Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-08-2016 Ran by Ksenia (administrator) on KSENIA-PC (03-09-2016 12:03:08) Running from C:\Users\Ksenia\Downloads Loaded Profiles: Ksenia (Available Profiles: Ksenia) Platform: Майкрософт Windows 8 Профессиональная (X86) Language: Русский (Россия) Internet Explorer Version 10 (Default browser: Yandex Browser) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Panasonic System Networks Co., Ltd.) C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE () C:\Windows\LicenseServer\rutserv.exe () C:\Windows\LicenseServer\rfusclient.exe () C:\Windows\LicenseServer\rfusclient.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Panasonic System Networks Co., Ltd. ) C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (ООО Яндекс) C:\Program Files\Yandex\Punto Switcher\punto.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (YANDEX LLC) C:\Users\Ksenia\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Ksenia\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Ksenia\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Ksenia\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Ksenia\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Ksenia\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Ksenia\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Ksenia\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Ksenia\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\Ksenia\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Panasonic Device Manager for Multi-Function Station software] => C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe [139264 2012-06-25] (Panasonic System Networks Co., Ltd. ) HKLM\...\Run: [Panasonic PCFAX for Multi-Function Station software] => C:\Program Files\Panasonic\MFStation\KmPcFax.exe [819200 2012-05-18] (Panasonic System Networks Co., Ltd. ) HKU\S-1-5-21-2990964415-1147040174-3707853304-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) Startup: C:\Users\Ksenia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk [2016-09-03] ShortcutTarget: Punto Switcher.lnk -> C:\Program Files\Yandex\Punto Switcher\punto.exe (ООО Яндекс) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 87.246.220.1 Tcpip\..\Interfaces\{3CD67BCB-FCFE-4958-8FA6-22E47295E7BD}: [DhcpNameServer] 87.246.220.1 Tcpip\..\Interfaces\{FEC3A280-4983-4502-B7EC-D35776F8F52F}: [DhcpNameServer] 172.20.10.1 Internet Explorer: ================== HKU\S-1-5-21-2990964415-1147040174-3707853304-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?win=214&clid=2008266-308 HKU\S-1-5-21-2990964415-1147040174-3707853304-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.ru.msn.com/ SearchScopes: HKU\S-1-5-21-2990964415-1147040174-3707853304-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=214&clid=2008267-308&text={searchTerms} SearchScopes: HKU\S-1-5-21-2990964415-1147040174-3707853304-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=214&clid=2008267-308&text={searchTerms} SearchScopes: HKU\S-1-5-21-2990964415-1147040174-3707853304-1001 -> {FD9F0261-BBEA-4680-96E2-3740691FF5E1} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^RU&gct=&itbv=12.24.1.51&apn_uid=0ECF287F-CDFB-4CBB-BF19-35C9FB6ED9DF&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^RU&apn_dbr=ie&doi=2015-03-17&trgb=IE&q={searchTerms}&psv=&pt=tb Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Ksenia\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) FF Extension: (No Name) - C:\Users\Ksenia\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\sovetnik@metabar.ru.xpi [not found] Chrome: ======= CHR Profile: C:\Users\Ksenia\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [dkekdlkmdpipihonapoleopfekmapadh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [fdjdjkkjoiomafnihnobkinnfjnnlhdg] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [necfmkplpminfjagblfabggomdpaakan] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pfigaoamnncijbgomifamkmkidnnlikl] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Panasonic Local Printer Service; C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE [49152 2010-01-09] (Panasonic System Networks Co., Ltd.) [File not signed] R2 RManService; c:\Windows\LicenseServer\rutserv.exe [6021448 2013-08-15] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2014-09-22] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.) R3 LVUSBSta; C:\Windows\system32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.) S3 PID_PEPI; C:\Windows\system32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [29688 2014-09-22] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [231080 2014-08-27] (Microsoft Corporation) S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) S3 Andbus; \SystemRoot\System32\drivers\lgandbus.sys [X] S3 AndDiag; \SystemRoot\system32\DRIVERS\lganddiag.sys [X] S3 AndGps; \SystemRoot\system32\DRIVERS\lgandgps.sys [X] S3 ANDModem; \SystemRoot\system32\DRIVERS\lgandmodem.sys [X] S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag.sys [X] S3 AndNetGps; \SystemRoot\system32\DRIVERS\lgandnetgps.sys [X] S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem.sys [X] S3 andnetndis; \SystemRoot\system32\DRIVERS\lgandnetndis.sys [X] S3 LgBttPort; \SystemRoot\system32\DRIVERS\lgbtport.sys [X] S3 lgbusenum; \SystemRoot\System32\drivers\lgbtbus.sys [X] S3 LGVMODEM; \SystemRoot\system32\DRIVERS\lgvmodem.sys [X] S1 MpKslcf561f6c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D54FB2AC-D887-40EE-9774-8FA5A81F274F}\MpKslcf561f6c.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-03 12:03 - 2016-09-03 12:06 - 00009585 _____ C:\Users\Ksenia\Downloads\FRST.txt 2016-09-03 12:01 - 2016-09-03 12:03 - 00000000 ____D C:\FRST 2016-09-03 11:59 - 2016-09-03 12:00 - 01747968 _____ (Farbar) C:\Users\Ksenia\Downloads\FRST (1).exe 2016-09-03 11:58 - 2016-09-03 11:59 - 01747968 _____ (Farbar) C:\Users\Ksenia\Downloads\FRST.exe 2016-09-03 11:17 - 2016-09-03 11:17 - 00000000 ____D C:\Users\Ksenia\Desktop\lsp 2016-09-03 11:16 - 2016-09-03 11:17 - 00201030 _____ C:\Users\Ksenia\Downloads\lspfix.zip 2016-09-03 10:43 - 2016-09-03 10:43 - 00000000 ____D C:\Users\Ksenia\AppData\Roaming\CrystalIdea Software 2016-09-03 10:33 - 2016-09-03 10:35 - 00687537 _____ C:\Users\Ksenia\Downloads\speedyfox.zip 2016-09-03 08:46 - 2016-09-02 14:21 - 00015133 _____ C:\Users\Ksenia\Desktop\Łukasz Terebus.pdf 2016-08-23 15:46 - 2016-08-23 15:46 - 00000000 ____D C:\Users\Ksenia\Desktop\gra 2016-08-23 15:44 - 2016-08-23 16:39 - 00000000 ____D C:\Users\Ksenia\Desktop\Gierki 2016-08-23 15:34 - 2016-08-23 15:40 - 156141069 _____ C:\Users\Ksenia\Downloads\Gierki.rar 2016-08-04 21:59 - 2016-08-04 22:01 - 00000000 ____D C:\Users\Ksenia\Desktop\AIESEC Presentation for World Talks 2016-08-04 09:57 - 2016-08-04 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader 2016-08-04 09:56 - 2016-08-04 10:51 - 00000000 ____D C:\Users\Ksenia\AppData\Local\UmmyVideoDownloader ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-03 12:07 - 2016-04-27 08:50 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-09-03 12:05 - 2012-07-26 09:53 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-03 12:03 - 2012-07-26 09:53 - 00000000 ____D C:\Windows\AUInstallAgent 2016-09-03 11:52 - 2015-11-09 20:46 - 00000420 _____ C:\Windows\Tasks\Обновление Браузера Яндекс .job 2016-09-03 11:52 - 2015-10-16 09:41 - 00000422 _____ C:\Windows\Tasks\Обновление Браузера Яндекс.job 2016-09-03 11:46 - 2013-07-30 09:36 - 00000000 ____D C:\Users\Ksenia\AppData\Roaming\uTorrent 2016-09-03 11:44 - 2013-09-29 16:08 - 00000000 ____D C:\Windows\Minidump 2016-09-03 11:44 - 2012-07-26 07:43 - 00000000 ____D C:\Windows\inf 2016-09-03 11:33 - 2013-07-30 09:19 - 00000000 ____D C:\Users\Ksenia\AppData\Roaming\Skype 2016-09-03 11:29 - 2013-09-29 19:00 - 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-09-03 11:29 - 2012-07-26 09:04 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-09-03 11:05 - 2012-07-26 07:17 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-09-03 10:51 - 2015-11-25 10:43 - 00000000 ____D C:\Windows\system32\appmgmt 2016-09-03 09:51 - 2015-11-28 21:50 - 00785746 _____ C:\Windows\system32\perfh015.dat 2016-09-03 09:51 - 2015-11-28 21:50 - 00159396 _____ C:\Windows\system32\perfc015.dat 2016-09-03 09:51 - 2013-07-29 23:43 - 02719938 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-03 09:51 - 2012-07-26 11:31 - 00777952 _____ C:\Windows\system32\perfh019.dat 2016-09-03 09:51 - 2012-07-26 11:31 - 00157966 _____ C:\Windows\system32\perfc019.dat 2016-09-03 08:56 - 2013-09-19 11:35 - 00000000 ____D C:\Users\Ksenia\AppData\Local\ElevatedDiagnostics 2016-08-23 15:24 - 2012-07-26 09:53 - 00000000 ____D C:\Windows\system32\NDF 2016-08-22 09:37 - 2015-09-07 12:54 - 00000000 ____D C:\торрент 2016-08-21 17:37 - 2015-08-29 15:49 - 00000000 ___RD C:\WE IN LOVE 2016-08-21 17:18 - 2015-09-06 14:36 - 00000000 ___RD C:\Ксю документы 2016-08-08 16:05 - 2016-07-17 19:45 - 00000000 ____D C:\Users\Ksenia\Desktop\фото 2016-08-06 12:43 - 2013-07-30 09:18 - 00000000 ____D C:\Users\Все пользователи\Skype 2016-08-06 12:43 - 2013-07-30 09:18 - 00000000 ____D C:\ProgramData\Skype 2016-08-06 12:42 - 2014-10-01 16:07 - 00000000 ___RD C:\Program Files\Skype 2016-08-04 22:01 - 2016-06-14 08:05 - 00000000 ____D C:\Users\Ksenia\Desktop\text-PDF 2016-08-04 22:00 - 2016-06-07 09:32 - 00000000 ____D C:\Users\Ksenia\Desktop\польша 2016-08-04 12:35 - 2013-07-29 23:38 - 00000000 ____D C:\Users\Ksenia\AppData\Local\Packages ==================== Files in the root of some directories ======= 2013-09-23 20:54 - 2015-08-30 17:04 - 0012800 _____ () C:\Users\Ksenia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-24 17:01 ==================== End of FRST.txt ============================