorrent Inc.)
Adobe Acrobat Reader DC — Russian (HKLM-x32\…\{AC76BA86-7AD7-1049-7B44-AC0F074E4100}) (Version: 15.017.20050 — Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\…\Avast) (Version: 12.1.2272 — AVAST Software)
Bandizip (HKLM\…\Bandizip) (Version: 5.10 — Bandisoft.com)
CCleaner (HKLM\…\CCleaner) (Version: 5.19 — Piriform)
GOM Player (HKLM-x32\…\GOM Player) (Version: 2.3.2.5251 — Gretech Corporation)
Google Chrome (HKLM-x32\…\Google Chrome) (Version: 51.0.2704.103 — Google Inc.)
Google Drive (HKLM-x32\…\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 — Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 — Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 — Google Inc.) Hidden
HashTab 5.2.0.14 (HKLM\…\HashTab) (Version: 5.2.0.14 — Implbits Software)
Intel(R) Management Engine Components (HKLM-x32\…\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 — Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\…\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 — Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\…\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 — Intel Corporation)
Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\…\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 — Malwarebytes)
MediaGet (HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\MediaGet) (Version: 2 — Banner LLC)
Microsoft OneDrive (HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\OneDriveSetup.exe) (Version: 17.3.6390.0509 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x64 8.0.61000 (HKLM\…\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable — x86 8.0.61001 (HKLM-x32\…\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x64 9.0.30729.6161 (HKLM\…\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.6161 (HKLM-x32\…\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable — x64 10.0.40219 (HKLM\…\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable — x86 10.0.40219 (HKLM-x32\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) — 11.0.61030 (HKLM-x32\…\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 — Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.61030 (HKLM-x32\…\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 — Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) — 12.0.21005 (HKLM-x32\…\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 — Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) — 12.0.21005 (HKLM-x32\…\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 — Корпорация Майкрософт)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\…\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 — Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\…\Office14.WORD) (Version: 14.0.7015.1000 — Microsoft Corporation)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\…\MiniTool Power Data Recovery Free Edition_is1) (Version: — MiniTool Solution Ltd.)
Platform (x32 Version: 1.42 — VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\…\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 — Realtek)
Realtek High Definition Audio Driver (HKLM-x32\…\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 — Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 — Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\…\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: — Microsoft)
Skype Click to Call (HKLM-x32\…\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 — Microsoft Corporation)
Skype™ 7.25 (HKLM-x32\…\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 — Skype Technologies S.A.)
STDU Viewer version 1.6.186.0 (HKLM-x32\…\STDU Viewer_is1) (Version: 1.6.186.0 — STDUtility)
VIA Диспетчер устройств платформы (HKLM-x32\…\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 — VIA Technologies, Inc.)
Viber (HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 — Viber Media Inc.)
Viber (x32 Version: 6.0.1.5 — Viber Media Inc.) Hidden
WinRAR 5.31 (32-разрядная) (HKLM-x32\…\WinRAR archiver) (Version: 5.31.0 — win.rar GmbH)
Word 2010, версия null (HKLM-x32\…\{F11C12A8-55E1-4438-85E2-C745E886DF77}_is1) (Version: null — )
Языковой пакет Microsoft Visual Studio 2010 Tools для среды выполнения Office (x64) — RUS (HKLM\…\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack — RUS) (Version: 10.0.50903 — Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Kostik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kostik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3529388977-2612259316-3712491006-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {4142F8AF-6663-4FA8-A443-4832B4B4AB54} — System32\Tasks\{460193FF-1249-49FB-8A2F-1E772A00F2C8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.6.80.105/ru/abandoninstall?page=tsMain
Task: {43B5E994-0C01-41AE-85D8-A4A251B7857B} — System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {63934BD6-F794-438D-9FEF-455EB816D42A} — System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7AEB767E-B6F8-4196-A569-CEE96C8BCC26} — System32\Tasks\SafeZone scheduled Autoupdate 1461312650 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {95ABA107-FC25-4651-BA3D-5980817A1637} — System32\Tasks\KMSAuto => C:\Windows\KMSAuto.exe [2015-07-10] (Ratiborus, MSFree Inc.)
Task: {9C35CF54-A06E-4282-AD02-2184E8A8E3DF} — System32\Tasks\Microsoft\Windows\Setup\EOONotify => C:\Windows\EOONotify\EOONotify.exe [2016-07-08] (Microsoft Corporation)
Task: {AFD77EDA-5340-4B21-84B1-DCDD30B4D1F8} — System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {B616F4E5-5AA0-45FF-B650-52EB4097F526} — System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {B8F9654C-CC9A-4A9F-88E9-E364F1315446} — System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-01] (AVAST Software)
Task: {BE271041-8F38-4697-9B14-C304AB6675C6} — System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3529388977-2612259316-3712491006-1001 => C:\Users\Kostik\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-18] (Microsoft Corporation)
Task: {D92EE1A9-9E42-41D1-8A04-ED6FDBAA1C0D} — System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {E35F845D-9955-4144-A003-B96801DD44EC} — System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-07-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Kostik\AppData\Local\Microsoft\Windows\Application Shortcuts\Chrome\Яндекс.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://www.yandex.ru/?win=233&clid=2257061
ShortcutWithArgument: C:\Users\Kostik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler «hxxp://www.mail.ru/cnt/20775012?gp=802841»
==================== Loaded Modules (Whitelisted) ==============
2016-05-18 10:29 — 2016-05-18 10:29 — 00959168 _____ () C:\Users\Kostik\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-03-19 21:02 — 2015-03-19 21:02 — 00393480 _____ () C:\Windows\system32\igfxTray.exe
2016-06-10 18:23 — 2016-06-10 18:23 — 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1049.dll
2016-07-01 03:35 — 2016-07-01 03:35 — 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-07-20 14:57 — 2016-07-20 14:57 — 03000832 _____ () C:\Program Files\AVAST Software\Avast\defs\16072000\algo.dll
2016-07-01 03:35 — 2016-07-01 03:35 — 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-07-01 03:35 — 2016-07-01 03:35 — 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-18 08:28 — 2016-06-15 12:15 — 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 08:28 — 2016-06-15 12:15 — 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2015-07-10 15:09 — 2013-09-16 12:17 — 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The «AlternateShell» will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 16:25 — 2016-03-12 10:06 — 00000828 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kostik\AppData\Roaming\Microsoft\Windows Photo Viewer\Фоновый рисунок средства просмотра фотографий Windows.jpg
DNS Servers: 195.122.12.242 — 80.232.230.242
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\…\StartupApproved\Run: => «IAStorIcon»
HKLM\…\StartupApproved\Run32: => «IAStorIcon»
HKU\S-1-5-21-3529388977-2612259316-3712491006-1001\…\StartupApproved\Run: => «uTorrent»
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{23A99557-5DD0-41BE-A778-D3748F586479}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2BCC0CBF-C4B4-47FE-82A5-A82355C6DEDE}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{658FF42C-7FBB-4185-A54D-8668281452FD}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{14D6D4D1-27CA-4078-9916-57F716BAD7D2}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{860CDA20-53E6-4E51-A491-FA9CAB6E9BD7}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{334012E8-4B79-40BB-A9E7-F11458CF416A}] => (Allow) C:\Users\Kostik\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{71450A58-236C-4629-9347-76873245868F}] => (Allow) C:\Users\Kostik\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{09204E30-7D52-464E-A2E1-6084297F6C38}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A45E2B4C-0A61-4923-A120-3E3B95EC5CE9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2A04252A-E49E-4887-B159-9BA585E907AB}C:\users\kostik\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Block) C:\users\kostik\appdata\roaming\utorrent\updates\3.4.5_41865.exe
FirewallRules: [UDP Query User{ECAB22DC-9F70-4C1B-B1AC-A7A68B539AF2}C:\users\kostik\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Block) C:\users\kostik\appdata\roaming\utorrent\updates\3.4.5_41865.exe
FirewallRules: [{FC795AE6-5C4A-49F9-8196-5D81E9A38910}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2113105A-B765-4F41-8165-AE65469E77DB}] => (Allow) C:\Users\Kostik\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{63B36454-F1E6-4C57-87C9-D2AC25826111}] => (Allow) C:\Users\Kostik\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{5AD660A1-9C23-4B87-A05F-2AF776E4A425}] => (Allow) C:\Users\Kostik\AppData\Local\MediaGet2\mediaget.exe
FirewallRules: [{9DF16BC5-8F40-43A3-A601-BB42FB4B4423}] => (Allow) C:\Users\Kostik\AppData\Local\MediaGet2\mediaget.exe
==================== Restore Points =========================
04-07-2016 10:23:25 Запланированная контрольная точка
11-07-2016 14:42:01 Запланированная контрольная точка
13-07-2016 18:28:23 Installed Microsoft Word 2010
20-07-2016 06:44:24 Центр обновления Windows
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/20/2016 10:36:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: ACU.exe, версия: 0.0.0.0, метка времени: 0x548efba5
Имя сбойного модуля: ACU.exe, версия: 0.0.0.0, метка времени: 0x548efba5
Код исключения: 0xc0000005
Смещение ошибки: 0x00000000022f2050
Идентификатор сбойного процесса: 0xf04
Время запуска сбойного приложения: 0xACU.exe0
Путь сбойного приложения: ACU.exe1
Путь сбойного модуля: ACU.exe2
Идентификатор отчета: ACU.exe3
Полное имя сбойного пакета: ACU.exe4
Код приложения, связанного со сбойным пакетом: ACU.exe5
Error: (07/20/2016 10:02:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: OfficeClickToRun.exe, версия: 0.0.0.0, метка времени: 0x5783f6d9
Имя сбойного модуля: ntdll.dll, версия: 6.3.9600.18233, метка времени: 0x56bb4ebb
Код исключения: 0xc0000005
Смещение ошибки: 0x000000000003b6a9
Идентификатор сбойного процесса: 0x1188
Время запуска сбойного приложения: 0xOfficeClickToRun.exe0
Путь сбойного приложения: OfficeClickToRun.exe1
Путь сбойного модуля: OfficeClickToRun.exe2
Идентификатор отчета: OfficeClickToRun.exe3
Полное имя сбойного пакета: OfficeClickToRun.exe4
Код приложения, связанного со сбойным пакетом: OfficeClickToRun.exe5
Error: (07/20/2016 06:44:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Сбой служб шифрования в ходе обработки вызова OnIdentity() в объекте «Системный модуль записи».
Details:
AddLegacyDriverFiles: Unable to back up image of binary Протокол Microsoft LLDP.
System Error:
Отказано в доступе.
.
Error: (07/18/2016 10:27:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kostja)
Description: Сбой активации приложения DeviceDoctor.RAROpener_mkdtfchztkfbm!App. Ошибка: -2147009284. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational.
Error: (07/18/2016 10:27:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kostja)
Description: Сбой активации приложения DeviceDoctor.RAROpener_mkdtfchztkfbm!App. Ошибка: -2147009284. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational.
Error: (07/16/2016 11:47:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Kostja)
Description: Сбой активации приложения FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager. Ошибка: -2144927145. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational.
Error: (07/15/2016 07:35:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Программа PhotosApp.exe версии 6.3.9600.17418 прекратила взаимодействие с Windows и была закрыта. Чтобы узнать, имеются ли дополнительные сведения о проблеме, проверьте историю проблемы в Центре поддержки в панели управления.
ИД процесса: 1348
Время запуска: 01d1de140577fc47
Время завершения: 4294967295
Путь приложения: C:\Windows\FileManager\PhotosApp.exe
ИД отчета: ea6d48a7-4a3e-11e6-82d1-fcaa14b63ce8
Полное имя сбойного пакета: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Код приложения, связанного со сбойным пакетом: Microsoft.Windows.PhotoManager
Error: (07/15/2016 06:47:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Kostja)
Description: Работа пакета FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager завершена, так как его приостановка заняла слишком много времени.
Error: (07/14/2016 12:48:25 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (07/14/2016 12:48:24 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
System errors:
=============
Error: (07/20/2016 07:28:09 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: В системе обнаружен конфликт IP-адреса 0.0.0.0 с системой, имеющей
адрес сетевого устройства 00-17-CC-32-2D-EC. В результате могут быть нарушены
сетевые операции на этих системах.
Error: (07/20/2016 10:42:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Сбой при запуске службы «Skype Click to Call Updater» из-за ошибки
%53 = Служба не ответила на запрос своевременно.
Error: (07/20/2016 10:42:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы «Skype Click to Call Updater».
Error: (07/20/2016 07:19:04 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: В системе обнаружен конфликт IP-адреса 0.0.0.0 с системой, имеющей
адрес сетевого устройства 00-17-CC-32-2D-EC. В результате могут быть нарушены
сетевые операции на этих системах.
Error: (07/20/2016 06:44:29 AM) (Source: DCOM) (EventID: 10010) (User: Kostja)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (07/20/2016 06:43:59 AM) (Source: DCOM) (EventID: 10010) (User: Kostja)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (07/19/2016 10:33:45 PM) (Source: DCOM) (EventID: 10010) (User: Kostja)
Description: {BEBA2AA5-B5A7-4DD3-9AD6-43B24CDD3B7D}
Error: (07/19/2016 11:52:14 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: В системе обнаружен конфликт IP-адреса 0.0.0.0 с системой, имеющей
адрес сетевого устройства 00-17-CC-32-2D-EC. В результате могут быть нарушены
сетевые операции на этих системах.
Error: (07/19/2016 10:33:39 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: В системе обнаружен конфликт IP-адреса 0.0.0.0 с системой, имеющей
адрес сетевого устройства 00-17-CC-32-2D-EC. В результате могут быть нарушены
сетевые операции на этих системах.
Error: (07/19/2016 07:30:04 AM) (Source: DCOM) (EventID: 10010) (User: Kostja)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU G3258 @ 3.20GHz
Percentage of memory in use: 56%
Total physical RAM: 3982.13 MB
Available physical RAM: 1735.16 MB
Total Virtual: 8078.13 MB
Available Virtual: 5466.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:194.97 GB) (Free:135.42 GB) NTFS
Drive d: () (Fixed) (Total:736.2 GB) (Free:661.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4106FC58)
Partition 1: (Active) — (Size=350 MB) — (Type=07 NTFS)
Partition 2: (Not Active) — (Size=195 GB) — (Type=07 NTFS)
Partition 3: (Not Active) — (Size=736.2 GB) — (Type=07 NTFS)
==================== End of Addition.txt ============================
Admin Админ. ответил 9 лет назад
Создайте новую тему в этом форуме, опишите подробно вашу проблему, какая реклама выскакивает или что и каким образом блокируется. К сообщению прикрепите свежий FRST лог.
Kas-Tos
ответил 9 лет назад Valerij, ja vse sdelal kak vi opisivali, vnachale problema bila, no sejchas vse normalno, vse sajti otkrivajutsa. A do etogo viskakival banner «Sajt blokirovan DNS 24/7. Izvinite, kirillicej medlenno pishu. ja oba otcheta skopiroval sjuda. hotel tolko chto skanirovatj FRST. Avast ego zablokiroval. Kak prikrepitj skreenshot bannera?
ВалерийРаз проблема решена, то создавать новую тему нет нужды. Если возникнут другие проблемы, то готовые логи FRST добавляйте в новую тему на форуме.
Kas-Tos
ответил 9 лет назад Spasibo.
