Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by HOME (21-03-2018 15:03:52) Running from C:\Users\HOME\Desktop\Новая папка (5) Windows 7 Ultimate Service Pack 1 (X64) (2017-07-24 05:59:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= HOME (S-1-5-21-2392814043-1504553964-3045946890-1000 - Administrator - Enabled) => C:\Users\HOME HomeGroupUser$ (S-1-5-21-2392814043-1504553964-3045946890-1002 - Limited - Enabled) Администратор (S-1-5-21-2392814043-1504553964-3045946890-500 - Administrator - Disabled) Гость (S-1-5-21-2392814043-1504553964-3045946890-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2392814043-1504553964-3045946890-1000\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.) Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated) AIDA64 Extreme v5.92 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.92 - FinalWire Ltd.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.) Assassins Creed Origins v.1.2.1 (HKLM-x32\...\Assassins Creed Origins_is1) (Version: - ) ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.5.9.1 - ASUSTek COMPUTER INC.) Hidden ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.5.9.1 - ASUSTek COMPUTER INC.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) Black Desert (HKLM-x32\...\{4BD65630-3A19-4fc2-8AD8-2CF729DB6608}.30000000000) (Version: 1.0 - Global Gamers Solutions Ltd. ©) Catalyst Control Center Next Localization BR (HKLM\...\{1952141C-925C-3551-CF63-D552C69D38A5}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{756DFEF5-31C4-4A41-9D49-928F586DE575}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{4CF1C729-BFB6-2222-71C4-78E14DD5A30A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{CF5D35A2-4053-5A5F-94DA-AC037AD6AF6E}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{30ADF840-07E0-3C58-C753-B2E939CA4365}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{03C73F5F-59A6-21C5-62AE-48CA73D0516A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{B4302BDF-03F1-957B-2A04-E31002B35299}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{52F3A739-BB11-6446-A1B1-37EF29B921D4}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{D25C1ABD-8818-0E6D-CF06-AF3E853BA332}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{A2620A07-084A-4388-7B98-3CE4CE50C907}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{F71103B5-959C-1ACD-A721-DA5F67E4EFD0}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{B47D8BDA-79C1-CC28-DBDD-06159FEACF90}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{AE9A6A29-ECDC-FAAD-080E-95039E94D057}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{55BCD1A6-34BC-01BC-0F8A-0DAF747C35C3}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{67146918-33C6-300D-37D6-D669B49EF971}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{3C2EE547-5128-597C-8CBB-8D730AB03372}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{44D46987-602A-2629-0A2F-009C8D209D66}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{A9A77529-0BB7-0AFA-2FDF-E7F78A00EC74}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{DB8D2EFA-1414-FEE5-DA5C-B2790128D797}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{24D3A60E-F5B2-42DD-6FBA-19205286FBFB}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{5CC68216-1F69-C104-7550-3712EB07B4A8}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform) Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU) Discord (HKU\S-1-5-21-2392814043-1504553964-3045946890-1000\...\Discord) (Version: 0.0.300 - Discord Inc.) Download Master version 6.13.1.1563 (HKLM-x32\...\Download Master_is1) (Version: 6.13.1.1563 - WestByte) FileZilla Client 3.27.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse) Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group) K-Lite Codec Pack 13.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.3.5 - KLCP) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft PowerPoint 2013 (HKLM\...\Office15.POWERPOINT) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Word 2013 (HKLM\...\Office15.WORD) (Version: 15.0.4569.1506 - Microsoft Corporation) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team) Opera Stable 51.0.2830.55 (HKLM-x32\...\Opera 51.0.2830.55) (Version: 51.0.2830.55 - Opera Software) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden QGNA (HKLM-x32\...\2DC74854-88F0-4543-9AC5-3ACABFABA8F4_is1) (Version: 3.9.0.3079 - Global Gamers Solutions Ltd. ©) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6728 - Realtek Semiconductor Corp.) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TakeOwnershipEx (HKLM-x32\...\TakeOwnershipEx) (Version: 1.2.0.1 - hxxp://winaero.com) WinMend Folder Hidden 2.3.0 (HKLM-x32\...\WinMend Folder Hidden_is1) (Version: - WinMend.com) WinRAR 5.40 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Засоби перевірки правопису Microsoft Office 2013 – українська мова (HKLM\...\{90150000-001F-0422-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Кнопка "Яндекс" на панели задач (HKU\S-1-5-21-2392814043-1504553964-3045946890-1000\...\YaPinLancher) (Version: 2.0.0.2116 - Яндекс) Средства проверки правописания Microsoft Office 2013 — русский (HKLM\...\{90150000-001F-0419-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Я.Браузер (HKU\S-1-5-21-2392814043-1504553964-3045946890-1000\...\YandexBrowser) (Version: 17.11.1.990 - ООО «ЯНДЕКС») Яндекс.Диск (HKU\S-1-5-21-2392814043-1504553964-3045946890-1000\...\YandexDisk) (Version: 1.4.19.5465 - Яндекс) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{2D6BD2F0-5F84-4a06-924F-AEE0598B6272}\InprocServer32 -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{33A431BB-FF15-4047-8FEC-F82FD3523A00}\localserver32 -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe (Яндекс) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{63D48440-63AB-44D0-B323-4731DFCDE9E9}\InprocServer32 -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll (Яндекс) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}\InprocServer32 -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll (Яндекс) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{AF8D197E-7022-4c3d-BD88-68AD35C9C169}\InprocServer32 -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll (Яндекс) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{E36606FE-036A-4dd0-ABA9-A58F409803F0}\InprocServer32 -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс) CustomCLSID: HKU\S-1-5-21-2392814043-1504553964-3045946890-1000_Classes\CLSID\{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}\InprocServer32 -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll (Яндекс) ShellIconOverlayIdentifiers: [ YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2018-02-20] (Яндекс) ShellIconOverlayIdentifiers: [ YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2018-02-20] (Яндекс) ShellIconOverlayIdentifiers: [ YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2018-02-20] (Яндекс) ShellIconOverlayIdentifiers: [ YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2018-02-20] (Яндекс) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-19] () ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1_S-1-5-21-2392814043-1504553964-3045946890-1000: [Yandex.Disk] -> {97836AB9-12C5-4C30-A128-B75196DD1787} => C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll [2018-02-20] (Яндекс) ContextMenuHandlers4_S-1-5-21-2392814043-1504553964-3045946890-1000: [Yandex.Disk] -> {97836AB9-12C5-4C30-A128-B75196DD1787} => C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll [2018-02-20] (Яндекс) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03C70A41-2A1D-413E-AB82-969BA7C42DB7} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-07-20] (Advanced Micro Devices, Inc.) Task: {051035B4-29E6-4C7C-A6F0-B291AD6225AC} - \Mysa3 -> No File <==== ATTENTION Task: {0B660CE3-2DD2-4E9D-B9ED-9F9383545008} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {0B830286-8B1A-4B41-B63F-D733B17858E8} - System32\Tasks\Обновление Браузера Яндекс => C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2018-01-17] (YANDEX LLC) Task: {3ACE9A45-949C-49D0-9FBD-465227D0BF52} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd) Task: {3F6D8423-26DF-4FB9-843D-8415FD39845C} - System32\Tasks\GameNet => C:\Program Files (x86)\QGNA\qGNA.exe [2018-02-28] (GGS) Task: {470C1D91-6605-498E-891F-AF28FE96EA5C} - \Microsoft Windows UPnP Services -> No File <==== ATTENTION Task: {4B7E1CA9-E629-459F-B634-8BB525421BE7} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [2017-12-06] (TODO: ) Task: {5826CC10-EDC4-448F-BE08-7E0FE8D1473B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated) Task: {594DB6E6-4289-488A-A30C-A53DE753F8B2} - System32\Tasks\Системное обновление Браузера Яндекс => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.1.990\service_update.exe [2018-01-17] (YANDEX LLC) Task: {5964C6F5-038B-4CF0-BD20-94BED263200B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {59CD135B-5754-4B71-AFC3-298B61F5F884} - System32\Tasks\ok => rundll32.exe c:\windows\debug\ok.dat,ServiceMain aaaa Task: {60C5F102-4943-465E-8515-BF103968FE1B} - \Mysa -> No File <==== ATTENTION Task: {68A5EA2A-FECF-4436-987D-041927F49C68} - \HOME -> No File <==== ATTENTION Task: {70FB81D2-A152-4884-9E96-43C24AC6C345} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd) Task: {7BBBBA1A-DE2C-40E5-8B67-FCF89763CC71} - System32\Tasks\Opera scheduled Autoupdate 1514272568 => C:\Program Files\Opera\launcher.exe [2018-03-08] (Opera Software) Task: {8DBD2921-36AA-47B8-820B-540776F2EEA2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {9B742318-5996-4A66-8991-4D94F426915B} - \Mysa2 -> No File <==== ATTENTION Task: {A635BE69-C091-4D74-8BBE-E6263AA73CB2} - \Mysa1 -> No File <==== ATTENTION Task: {A7CC660C-9DC5-4673-A577-6C763B85EE23} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-13] (Adobe Systems Incorporated) Task: {B39F4218-417D-4B27-8990-7BAEAFA56828} - System32\Tasks\SunnyDigitsUpdateTask => C:\Users\HOME\AppData\Roaming\SDService\updatefiles\checkupdate.exe [2017-09-01] () Task: {C0E542F8-A192-4996-9002-6DB64D98F0CD} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-07-20] () Task: {C276EDED-996F-4C1B-8249-C7F385CD6780} - System32\Tasks\WinmendUpdateTask_HOME => D:\Program Files (x86)\WinMend\Folder Hidden\LiveUpdate.exe [2016-11-01] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\SunnyDigitsUpdateTask.job => C:\Users\HOME\AppData\Roaming\SDService\updatefiles\checkupdate.exe Task: C:\Windows\Tasks\WinmendUpdateTask_HOME.job => D:\Program Files (x86)\WinMend\Folder Hidden\LiveUpdate.exe Task: C:\Windows\Tasks\Обновление Браузера Яндекс.job => C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe Task: C:\Windows\Tasks\Системное обновление Браузера Яндекс.job => C:\Program Files (x86)\Yandex\YandexBrowser\17.11.1.990\service_update.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI_ActiveScriptEventConsumer_fuckyoumm2_consumer: <==== ATTENTION Shortcut: C:\Users\HOME\Links\Рабочий стол.lnk -> C:\Users\HOME\Desktop () <==== Cyrillic Shortcut: C:\Users\HOME\Links\Яндекс.Диск.lnk -> C:\Users\HOME\YandexDisk () <==== Cyrillic Shortcut: C:\Users\HOME\Desktop\IMG_20160616_164714 - Ярлык.lnk -> E:\Фото\Артёму- 5 лет\IMG_20160616_164714.jpg () <==== Cyrillic Shortcut: C:\Users\HOME\Desktop\НАДЕЖДА РАБОТА - Ярлык.lnk -> E:\НАДЕЖДА РАБОТА () <==== Cyrillic Shortcut: C:\Users\HOME\Desktop\Поиграй!.lnk -> C:\Program Files (x86)\Download Master\games.url () <==== Cyrillic Shortcut: C:\Users\HOME\Desktop\Скриншоты в Яндекс.Диске.lnk -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskScreenshotEditor.exe (Яндекс) <==== Cyrillic Shortcut: C:\Users\HOME\Desktop\Фото - Ярлык.lnk -> E:\Фото () <==== Cyrillic Shortcut: C:\Users\HOME\AppData\Roaming\Microsoft\Word\8%20марта%20старшая%20и%20подготовительная306513952661137275\8%20марта%20старшая%20и%20подготовительная.docx.lnk -> C:\Users\HOME\Desktop\8 марта старшая и подготовительная.docx (No File) <==== Cyrillic Shortcut: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс.Диск\Скриншоты в Яндекс.Диске.lnk -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskScreenshotEditor.exe (Яндекс) <==== Cyrillic Shortcut: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <==== Cyrillic Shortcut: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <==== Cyrillic Shortcut: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <==== Cyrillic Shortcut: C:\Users\HOME\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Браузер Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) <==== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Браузер Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) <==== Cyrillic ShortcutWithArgument: C:\Users\HOME\Desktop\Дети - Yandex.lnk -> C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\HOME\Desktop\Надежда - Yandex.lnk -> C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\HOME\Desktop\Роман - Yandex.lnk -> C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) -> --profile-directory="Default" --try-supported-channel-layouts ShortcutWithArgument: C:\Users\HOME\Desktop\Яндекс.Диск.lnk -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe (Яндекс) -> -desktop <==== Cyrillic ShortcutWithArgument: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс.Диск\Яндекс.Диск.lnk -> C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe (Яндекс) -> -desktop <==== Cyrillic ShortcutWithArgument: C:\Users\HOME\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Надежда - Yandex.lnk -> C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\HOME\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Роман - Yandex.lnk -> C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) -> --profile-directory="Default" ==================== Loaded Modules (Whitelisted) ============== 2017-09-01 08:38 - 2017-09-01 08:38 - 000184504 _____ () C:\Users\HOME\AppData\Roaming\SDService\SDService.exe 2017-07-24 11:05 - 2018-02-20 09:52 - 000302944 _____ () C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\libpng14-14-x64.dll 2017-07-24 11:05 - 2018-02-20 09:52 - 000187744 _____ () C:\Users\HOME\AppData\Roaming\Yandex\YandexDisk\zlib1-x64.dll 2018-02-07 22:47 - 2018-02-07 22:47 - 000078032 _____ () C:\Program Files\CCleaner\lang\lang-1049.dll 2018-01-02 23:22 - 2017-11-02 15:39 - 000081368 _____ () C:\Program Files (x86)\ASUS\AXSP\3.00.08\ATKEX.dll 2017-11-27 18:10 - 2017-11-27 18:10 - 000065536 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Exeio.dll 2017-11-14 15:35 - 2017-11-14 15:35 - 001772544 _____ () C:\Program Files (x86)\ASUS\GPU TweakII\Vender.dll 2018-01-19 20:05 - 2018-01-17 20:58 - 000104952 _____ () C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\17.11.1.990\libqrencode.dll 2018-01-19 20:05 - 2018-01-17 20:58 - 003028472 _____ () C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\17.11.1.990\libglesv2.dll 2018-01-19 20:05 - 2018-01-17 20:58 - 000091128 _____ () C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\17.11.1.990\libegl.dll 2018-02-28 22:19 - 2015-10-26 11:14 - 000376320 _____ () C:\Program Files (x86)\QGNA\Log4Qt.dll 2018-02-28 22:19 - 2015-07-01 12:33 - 000457216 _____ () C:\Program Files (x86)\QGNA\freetype26.dll 2018-02-28 22:19 - 2015-07-21 10:42 - 000344064 _____ () C:\Program Files (x86)\QGNA\dbus-1.dll 2018-02-28 22:19 - 2017-11-16 15:45 - 001165312 _____ () C:\Program Files (x86)\QGNA\qxmpp0.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5B975772 [280] AlternateDataStreams: C:\Users\Все пользователи\TEMP:5B975772 [280] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 07:34 - 2018-03-11 21:05 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2392814043-1504553964-3045946890-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.100.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: Windows Audio Control => 2 MSCONFIG\startupreg: Download Master => C:\Program Files (x86)\Download Master\dmaster.exe -autorun MSCONFIG\startupreg: Steam => "D:\Program Files (x86)\Steam\steam.exe" -silent ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{341913BF-D032-44C0-89BA-3EBFDE76FD27}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D09DB7E8-A644-4B14-BEF9-0B42F2848139}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{89263E3D-FAA9-4B40-AFD5-74AF5AC0CC97}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A570DAE7-2AEA-404D-97B9-0BA118534DF6}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{4B5D3F69-DE02-4131-97D7-7677E5AA6012}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{492BAC0D-E3AA-4B51-BA63-EE9470E25F5D}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{F07CE62B-6295-45CD-8DE6-10FC1078295C}] => (Allow) LPort=3306 FirewallRules: [{22460005-F379-4B58-97B6-E13B9413173C}] => (Allow) LPort=3306 FirewallRules: [{E4C65B2F-7B2C-4F17-8984-2F9F20E546B5}] => (Block) LPort=445 FirewallRules: [{0590F113-FBF5-40C7-97BB-742DD3A5DE21}] => (Block) LPort=139 FirewallRules: [{9331CF83-0DD9-4852-BFAB-DB2858E885DD}] => (Block) LPort=135 FirewallRules: [{46449A8B-0E9F-47F5-A702-E048CC039692}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{3AC408D3-C34D-4A22-BD77-F3C341E86CE3}] => (Allow) C:\Users\HOME\AppData\Local\Yandex\YandexBrowser\Application\browser.exe FirewallRules: [{B3EDC2F2-1084-47D8-B293-8353F094D8EF}] => (Allow) C:\Users\HOME\Downloads\PlayBlackDesert.exe FirewallRules: [{2B65A761-3B0A-47F1-85AA-3EE97EB7D4E9}] => (Allow) C:\Users\HOME\Downloads\PlayBlackDesert.exe FirewallRules: [{4D76D9AD-8928-48E1-9427-F7AA7A436863}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe FirewallRules: [{E583C298-93D5-4776-B2D1-785D66014608}] => (Allow) C:\Program Files (x86)\QGNA\qGNA.exe FirewallRules: [{0892342A-B17B-4134-AB90-E22D2B346329}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe FirewallRules: [{467766A8-0BE5-4CC9-BB20-AC724211D3C9}] => (Allow) C:\Program Files\Opera\51.0.2830.55\opera.exe FirewallRules: [TCP Query User{6B3D9042-6928-4470-8B59-74F2F55773B6}C:\program files (x86)\qgna\qgna.exe] => (Allow) C:\program files (x86)\qgna\qgna.exe FirewallRules: [UDP Query User{C8BD17D9-20D3-43BD-B148-E05982604DC8}C:\program files (x86)\qgna\qgna.exe] => (Allow) C:\program files (x86)\qgna\qgna.exe ==================== Restore Points ========================= 12-03-2018 12:06:18 Removed Java 8 Update 111 (64-bit) 12-03-2018 12:06:37 Removed Java SE Development Kit 8 Update 111 (64-bit) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/21/2018 03:01:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/21/2018 02:50:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/21/2018 09:29:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/20/2018 06:09:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/20/2018 04:36:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на с ошибкой Недопустимые данные. . Error: (03/20/2018 10:34:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/20/2018 07:04:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/19/2018 10:14:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (03/21/2018 03:00:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Служба "Группировка сетевых участников" является зависимой от службы "Протокол PNRP", которую не удалось запустить из-за ошибки %%-2140993535 Error: (03/21/2018 03:00:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Служба "Протокол PNRP" завершена из-за ошибки %%-2140993535 Error: (03/21/2018 03:00:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Служба "Группировка сетевых участников" является зависимой от службы "Протокол PNRP", которую не удалось запустить из-за ошибки %%-2140993535 Error: (03/21/2018 03:00:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Служба "Протокол PNRP" завершена из-за ошибки %%-2140993535 Error: (03/21/2018 03:00:22 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: Облако протокола PNRP не запущено из-за сбоя при создании удостоверения по умолчанию; код ошибки: 0x80630801. Error: (03/21/2018 03:00:21 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: Облако протокола PNRP не запущено из-за сбоя при создании удостоверения по умолчанию; код ошибки: 0x80630801. Error: (03/21/2018 03:00:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Служба "Группировка сетевых участников" является зависимой от службы "Протокол PNRP", которую не удалось запустить из-за ошибки %%-2140993535 Error: (03/21/2018 03:00:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Служба "Протокол PNRP" завершена из-за ошибки %%-2140993535 CodeIntegrity: =================================== Date: 2018-03-20 21:14:17.692 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-20 21:14:17.687 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-20 20:16:53.655 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\HOME\AppData\Local\Temp\GameNet.nfQ932 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-20 20:16:53.651 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\HOME\AppData\Local\Temp\GameNet.nfQ932 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-20 15:07:33.190 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-20 15:07:33.181 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-20 10:58:27.716 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\HOME\AppData\Local\Temp\GameNet.RI2920 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-20 10:58:27.712 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\HOME\AppData\Local\Temp\GameNet.RI2920 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX(tm)-6300 Six-Core Processor Percentage of memory in use: 27% Total physical RAM: 8175.24 MB Available physical RAM: 5950.95 MB Total Virtual: 16348.68 MB Available Virtual: 13928.09 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.79 GB) (Free:30.49 GB) NTFS Drive d: () (Fixed) (Total:97.66 GB) (Free:68.14 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:368.1 GB) (Free:78.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: A3C08916) Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 71795774) Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================