Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by HOME (21-03-2018 18:09:03) Run:1 Running from C:\Users\HOME\Desktop\Новая папка (5) Loaded Profiles: HOME (Available Profiles: HOME) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: VirusTotal: C:\Program Files\Common Files\xpdown.dat;C:\Program Files\Common Files\xp.dat;C:\Program Files (x86)\Common Files\conime.exe;C:\Windows\system32\a.exe c:\windows\debug\ok.dat ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => -> No File Task: {051035B4-29E6-4C7C-A6F0-B291AD6225AC} - \Mysa3 -> No File <==== ATTENTION Task: {470C1D91-6605-498E-891F-AF28FE96EA5C} - \Microsoft Windows UPnP Services -> No File <==== ATTENTION Task: {59CD135B-5754-4B71-AFC3-298B61F5F884} - System32\Tasks\ok => rundll32.exe c:\windows\debug\ok.dat,ServiceMain aaaa Task: {60C5F102-4943-465E-8515-BF103968FE1B} - \Mysa -> No File <==== ATTENTION Task: {68A5EA2A-FECF-4436-987D-041927F49C68} - \HOME -> No File <==== ATTENTION Task: {9B742318-5996-4A66-8991-4D94F426915B} - \Mysa2 -> No File <==== ATTENTION Task: {A635BE69-C091-4D74-8BBE-E6263AA73CB2} - \Mysa1 -> No File <==== ATTENTION WMI_ActiveScriptEventConsumer_fuckyoumm2_consumer: <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:5B975772 [280] AlternateDataStreams: C:\Users\Все пользователи\TEMP:5B975772 [280] EmptyTemp: Reboot: ***************** Restore point was successfully created. VirusTotal: C:\Program Files\Common Files\xpdown.dat => https://www.virustotal.com/file/5be453c0251d552be2c4d340ae2a9d98e2d76b17b5d213990f23812092a656ee/analysis/1521637753/ VirusTotal: C:\Program Files\Common Files\xp.dat => https://www.virustotal.com/file/c27e71111edad47f0a82d76853f7bbc697dfd84b9a625807632d9063ab2b1086/analysis/1521637754/ VirusTotal: C:\Program Files (x86)\Common Files\conime.exe => https://www.virustotal.com/file/6c580821f9482a8532186b13634b983c4cef3a8813735fa714c5dcacf668ca2d/analysis/1521637758/ VirusTotal: C:\Windows\system32\a.exe => https://www.virustotal.com/file/9140bdecb0b683b1620b08ec9e4453b92fccb8a713db2fb981c6e52c43342be3/analysis/1521637761/ "c:\windows\debug\ok.dat" => not found "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw" => removed successfully HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\TVCShellExt" => removed successfully HKLM\Software\Classes\CLSID\{4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{051035B4-29E6-4C7C-A6F0-B291AD6225AC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{051035B4-29E6-4C7C-A6F0-B291AD6225AC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mysa3" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{470C1D91-6605-498E-891F-AF28FE96EA5C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{470C1D91-6605-498E-891F-AF28FE96EA5C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft Windows UPnP Services" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{59CD135B-5754-4B71-AFC3-298B61F5F884}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59CD135B-5754-4B71-AFC3-298B61F5F884}" => removed successfully C:\Windows\System32\Tasks\ok => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ok" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{60C5F102-4943-465E-8515-BF103968FE1B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60C5F102-4943-465E-8515-BF103968FE1B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mysa" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{68A5EA2A-FECF-4436-987D-041927F49C68}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68A5EA2A-FECF-4436-987D-041927F49C68}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HOME" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9B742318-5996-4A66-8991-4D94F426915B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B742318-5996-4A66-8991-4D94F426915B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mysa2" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A635BE69-C091-4D74-8BBE-E6263AA73CB2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A635BE69-C091-4D74-8BBE-E6263AA73CB2}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mysa1" => removed successfully "WMI_ActiveScriptEventConsumer_fuckyoumm2_consumer: <==== ATTENTION" => removed successfully C:\ProgramData\TEMP => ":5B975772" ADS removed successfully "C:\Users\Все пользователи\TEMP" => ":5B975772" ADS not found. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 70535191 B Java, Flash, Steam htmlcache => 231266228 B Windows/system/drivers => 4308302 B Edge => 0 B Chrome => 175839 B Firefox => 0 B Opera => 195110 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 65536 B Public => 0 B ProgramData => 0 B systemprofile => 164951 B systemprofile32 => 1414205 B LocalService => 66228 B NetworkService => 1934 B HOME => 35612742 B RecycleBin => 135868 B EmptyTemp: => 328 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 18:09:30 ====