Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by HOME (administrator) on HOME-ПК (20-03-2018 18:18:04) Running from C:\Users\HOME\Desktop\Новая папка (5) Loaded Profiles: HOME (Available Profiles: HOME) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Русский (Россия) Internet Explorer Version 8 (Default browser: Yandex Browser) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\3.00.08\atkexComSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (TODO: ) C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe () C:\Users\HOME\AppData\Roaming\SDService\SDService.exe (TODO: <公司名>) C:\Program Files (x86)\Common Files\conime.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Яндекс) C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.11.1.990\service_update.exe (YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\17.11.1.990\service_update.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (TODO: ) C:\Program Files (x86)\ASUS\GPU TweakII\Monitor.exe (GGS) C:\Program Files (x86)\QGNA\qGNA.exe (GGS) C:\Program Files (x86)\QGNA\gamenet.ui.exe (ALCPU) C:\Program Files\Core Temp\Core Temp.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor) HKU\S-1-5-21-2392814043-1504553964-3045946890-1000\...\Run: [SyncManPath] => C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe [23778296 2018-02-20] (Яндекс) HKU\S-1-5-21-2392814043-1504553964-3045946890-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd) HKU\S-1-5-21-2392814043-1504553964-3045946890-1000\...\MountPoints2: {b2559faf-f819-11e7-9574-bc5ff4de7922} - G:\Lenovo_Suite.exe HKU\S-1-5-21-2392814043-1504553964-3045946890-1000\...\MountPoints2: {cae73329-fcfd-11e7-a2b0-bc5ff4de7922} - G:\Lenovo_Suite.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{07fb00e8-c346-40c1-ad6a-0d79656e6977} <==== ATTENTION (Restriction - IP) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{06148B6B-E6C1-496E-BEF0-DACAF2260405}: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{2D9EA91B-046E-4278-BCDF-BE7E68E0EAEB}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKU\S-1-5-21-2392814043-1504553964-3045946890-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ru-ru/?ocid=iehp BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO-x32: IE 4.x-6.x BHO for Download Master -> {9961627E-4059-41B4-8E0E-A7D6B3854ADF} -> C:\Program Files (x86)\Download Master\dmiehlp.dll [2017-06-23] (WestByte) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-06-16] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default [2018-03-09] CHR Extension: (Google Slides) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-12] CHR Extension: (Google Docs) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-12] CHR Extension: (Google Drive) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-12] CHR Extension: (YouTube) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-12] CHR Extension: (Download Master) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\dljdacfojgikogldjffnkdcielnklkce [2017-08-12] CHR Extension: (Google Sheets) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-12] CHR Extension: (Google Docs Offline) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-12] CHR Extension: (Gmail) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-12] CHR Extension: (Chrome Media Router) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-12] CHR HKLM-x32\...\Chrome\Extension: [dljdacfojgikogldjffnkdcielnklkce] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\3.00.08\atkexComSvc.exe [530392 2017-11-02] (ASUSTeK Computer Inc.) S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт) R2 SDService; C:\Users\HOME\AppData\Roaming\SDService\SDService.exe [184504 2017-09-01] () <==== ATTENTION R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 Windows Audio Control; C:\Program Files (x86)\Common Files\conime.exe [1092608 2018-03-16] (TODO: <公司名>) [File not signed] S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт) S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\17.11.1.990\service_update.exe [1046520 2018-01-17] (YANDEX LLC) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-04-14] () R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24728 2017-05-02] (ASUSTeK Computer Inc.) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2017-07-24] (Qualcomm Atheros Co., Ltd.) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт) S3 Thetta; C:\Windows\System32\DRIVERS\Thetta64.sys [323120 2017-12-11] (Windows (R) Win 7 DDK provider) R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт) R3 ALSysIO; \??\C:\Users\HOME\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-20 18:17 - 2018-03-20 18:18 - 000000000 ____D C:\Users\HOME\Desktop\Новая папка (5) 2018-03-20 18:17 - 2018-03-20 18:18 - 000000000 ____D C:\FRST 2018-03-20 18:17 - 2018-03-20 18:17 - 002403328 _____ (Farbar) C:\Users\HOME\Downloads\FRST64.exe 2018-03-20 18:08 - 2018-03-20 18:08 - 000533504 _____ (TODO: <公司名>) C:\Windows\system32\a.exe 2018-03-20 18:08 - 2017-05-02 13:47 - 000024728 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys 2018-03-19 10:18 - 2018-03-19 10:18 - 000000000 ____D C:\Users\HOME\Desktop\Новая папка (4) 2018-03-18 11:39 - 2018-03-18 11:39 - 000000964 _____ C:\Users\HOME\Desktop\Core Temp.lnk 2018-03-18 11:39 - 2018-03-18 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp 2018-03-18 11:39 - 2018-03-18 11:39 - 000000000 ____D C:\Program Files\Core Temp 2018-03-18 11:37 - 2018-03-18 11:37 - 001243944 _____ (ALCPU ) C:\Users\HOME\Downloads\Core-Temp-setup.exe 2018-03-16 06:51 - 2018-03-20 18:18 - 000000114 _____ C:\Program Files\Common Files\xpdown.dat 2018-03-16 06:51 - 2018-03-20 18:08 - 000000087 _____ C:\Program Files\Common Files\xp.dat 2018-03-13 19:11 - 2018-03-13 19:11 - 000000000 ____D C:\Users\HOME\Desktop\Новая папка (3) 2018-03-13 19:08 - 2018-03-13 19:08 - 000706369 _____ C:\Users\HOME\Downloads\960GM-VGS3 FX(1.40)ROM.zip 2018-03-13 08:50 - 2018-03-13 08:50 - 000000000 ____D C:\openserver 2018-03-12 08:30 - 2018-03-12 08:30 - 000000000 ____D C:\Program Files\Common Files\AVAST Software 2018-03-12 08:26 - 2018-03-12 08:26 - 007302848 _____ (AVAST Software) C:\Users\HOME\Downloads\avast_free_antivirus_setup_online.exe 2018-03-11 22:18 - 2018-03-12 21:38 - 353665049 _____ (Oleg N. Scherbakov) C:\Users\HOME\Downloads\open_server_5_2_8_basic.exe 2018-03-10 08:30 - 2018-03-20 07:02 - 000327792 _____ C:\Windows\system32\FNTCACHE.DAT 2018-03-09 21:32 - 2018-03-20 07:03 - 000067880 _____ C:\Users\HOME\AppData\Local\GDIPFONTCACHEV1.DAT 2018-03-09 20:44 - 2018-03-12 18:54 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update 2018-03-09 20:44 - 2018-03-09 20:44 - 000002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2018-03-09 20:44 - 2018-03-09 20:44 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-03-09 20:44 - 2018-03-09 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-03-09 20:44 - 2018-03-09 20:44 - 000000000 ____D C:\Program Files\CCleaner 2018-03-09 20:43 - 2018-03-09 20:43 - 011217568 _____ (Piriform Ltd) C:\Users\HOME\Downloads\ccsetup540.exe 2018-03-08 22:26 - 2018-03-08 22:26 - 000001083 _____ C:\Users\Public\Desktop\Free Alarm Clock.lnk 2018-03-08 22:26 - 2018-03-08 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock 2018-03-08 22:26 - 2018-03-08 22:26 - 000000000 ____D C:\Program Files (x86)\FreeAlarmClock 2018-03-08 21:09 - 2018-03-08 21:09 - 002600288 _____ (Comfort Software Group ) C:\Users\HOME\Downloads\FreeAlarmClockSetup.exe 2018-03-05 13:39 - 2018-03-05 17:10 - 000000000 ____D C:\Users\HOME\AppData\Roaming\discord 2018-03-05 13:39 - 2018-03-05 13:39 - 000002158 _____ C:\Users\HOME\Desktop\Discord.lnk 2018-03-05 13:39 - 2018-03-05 13:39 - 000000000 ____D C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2018-03-05 13:39 - 2018-03-05 13:39 - 000000000 ____D C:\Users\HOME\AppData\Local\SquirrelTemp 2018-03-05 13:39 - 2018-03-05 13:39 - 000000000 ____D C:\Users\HOME\AppData\Local\Discord 2018-03-05 13:38 - 2018-03-05 13:39 - 057954808 _____ (Discord Inc.) C:\Users\HOME\Downloads\DiscordSetup.exe 2018-03-03 12:40 - 2018-03-03 12:40 - 000000000 ____D C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс.Диск 2018-03-02 21:15 - 2018-03-02 21:15 - 000000838 _____ C:\Users\HOME\Downloads\CustomizationDataMage.zip 2018-03-01 19:23 - 2018-03-05 01:45 - 000000000 ____D C:\Users\HOME\Documents\Black Desert 2018-03-01 19:23 - 2018-03-01 19:23 - 000000000 __SHD C:\Users\Все пользователи\Info 2018-03-01 19:23 - 2018-03-01 19:23 - 000000000 __SHD C:\ProgramData\Info 2018-02-28 22:25 - 2018-03-15 20:20 - 000000000 ____D C:\BlackDesert 2018-02-28 22:25 - 2018-02-28 22:25 - 000001264 _____ C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\BlackDesert.lnk 2018-02-28 22:19 - 2018-03-20 18:09 - 000004296 _____ C:\Windows\System32\Tasks\GameNet 2018-02-28 22:19 - 2018-03-20 18:09 - 000000000 ____D C:\Program Files (x86)\QGNA 2018-02-28 22:19 - 2018-02-28 22:19 - 000000967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameNet.lnk 2018-02-28 22:19 - 2018-02-28 22:19 - 000000955 _____ C:\Users\HOME\Desktop\GameNet.lnk 2018-02-28 22:19 - 2018-02-28 22:19 - 000000000 ____D C:\Users\HOME\AppData\Local\Vebanaul 2018-02-28 22:19 - 2017-12-11 12:41 - 000323120 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Thetta64.sys 2018-02-28 22:15 - 2018-02-28 22:15 - 000595496 _____ (Global Gamers Solutions Ltd. (c)) C:\Users\HOME\Downloads\PlayBlackDesert.exe 2018-02-26 14:37 - 2018-02-26 14:49 - 348780198 _____ C:\Users\HOME\Desktop\888.mp4 2018-02-26 00:27 - 2018-03-09 20:38 - 000000000 ____D C:\Program Files (x86)\Total Video Converter 2018-02-26 00:26 - 2018-02-26 00:26 - 015728768 _____ (EffectMatrix Inc. ) C:\Users\HOME\Downloads\tvc371new.exe 2018-02-25 17:57 - 2018-02-26 13:08 - 066169367 _____ C:\Users\HOME\Desktop\Презентация2.pptx 2018-02-25 17:40 - 2018-02-25 17:48 - 000000132 _____ C:\Users\HOME\AppData\Roaming\Adobe PNG Format CS6 Prefs 2018-02-25 17:15 - 2018-02-25 17:15 - 000000000 ____D C:\Users\HOME\AppData\LocalLow\Adobe 2018-02-25 13:34 - 2018-02-25 13:59 - 000000000 ____D C:\Users\HOME\Desktop\деда доп 2018-02-25 13:34 - 2018-02-25 13:34 - 000000000 ____D C:\Users\HOME\Desktop\ltlf ljg 2018-02-25 09:41 - 2018-02-25 09:41 - 000001135 _____ C:\Users\Public\Desktop\Photoshop CS6 x64.lnk 2018-02-25 09:41 - 2018-02-25 09:41 - 000001047 _____ C:\Users\Public\Desktop\Photoshop CS6.lnk 2018-02-25 09:41 - 2018-02-25 09:41 - 000000000 ____D C:\Users\Все пользователи\Google 2018-02-25 09:41 - 2018-02-25 09:41 - 000000000 ____D C:\ProgramData\Google 2018-02-25 09:40 - 2018-02-25 17:15 - 000000000 ____D C:\Users\HOME\AppData\Roaming\Adobe 2018-02-25 09:40 - 2018-02-25 09:41 - 000000000 ____D C:\Program Files\Common Files\Adobe 2018-02-25 09:40 - 2018-02-25 09:40 - 000000000 ____D C:\Users\Все пользователи\Adobe 2018-02-25 09:40 - 2018-02-25 09:40 - 000000000 ____D C:\ProgramData\Adobe 2018-02-25 09:39 - 2018-02-25 09:41 - 000000000 ____D C:\Program Files (x86)\Photoshop CS6 2018-02-24 16:30 - 2018-02-24 16:30 - 000000000 ____D C:\Users\HOME\Desktop\Activator 2018-02-24 16:21 - 2018-02-24 16:21 - 000030477 _____ C:\Users\HOME\Downloads\microsoft-excelwordpowerpoint-2013-repack-by-dakovx86x64rusukr.torrent 2018-02-24 14:55 - 2016-03-24 14:22 - 013145642 _____ C:\Users\HOME\Desktop\WP_20160324_14_22_02_Pro.mp4 2018-02-24 14:54 - 2018-02-24 14:55 - 000000000 ____D C:\Users\HOME\Desktop\пр 2018-02-24 14:43 - 2018-02-24 14:45 - 000000000 ____D C:\Users\HOME\Desktop\Новая папка (2) 2018-02-24 10:56 - 2018-02-25 13:36 - 000000000 ____D C:\Users\HOME\Desktop\lдеда 2018-02-24 10:53 - 2018-02-24 10:53 - 000000000 ____D C:\Users\HOME\Desktop\дедуля 2018-02-24 10:52 - 2018-02-24 10:52 - 000000000 ____D C:\Users\HOME\Desktop\вместе 2018-02-18 01:12 - 2018-02-18 01:12 - 000893648 _____ (goldensoft.org ) C:\Users\HOME\Downloads\GSAutoClicker-Setup.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-20 18:15 - 2009-07-14 09:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-03-20 18:15 - 2009-07-14 09:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-03-20 18:12 - 2011-04-12 18:26 - 000723936 _____ C:\Windows\system32\perfh019.dat 2018-03-20 18:12 - 2011-04-12 18:26 - 000150252 _____ C:\Windows\system32\perfc019.dat 2018-03-20 18:12 - 2009-07-14 10:13 - 001647438 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-20 18:12 - 2009-07-14 08:20 - 000000000 ____D C:\Windows\inf 2018-03-20 18:11 - 2017-07-24 11:04 - 000003412 _____ C:\Windows\System32\Tasks\Обновление Браузера Яндекс 2018-03-20 18:11 - 2017-07-24 11:04 - 000000424 _____ C:\Windows\Tasks\Обновление Браузера Яндекс.job 2018-03-20 18:08 - 2018-01-02 23:25 - 000002974 _____ C:\Windows\System32\Tasks\GPU Tweak II 2018-03-20 18:08 - 2017-08-14 08:03 - 000000077 _____ C:\Windows\system32\ps 2018-03-20 18:08 - 2017-08-14 08:03 - 000000075 _____ C:\Windows\system32\p 2018-03-20 18:08 - 2017-08-14 08:03 - 000000060 _____ C:\Windows\system32\s 2018-03-20 18:08 - 2017-07-24 11:05 - 000000000 ___RD C:\Users\HOME\YandexDisk 2018-03-20 18:08 - 2017-07-24 11:04 - 000003560 _____ C:\Windows\System32\Tasks\Системное обновление Браузера Яндекс 2018-03-20 18:08 - 2017-07-24 11:04 - 000000468 _____ C:\Windows\Tasks\Системное обновление Браузера Яндекс.job 2018-03-20 18:08 - 2009-07-14 10:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-20 18:08 - 2009-07-14 08:20 - 000000000 ____D C:\Windows\Help 2018-03-20 17:23 - 2017-07-27 11:21 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2018-03-20 17:08 - 2017-09-01 08:38 - 000000912 _____ C:\Windows\Tasks\SunnyDigitsUpdateTask.job 2018-03-20 16:58 - 2017-07-24 11:37 - 000003946 _____ C:\Windows\System32\Tasks\WinmendUpdateTask_HOME 2018-03-20 16:58 - 2017-07-24 11:37 - 000000876 _____ C:\Windows\Tasks\WinmendUpdateTask_HOME.job 2018-03-19 08:53 - 2017-07-27 11:01 - 000000000 ____D C:\Users\HOME\AppData\Roaming\uTorrent 2018-03-18 09:10 - 2017-07-24 12:00 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-03-16 21:21 - 2017-09-17 09:11 - 000000000 ____D C:\Users\HOME\AppData\Local\CrashDumps 2018-03-13 19:43 - 2017-07-31 11:43 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-03-13 19:43 - 2017-07-31 11:43 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-03-13 19:43 - 2017-07-31 11:43 - 000004536 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-03-13 19:43 - 2017-07-31 11:43 - 000004390 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-03-13 19:43 - 2017-07-24 12:00 - 000000000 ____D C:\Windows\system32\Macromed 2018-03-13 19:13 - 2017-07-26 14:09 - 000000000 ____D C:\Users\HOME\Downloads\Видео 2018-03-13 07:07 - 2017-08-01 10:24 - 000000000 ____D C:\Users\HOME\AppData\Roaming\MPC-HC 2018-03-12 14:05 - 2017-07-27 11:11 - 000000000 ____D C:\Users\Все пользователи\AVAST Software 2018-03-12 14:05 - 2017-07-27 11:11 - 000000000 ____D C:\ProgramData\AVAST Software 2018-03-11 19:15 - 2018-01-02 14:49 - 000007630 _____ C:\Users\HOME\AppData\Local\Resmon.ResmonCfg 2018-03-10 09:27 - 2017-12-26 12:16 - 000003862 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1514272568 2018-03-10 09:27 - 2017-12-26 12:15 - 000000000 ____D C:\Program Files\Opera 2018-03-09 20:47 - 2017-12-23 23:06 - 000000000 ____D C:\Users\HOME\AppData\Roaming\TeamViewer 2018-03-09 20:47 - 2017-08-13 00:00 - 000000000 ____D C:\Windows\Minidump 2018-03-09 20:47 - 2017-08-12 22:52 - 000000000 ____D C:\Users\HOME\AppData\Roaming\FileZilla 2018-03-09 20:47 - 2017-07-24 12:54 - 000000000 ____D C:\Windows\Panther 2018-03-09 20:43 - 2017-10-05 21:28 - 000000000 ____D C:\Program Files (x86)\RaidCall.RU 2018-03-09 20:39 - 2017-07-24 10:59 - 000000000 ____D C:\Users\HOME 2018-03-09 20:37 - 2017-07-27 12:39 - 000000000 ____D C:\Program Files (x86)\Nox 2018-03-09 20:37 - 2017-07-25 00:25 - 000000000 ____D C:\Users\HOME\AppData\Local\Nox 2018-03-03 12:40 - 2017-07-24 11:05 - 000002020 _____ C:\Users\HOME\Desktop\Скриншоты в Яндекс.Диске.lnk 2018-03-03 12:40 - 2017-07-24 11:05 - 000001961 _____ C:\Users\HOME\Desktop\Яндекс.Диск.lnk 2018-03-03 12:40 - 2017-07-24 11:04 - 000000000 ____D C:\Program Files (x86)\Yandex 2018-02-28 22:15 - 2017-07-24 11:46 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2018-02-26 01:19 - 2017-07-24 12:00 - 000000000 ____D C:\Users\HOME\AppData\Local\Adobe 2018-02-26 00:26 - 2017-07-28 09:06 - 000000000 ____D C:\Users\Все пользователи\Microsoft Help 2018-02-25 09:41 - 2017-08-12 23:09 - 000000000 ____D C:\Users\HOME\AppData\Local\Google 2018-02-24 16:31 - 2017-07-28 09:08 - 000000000 ____D C:\Users\HOME\AppData\Local\MSfree Inc 2018-02-24 16:26 - 2017-07-28 09:08 - 000000000 ____D C:\Users\Все пользователи\regid.1991-06.com.microsoft 2018-02-24 16:26 - 2017-07-28 09:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-02-24 16:26 - 2017-07-28 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2018-02-21 20:16 - 2017-09-12 16:38 - 000000000 ____D C:\Adrenalin ==================== Files in the root of some directories ======= 2018-03-16 06:51 - 2018-03-20 18:08 - 000000087 _____ () C:\Program Files\Common Files\xp.dat 2018-03-16 06:51 - 2018-03-20 18:18 - 000000114 _____ () C:\Program Files\Common Files\xpdown.dat 2018-03-13 08:22 - 2018-03-16 06:51 - 001092608 _____ (TODO: <公司名>) C:\Program Files (x86)\Common Files\conime.exe 2018-02-25 17:40 - 2018-02-25 17:48 - 000000132 _____ () C:\Users\HOME\AppData\Roaming\Adobe PNG Format CS6 Prefs 2018-01-02 14:49 - 2018-03-11 19:15 - 000007630 _____ () C:\Users\HOME\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-09 00:41 ==================== End of FRST.txt ============================