Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2020 02 Ran by Андрей (administrator) on DESKTOP-EJ2NMSO (Gigabyte Technology Co., Ltd. To be filled by O.E.M.) (11-02-2020 15:02:18) Running from C:\Users\Андрей\Downloads Loaded Profiles: Андрей (Available Profiles: Андрей) Platform: Windows 10 Pro Version 1903 18362.476 (X64) Language: Русский (Россия) Default browser: Yandex Browser Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\SVEN 7.1 GAMING HEADSET\CPL\FaceLift_x64.exe () [File not signed] C:\ProgramData\WindowsTask\MicrosoftHost.exe (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe (Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.xboxgamingoverlay_3.35.14003.0_x64__8wekyb3d8bbwe\GameBar.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.xboxgamingoverlay_3.35.14003.0_x64__8wekyb3d8bbwe\GameBarFT.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_595646f842b3f1a0\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_595646f842b3f1a0\Display.NvContainer\NVDisplay.Container.exe (Realtek Semiconductor) [File not signed] C:\ProgramData\RealtekHD\taskhostw.exe (RooX Solutions LLC -> RooX Solutions) C:\Program Files (x86)\MegaFon\MegaFon Internet\MegaFonInternet.exe (RooX Solutions LLC -> RooX Solutions) C:\Program Files (x86)\MegaFon\MegaFon Internet\MegaFonInternetService.exe (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wargamingerrormonitor.exe (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe (YANDEX LLC -> YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\20.2.1.238\service_update.exe (YANDEX LLC -> YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\20.2.1.238\service_update.exe (YANDEX LLC -> Yandex LLC) C:\Users\Андрей\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\searchbandapp64.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Cm108BSound] => C:\Program Files\SVEN 7.1 GAMING HEADSET\CPL\FaceLift_x64.exe [2359296 2014-11-10] () [File not signed] HKLM\...\Run: [Realtek HD Audio] => C:\ProgramData\RealtekHD\taskhostw.exe [4815872 2020-01-23] (Realtek Semiconductor) [File not signed] <==== ATTENTION HKLM\...\Run: [MegaFon_MegaFonInternet] => C:\Program Files (x86)\MegaFon\MegaFon Internet\MegaFonInternet.exe [202872 2017-06-05] (RooX Solutions LLC -> RooX Solutions) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Run: [GoogleChromeAutoLaunch_2DE8C0D837BD4E162AB3BAA54CE5ADFC] => C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [3274232 2020-01-28] (YANDEX LLC -> YANDEX LLC) HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Run: [YandexSearchBand] => C:\Users\Андрей\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\searchbandapp64.exe [6489592 2019-12-12] (YANDEX LLC -> Yandex LLC) HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2019-12-12] (Piriform Ltd -> Piriform Ltd) HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2414456 2020-02-09] (Wargaming.net Limited -> Wargaming.net) HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Run: [Discord] => C:\Users\Андрей\AppData\Local\Discord\app-0.0.305\Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.) HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1749832 2020-02-03] (Overwolf Ltd -> Overwolf Ltd.) HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Run: [Advanced SystemCare] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3634960 2019-12-13] (IObit Information Technology -> IObit) HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer\DisallowRun: [1] eav_trial_rus.exe HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer\DisallowRun: [2] avast_free_antivirus_setup_online.exe HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer\DisallowRun: [3] eis_trial_rus.exe HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer\DisallowRun: [4] essf_trial_rus.exe HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer\DisallowRun: [5] hitmanpro_x64.exe HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer\DisallowRun: [6] ESETOnlineScanner_UKR.exe HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer\DisallowRun: [7] ESETOnlineScanner_RUS.exe HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer\DisallowRun: [8] HitmanPro.exe HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer\DisallowRun: [9] 360TS_Setup_Mini.exe HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Policies\Explorer\DisallowRun: [10] Cezurity_Scanner_Pro_Free.exe HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {09af80e6-442b-11ea-9c1b-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {09af8154-442b-11ea-9c1b-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {09af81d9-442b-11ea-9c1b-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {09af8237-442b-11ea-9c1b-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {1247d004-3c4f-11ea-9c0a-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {1247d117-3c4f-11ea-9c0a-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {17ee69b3-4bd0-11ea-9c2a-001e101f2267} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {231d5786-33a4-11ea-9bf2-806e6f6e6963} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {2ab36d91-41a6-11ea-9c15-806e6f6e6963} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {3adc4b11-41c8-11ea-9c19-408d5c2a5436} - "H:\HiSuiteDownLoader.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {54632c70-478c-11ea-9c1d-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {8845a5b4-4b30-11ea-9c26-001e101f832f} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {8845add8-4b30-11ea-9c26-001e101f832f} - "H:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {8845ae24-4b30-11ea-9c26-001e101f832f} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {90d3e323-2267-11ea-9bb2-408d5c2a5436} - "E:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {90d3e550-2267-11ea-9bb2-408d5c2a5436} - "E:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {90d3e9ad-2267-11ea-9bb2-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {9291af76-4cb6-11ea-9c2b-001e101f8874} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {9291afd6-4cb6-11ea-9c2b-001e101f8874} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {9291b37a-4cb6-11ea-9c2b-001e101f8874} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {975eb2ea-4503-11ea-9c1c-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {9cd4198c-4797-11ea-9c1f-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {9cd419b4-4797-11ea-9c1f-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {9cd419fe-4797-11ea-9c1f-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {9cd41d2e-4797-11ea-9c1f-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {9cd41e83-4797-11ea-9c1f-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {bb35158d-478d-11ea-9c1e-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {bb3518f4-478d-11ea-9c1e-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {bb351ac2-478d-11ea-9c1e-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {bb351ba1-478d-11ea-9c1e-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {bb351c2e-478d-11ea-9c1e-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {bb351cc7-478d-11ea-9c1e-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {bb351cf3-478d-11ea-9c1e-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {bb351d38-478d-11ea-9c1e-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {bb351f5f-478d-11ea-9c1e-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {d82401b2-3c41-11ea-9c09-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {d82401c5-3c41-11ea-9c09-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {dbe3d91c-4aef-11ea-9c23-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {e8ef5b79-3f5c-11ea-9c0f-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {e8ef5c45-3f5c-11ea-9c0f-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {e8ef5e4b-3f5c-11ea-9c0f-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {e8ef5eba-3f5c-11ea-9c0f-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {e8ef5f65-3f5c-11ea-9c0f-408d5c2a5436} - "F:\AutoRun.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {f1aa7538-3d3d-11ea-9c0f-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {f1aa759e-3d3d-11ea-9c0f-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {f1aa7ac1-3d3d-11ea-9c0f-408d5c2a5436} - "H:\HiSuiteDownLoader.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {f1d1b516-4121-11ea-9c12-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {f1d1b769-4121-11ea-9c12-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {f1d1b777-4121-11ea-9c12-408d5c2a5436} - "G:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {f1d1b787-4121-11ea-9c12-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {f1d1b79c-4121-11ea-9c12-408d5c2a5436} - "F:\Install MegaFon Internet.exe" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\MountPoints2: {f1d1b7c3-4121-11ea-9c12-408d5c2a5436} - "G:\Install MegaFon Internet.exe" GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {144FC997-14F9-4559-8776-DF89E73A322F} - System32\Tasks\ASC_SkipUac_Андрей => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [8804112 2020-02-01] (IObit Information Technology -> IObit) Task: {146C3986-037A-4266-965D-F6B0776C3E4D} - System32\Tasks\Системное обновление Браузера Яндекс => C:\Program Files (x86)\Yandex\YandexBrowser\20.2.1.238\service_update.exe [1928184 2020-01-28] (YANDEX LLC -> YANDEX LLC) Task: {2A067AE9-FA28-4EF0-98D7-D157612343E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2CBBE2F4-7FFA-4C96-9C34-56D9228D742C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {49132F80-1ADA-49A2-B3C8-149577B2EC1C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {690BFF61-2FDD-470D-B31A-F1E7CD8F1E3F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6B061D3D-3863-4003-A18C-05F24D77F047} - System32\Tasks\Yandex.Stroka.User.S-1-5-21-4010367299-2433800681-3590494015-1001 => C:\Users\Андрей\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\searchbandapp64.exe [6489592 2019-12-12] (YANDEX LLC -> Yandex LLC) Task: {79D07494-6EC8-41B6-8E6E-994C2857A067} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {7B50843E-BDAF-4BD7-9DEF-BD8027FC7ED4} - System32\Tasks\Обновление Браузера Яндекс => C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [3274232 2020-01-28] (YANDEX LLC -> YANDEX LLC) Task: {925BC0CD-3F4E-4482-B867-2FC105F7490E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {AC3A1438-14DB-4FD8-A3E9-57FFC450EA3D} - System32\Tasks\Восстановление сервиса обновлений Яндекс.Браузера => C:\Program Files (x86)\Yandex\YandexBrowser\20.2.1.238\service_update.exe [1928184 2020-01-28] (YANDEX LLC -> YANDEX LLC) Task: {C3CDA451-784D-4CD2-B067-11598AE17D0A} - System32\Tasks\Microsoft\Windows\Wininet\Cleaner => C:\Programdata\WindowsTask\winlogon.exe [390144 2019-04-19] () [File not signed] <==== ATTENTION Task: {D9236D9E-CCA0-4622-96B4-237553373555} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe Task: {DBC25356-34B7-4728-A391-80A0DA1719A5} - System32\Tasks\Microsoft\Windows\Wininet\SystemC => C:\Programdata\RealtekHD\taskhostw.exe [4815872 2020-01-23] (Realtek Semiconductor) [File not signed] <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Восстановление сервиса обновлений Яндекс.Браузера.job => C:\Program Files (x86)\Yandex\YandexBrowser\20.2.1.238\service_update.exe Task: C:\WINDOWS\Tasks\Обновление Браузера Яндекс.job => C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe Task: C:\WINDOWS\Tasks\Системное обновление Браузера Яндекс.job => C:\Program Files (x86)\Yandex\YandexBrowser\20.2.1.238\service_update.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{1f71e48e-4b73-44f9-b98f-66ad3a0d4485}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{ae821229-436b-41b6-9a67-f213b77eab11}: [NameServer] 10.78.83.244 10.78.62.244 Tcpip\..\Interfaces\{e654f907-ad21-410b-b0a0-85c2fceb80a1}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{fc915dbe-1871-4c89-a4d9-6e7d3e5464f7}: [NameServer] 10.78.83.245 10.78.62.245 Internet Explorer: ================== HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?clid=2309398 SearchScopes: HKU\S-1-5-21-4010367299-2433800681-3590494015-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627 SearchScopes: HKU\S-1-5-21-4010367299-2433800681-3590494015-1001 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627 SearchScopes: HKU\S-1-5-21-4010367299-2433800681-3590494015-1001 -> {DBB8BCB4-ADD1-43E4-8E2A-43F7671219F1} URL = hxxps://www.yandex.ru/search/?text={searchTerms}&clid=2309399 Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-12-08] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-12-08] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation) ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService13; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1290000 2019-12-27] (IObit Information Technology -> IObit) R3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe [74392 2019-10-24] (Google LLC -> Google Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-02] (Disc Soft Ltd -> Disc Soft Ltd) R2 MegaFon Internet Service; C:\Program Files (x86)\MegaFon\MegaFon Internet\MegaFonInternetService.exe [1026168 2017-06-05] (RooX Solutions LLC -> RooX Solutions) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [860016 2019-08-27] (NVIDIA Corporation -> NVIDIA Corporation) S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2440520 2020-02-03] (Overwolf Ltd -> Overwolf LTD) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-09-09] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe [473824 2017-05-05] (Wondershare Technology Co.,Ltd -> Wondershare) R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-07-09] (Wondershare Technology Co.,Ltd -> Wondershare) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [130336 2019-12-19] (Wondershare Technology Co.,Ltd -> Wondershare) R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\20.2.1.238\service_update.exe [1928184 2020-01-28] (YANDEX LLC -> YANDEX LLC) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_595646f842b3f1a0\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_595646f842b3f1a0\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [45432 2019-07-15] (IObit Information Technology -> IObit) R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [46008 2019-07-15] (IObit Information Technology -> IObit) R3 CMUAC; C:\WINDOWS\System32\drivers\CMUAC.sys [613888 2014-10-09] (C-MEDIA ELECTRONICS INC. -> C-MEDIA) S3 cpuz139; C:\Users\A4F7~1\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [43328 2020-02-10] (CPUID -> CPUID) <==== ATTENTION R3 cpuz145; C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [49968 2020-02-11] (CPUID -> CPUID) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2020-01-27] (Disc Soft Ltd -> Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2020-01-27] (Disc Soft Ltd -> Disc Soft Ltd) R3 ewusbmbb; C:\WINDOWS\System32\drivers\ewusbwwan.sys [457728 2016-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 ew_hwusbdev; C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys [109568 2016-12-08] (Huawei Technologies Co., Ltd.) [File not signed] S3 ew_usbenumfilter; C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [18688 2017-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [91648 2014-03-12] (Huawei Technologies Co., Ltd.) [File not signed] R3 hwdatacard; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [226176 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S3 hwusb_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_cdcacm.sys [127616 2017-03-13] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwusb_cdcecm; C:\WINDOWS\System32\drivers\ew_cdcecm.sys [135552 2015-08-14] (Huawei Technologies Co., Ltd.) [File not signed] S3 hwusb_wwanecm; C:\WINDOWS\System32\drivers\ew_wwanecm.sys [312704 2017-03-13] (Huawei Technologies Co., Ltd.) [File not signed] R3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [32520 2018-07-04] (IObit Information Technology -> IObit) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_595646f842b3f1a0\nvlddmkm.sys [23231744 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-07-23] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-08-23] (NVIDIA Corporation -> NVIDIA Corporation) S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project) [File not signed] R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1167768 2019-12-03] (Realtek Semiconductor Corp. -> Realtek ) R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> ) R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [203296 2020-01-27] (Disc Soft Ltd -> Duplex Secure Ltd) S3 UcmCxUcsiNvppc; C:\WINDOWS\System32\drivers\UcmCxUcsiNvppc.sys [469736 2019-06-10] (NVIDIA Corporation -> NVIDIA Corporation) S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24576 2019-09-09] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-12] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-12] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-02-11 15:02 - 2020-02-11 15:02 - 000030253 _____ C:\Users\Андрей\Downloads\FRST.txt 2020-02-11 15:02 - 2020-02-11 15:02 - 000000000 ____D C:\Users\Андрей\Downloads\FRST-OlderVersion 2020-02-11 15:01 - 2020-02-11 15:02 - 002279424 _____ (Farbar) C:\Users\Андрей\Downloads\FRST64.exe 2020-02-11 15:01 - 2020-02-11 15:02 - 000000000 ____D C:\FRST 2020-02-11 14:43 - 2020-02-11 14:43 - 000036408 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2020-02-11 14:42 - 2020-02-11 14:43 - 002004933 _____ C:\Users\Андрей\Downloads\ProcessExplorer.zip 2020-02-11 14:37 - 2020-02-11 14:52 - 000000464 _____ C:\WINDOWS\Tasks\Обновление Браузера Яндекс.job 2020-02-11 14:37 - 2020-02-11 14:37 - 000003678 _____ C:\WINDOWS\system32\Tasks\Системное обновление Браузера Яндекс 2020-02-11 14:37 - 2020-02-11 14:37 - 000003568 _____ C:\WINDOWS\system32\Tasks\Восстановление сервиса обновлений Яндекс.Браузера 2020-02-11 14:37 - 2020-02-11 14:37 - 000003534 _____ C:\WINDOWS\system32\Tasks\Обновление Браузера Яндекс 2020-02-11 14:37 - 2020-02-11 14:37 - 000003412 _____ C:\WINDOWS\system32\Tasks\Yandex.Stroka.User.S-1-5-21-4010367299-2433800681-3590494015-1001 2020-02-11 14:37 - 2020-02-11 14:37 - 000002910 _____ C:\WINDOWS\system32\Tasks\ASC_SkipUac_Андрей 2020-02-11 14:37 - 2020-02-11 14:37 - 000000504 _____ C:\WINDOWS\Tasks\Системное обновление Браузера Яндекс.job 2020-02-11 14:37 - 2020-02-11 14:37 - 000000464 _____ C:\WINDOWS\Tasks\Восстановление сервиса обновлений Яндекс.Браузера.job 2020-02-11 14:08 - 2020-02-11 14:21 - 141605786 _____ C:\Users\Андрей\Downloads\Wotspeak.zip 2020-02-11 13:50 - 2020-02-11 13:50 - 006078464 _____ C:\WINDOWS\system32\config\DRIVERS.iobit 2020-02-11 13:49 - 2020-02-11 13:50 - 079360000 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit 2020-02-11 13:49 - 2020-02-11 13:49 - 000479232 _____ C:\WINDOWS\system32\config\DEFAULT.iobit 2020-02-11 13:49 - 2020-02-11 13:49 - 000040960 _____ C:\WINDOWS\system32\config\SECURITY.iobit 2020-02-11 13:49 - 2020-02-11 13:49 - 000040960 _____ C:\WINDOWS\system32\config\SAM.iobit 2020-02-11 13:48 - 2020-02-11 13:48 - 000000000 ____D C:\Users\Все пользователи\{F86B0233-9A85-4589-8AAF-524CC4F8211B} 2020-02-11 13:47 - 2020-02-11 14:02 - 000000000 ____D C:\Users\Все пользователи\IObit 2020-02-11 13:47 - 2020-02-11 13:48 - 000000000 ____D C:\Users\Все пользователи\ProductData 2020-02-11 13:47 - 2020-02-11 13:48 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\IObit 2020-02-11 13:47 - 2020-02-11 13:47 - 000001262 _____ C:\Users\Public\Desktop\Advanced SystemCare.lnk 2020-02-11 13:47 - 2020-02-11 13:47 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled 2020-02-11 13:47 - 2020-02-11 13:47 - 000000000 ____D C:\Program Files (x86)\IObit 2020-02-11 13:41 - 2020-02-11 13:46 - 049697616 _____ (IObit ) C:\Users\Андрей\Downloads\advanced-systemcare-setup.exe 2020-02-10 23:13 - 2016-12-08 14:23 - 000159744 _____ (TCT International Mobile Ltd.) C:\WINDOWS\system32\Drivers\AlcatelOTDCWwan.sys 2020-02-10 23:13 - 2016-12-08 14:23 - 000138752 _____ (TCT International Mobile Ltd) C:\WINDOWS\system32\Drivers\AlcatelOTUsbnet.sys 2020-02-10 23:13 - 2016-12-08 14:23 - 000123776 _____ (TCT International Mobile Ltd.) C:\WINDOWS\system32\Drivers\jrdusbser.sys 2020-02-09 19:53 - 2020-02-09 19:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\cFos 2020-02-09 19:52 - 2020-02-09 19:52 - 000000000 ____D C:\Users\Все пользователи\cFos 2020-02-09 19:52 - 2020-02-09 19:52 - 000000000 ____D C:\Users\Андрей\AppData\Local\cFos 2020-02-09 19:52 - 2019-03-21 04:06 - 001595456 _____ (cFos Software GmbH) C:\WINDOWS\system32\Drivers\cfosspeed6.sys 2020-02-09 19:51 - 2020-02-09 19:51 - 000002937 _____ C:\Users\Андрей\Desktop\HSPA Locker v1.3b by Job 3.14.lnk 2020-02-09 19:51 - 2020-02-09 19:51 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HSPA Locker v1.3 2020-02-09 19:51 - 2020-02-09 19:51 - 000000000 ____D C:\Program Files (x86)\HSPA Locker v1.3 2020-02-09 19:50 - 2020-02-09 19:51 - 004957771 _____ C:\Users\Андрей\Downloads\Leatrix_Latency_Fix_3.03.zip 2020-02-09 19:49 - 2020-02-09 19:50 - 005180416 _____ C:\Users\Андрей\Downloads\cfosspeed-v1050.exe 2020-02-09 19:49 - 2020-02-09 19:49 - 000738311 _____ C:\Users\Андрей\Downloads\hspa-locker-v1-3b.zip 2020-02-09 19:44 - 2020-02-10 23:13 - 000002215 _____ C:\Users\Public\Desktop\MegaFon Internet.lnk 2020-02-09 19:44 - 2016-12-08 14:23 - 000109568 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys 2020-02-09 19:44 - 2016-12-08 14:23 - 000032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys 2020-02-09 19:44 - 2016-12-08 14:23 - 000022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys 2020-02-09 19:44 - 2014-03-12 13:39 - 000091648 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys 2020-02-09 19:43 - 2020-02-09 19:43 - 000000000 ____D C:\Program Files (x86)\MegaFon 2020-02-09 15:03 - 2020-02-09 15:14 - 151793621 _____ (JustDJ ) C:\Users\Андрей\Downloads\Wotspeak ModPack 1.7.1.2 ver.3.2.exe 2020-02-09 14:32 - 2020-02-09 14:32 - 000565060 _____ C:\WINDOWS\Minidump\020920-10546-01.dmp 2020-02-05 12:28 - 2020-02-05 12:28 - 000000931 _____ C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Надежда на Мир.lnk 2020-02-05 01:25 - 2020-02-05 01:25 - 000000000 ____D C:\Users\Все пользователи\MegaFon Modem 2020-02-05 01:25 - 2020-02-05 01:25 - 000000000 ____D C:\Users\Все пользователи\$PRODUCT_DATA_NAME 2020-02-05 01:17 - 2020-02-09 14:39 - 000000000 ____D C:\WINDOWS\LastGood 2020-02-05 00:58 - 2020-02-05 00:58 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\WinRAR 2020-02-05 00:58 - 2020-02-05 00:58 - 000000000 ____D C:\Program Files\WinRAR 2020-02-05 00:22 - 2020-02-05 00:22 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2020-02-04 23:59 - 2020-02-05 01:14 - 000000000 ____D C:\Program Files (x86)\HUAWEI Modem 3.0 2020-02-04 23:34 - 2020-02-04 23:34 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf 2020-01-31 22:37 - 2020-01-31 22:37 - 000001272 _____ C:\Users\Андрей\Desktop\Dying Light.lnk 2020-01-31 22:37 - 2020-01-31 22:37 - 000000000 ____D C:\Users\Все пользователи\Steam 2020-01-31 22:37 - 2020-01-31 22:37 - 000000000 ____D C:\Users\Андрей\Documents\DyingLight 2020-01-31 22:37 - 2020-01-31 22:37 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\Dying Light 2020-01-30 15:55 - 2020-01-30 15:55 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\Notepad++ 2020-01-30 15:55 - 2020-01-30 15:55 - 000000000 ____D C:\Program Files (x86)\Notepad++ 2020-01-28 20:43 - 2020-01-28 20:43 - 000000000 __SHD C:\Users\Все пользователи\DSS 2020-01-28 20:43 - 2020-01-28 20:43 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\Lionhead Studios 2020-01-28 20:32 - 2020-01-28 20:32 - 000000000 ____D C:\R.G. Catalyst 2020-01-28 12:19 - 2020-01-28 12:19 - 000000000 ____D C:\Users\Андрей\AppData\Local\UnrealEngine 2020-01-28 12:19 - 2020-01-28 12:19 - 000000000 ____D C:\Users\Андрей\AppData\Local\SwGame 2020-01-28 12:19 - 2020-01-28 12:19 - 000000000 ____D C:\Users\Андрей\AppData\Local\Origin 2020-01-27 20:03 - 2020-02-11 14:37 - 000000000 ____D C:\Users\Андрей\AppData\Local\CrashDumps 2020-01-27 19:59 - 2020-01-27 19:59 - 000000000 ____D C:\Users\Андрей\AppData\Local\Disc_Soft_Ltd 2020-01-27 19:56 - 2020-02-11 13:53 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\DAEMON Tools Lite 2020-01-27 19:56 - 2020-01-28 20:42 - 000001711 _____ C:\Users\Андрей\Desktop\Fable III.lnk 2020-01-27 19:56 - 2020-01-27 19:56 - 000203296 _____ (Duplex Secure Ltd) C:\WINDOWS\system32\Drivers\sptd2.sys 2020-01-27 19:55 - 2020-02-09 20:27 - 000000000 __SHD C:\Users\Все пользователи\WindowsTask 2020-01-27 19:55 - 2020-02-09 20:26 - 000000000 __SHD C:\Users\Все пользователи\RunDLL 2020-01-27 19:55 - 2020-01-27 19:55 - 000047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys 2020-01-27 19:55 - 2020-01-27 19:55 - 000030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys 2020-01-27 19:55 - 2020-01-27 19:55 - 000000000 __SHD C:\Users\Все пользователи\RealtekHD 2020-01-27 19:55 - 2020-01-27 19:55 - 000000000 ____D C:\Users\Все пользователи\DAEMON Tools Lite 2020-01-27 19:55 - 2020-01-27 19:55 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\Opera Software 2020-01-27 19:55 - 2020-01-27 19:55 - 000000000 ____D C:\Program Files\DAEMON Tools Lite 2020-01-27 19:40 - 2015-06-10 16:15 - 000226176 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys 2020-01-26 11:00 - 2020-02-09 14:32 - 597348806 _____ C:\WINDOWS\MEMORY.DMP 2020-01-26 11:00 - 2020-01-26 11:01 - 000767924 _____ C:\WINDOWS\Minidump\012620-11421-01.dmp 2020-01-25 14:56 - 2020-01-25 14:56 - 000000374 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2020-01-25 13:53 - 2020-01-25 13:53 - 000000000 ____D C:\Users\Все пользователи\HUAWEI Modem 3.0 2020-01-23 13:56 - 2020-01-23 13:57 - 000000000 ____D C:\Users\Все пользователи\KMSAuto 2020-01-23 13:56 - 2014-08-08 19:31 - 000027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\ptun0901.sys 2020-01-23 13:56 - 2014-05-25 03:36 - 000015360 _____ C:\WINDOWS\system32\SppExtComObjHook.dll 2020-01-23 13:55 - 2020-01-23 13:57 - 000000000 ____D C:\Users\Андрей\AppData\Local\MSfree Inc 2020-01-23 13:54 - 2015-10-04 16:21 - 000002487 _____ C:\WINDOWS\KMSAutoLite.ini 2020-01-23 13:53 - 2020-01-23 13:53 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Средства Microsoft Office 2016 2020-01-23 13:53 - 2015-10-04 16:23 - 001560202 _____ C:\WINDOWS\Activator.exe 2020-01-23 13:45 - 2020-01-23 13:45 - 000000000 ____D C:\WINDOWS\PCHEALTH 2020-01-23 13:45 - 2020-01-23 13:45 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2020-01-23 13:44 - 2020-01-23 13:51 - 000000000 ____D C:\Users\Все пользователи\Microsoft Help 2020-01-23 13:44 - 2020-01-23 13:46 - 000000000 ____D C:\WINDOWS\SHELLNEW 2020-01-23 13:44 - 2020-01-23 13:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2020-01-23 13:44 - 2020-01-23 13:44 - 000000000 ____D C:\Users\Андрей\AppData\Local\Microsoft Help 2020-01-23 13:44 - 2020-01-23 13:44 - 000000000 ____D C:\Program Files\Microsoft Office 2020-01-23 13:44 - 2020-01-23 13:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2020-01-21 14:39 - 2017-03-13 18:17 - 000312704 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_wwanecm.sys 2020-01-21 14:39 - 2017-03-13 18:17 - 000127616 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_cdcacm.sys 2020-01-21 13:53 - 2020-02-09 15:49 - 000000000 ____D C:\Users\Андрей\AppData\Local\NVIDIA Corporation 2020-01-21 13:53 - 2020-01-21 13:53 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2020-01-21 13:53 - 2020-01-21 13:53 - 000000000 ____D C:\Users\Андрей\AppData\Local\NVIDIA 2020-01-21 13:53 - 2020-01-21 13:53 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2020-01-21 13:53 - 2020-01-21 13:53 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2020-01-21 13:53 - 2019-09-05 13:50 - 002843120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2020-01-21 13:53 - 2019-09-05 13:50 - 002206704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2020-01-21 13:53 - 2019-09-05 13:50 - 001321968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll 2020-01-21 13:53 - 2019-08-27 22:15 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2020-01-21 13:53 - 2019-07-22 21:36 - 000179000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2020-01-21 13:53 - 2019-07-22 21:36 - 000154424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2020-01-20 15:43 - 2020-01-20 15:43 - 000000899 _____ C:\Users\Андрей\Downloads\Сертификат.zip 2020-01-14 19:40 - 2020-02-11 14:37 - 000002138 _____ C:\Users\Андрей\Desktop\TeamSpeak Overlay.lnk 2020-01-14 19:40 - 2020-02-10 09:40 - 000000000 ____D C:\Program Files (x86)\Overwolf 2020-01-14 19:40 - 2020-01-18 01:08 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2020-01-14 19:40 - 2020-01-14 19:40 - 000000000 ____D C:\Users\Все пользователи\Overwolf 2020-01-14 19:35 - 2020-02-11 14:37 - 000000000 ____D C:\Users\Андрей\AppData\Local\Overwolf 2020-01-14 19:34 - 2020-01-14 19:34 - 001337088 _____ (Overwolf Ltd.) C:\Users\Андрей\Downloads\TeamSpeak-Installer.exe ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-02-11 14:59 - 2019-12-24 18:23 - 000000000 ____D C:\World_of_Tanks_RU 2020-02-11 14:59 - 2019-12-15 11:56 - 000000000 ____D C:\Users\Все пользователи\NVIDIA 2020-02-11 14:47 - 2019-12-12 01:12 - 000000000 ____D C:\Users\Все пользователи\regid.1991-06.com.microsoft 2020-02-11 14:34 - 2019-12-12 01:27 - 000012212 _____ C:\Users\Все пользователи\DisplaySessionContainer1.log_backup1 2020-02-11 14:34 - 2019-12-12 01:21 - 000000000 ____D C:\Users\Андрей 2020-02-11 14:22 - 2019-12-15 11:22 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner 2020-02-11 14:20 - 2019-12-12 01:08 - 000000000 ____D C:\WINDOWS\CbsTemp 2020-02-11 13:54 - 2019-12-15 11:22 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2020-02-11 13:53 - 2019-12-12 01:17 - 000000000 ____D C:\WINDOWS\Panther 2020-02-11 13:53 - 2019-12-12 01:12 - 000000000 ____D C:\WINDOWS\ModemLogs 2020-02-11 13:53 - 2019-12-12 01:11 - 000000000 ____D C:\WINDOWS\INF 2020-02-11 13:49 - 2019-12-12 01:32 - 000002575 _____ C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk 2020-02-11 13:49 - 2019-12-12 01:32 - 000002538 _____ C:\Users\Андрей\Desktop\Yandex.lnk 2020-02-11 13:48 - 2019-12-03 15:44 - 000000000 ____D C:\Users\Андрей\AppData\LocalLow\IObit 2020-02-11 13:15 - 2019-12-12 01:29 - 001663722 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2020-02-11 13:15 - 2019-12-12 01:14 - 000734030 _____ C:\WINDOWS\system32\perfh019.dat 2020-02-11 13:15 - 2019-12-12 01:14 - 000143944 _____ C:\WINDOWS\system32\perfc019.dat 2020-02-11 13:10 - 2019-12-12 23:59 - 000000400 __RSH C:\Users\Все пользователи\ntuser.pol 2020-02-11 13:09 - 2019-12-12 01:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-02-11 13:09 - 2019-12-12 01:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-02-11 12:58 - 2019-12-12 01:19 - 000017199 _____ C:\Users\Все пользователи\NVDisplay.ContainerLocalSystem.log_backup1 2020-02-10 23:54 - 2019-12-12 01:53 - 000006553 _____ C:\Users\Все пользователи\DisplaySessionContainer2.log_backup1 2020-02-10 23:13 - 2019-12-21 15:19 - 000000000 ____D C:\Users\Все пользователи\DatacardService 2020-02-10 09:39 - 2019-12-12 01:19 - 000071612 _____ C:\Users\Все пользователи\NVDisplayContainerWatchdog.log_backup1 2020-02-10 09:39 - 2019-12-12 01:19 - 000001206 _____ C:\Users\Все пользователи\NvcDispCorePlugin.log_backup1 2020-02-10 09:25 - 2019-12-12 15:40 - 000008131 _____ C:\Users\Все пользователи\DisplaySessionContainer3.log_backup1 2020-02-09 21:59 - 2019-12-12 01:31 - 000000000 ____D C:\Users\Андрей\AppData\Local\Yandex 2020-02-09 20:17 - 2019-12-12 01:07 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2020-02-09 20:08 - 2019-12-12 01:18 - 000453232 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2020-02-09 20:04 - 2019-12-12 01:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2020-02-09 19:43 - 2019-12-21 15:18 - 000000000 ____D C:\Users\Все пользователи\MegaFon 2020-02-09 15:49 - 2019-12-12 01:19 - 000000000 ____D C:\Users\Все пользователи\NVIDIA Corporation 2020-02-09 14:32 - 2019-12-12 01:27 - 000000000 ____D C:\WINDOWS\minidump 2020-02-09 12:40 - 2019-12-12 01:12 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-02-08 11:11 - 2019-12-12 22:14 - 000013119 _____ C:\Users\Все пользователи\DisplaySessionContainer5.log_backup1 2020-02-07 21:30 - 2019-12-12 21:40 - 000013858 _____ C:\Users\Все пользователи\DisplaySessionContainer4.log_backup1 2020-02-05 19:56 - 2019-12-12 15:42 - 000000000 ____D C:\Users\Андрей\AppData\Local\D3DSCache 2020-02-05 12:24 - 2019-12-03 15:50 - 000000000 ____D C:\Games 2020-02-05 00:58 - 2019-12-08 22:48 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2020-02-04 21:39 - 2019-12-16 19:43 - 000013115 _____ C:\Users\Все пользователи\DisplaySessionContainer10.log_backup1 2020-02-04 20:14 - 2019-12-16 07:45 - 000013119 _____ C:\Users\Все пользователи\DisplaySessionContainer9.log_backup1 2020-02-03 21:11 - 2019-12-15 22:12 - 000013856 _____ C:\Users\Все пользователи\DisplaySessionContainer8.log_backup1 2020-02-03 20:07 - 2019-12-15 14:14 - 000012754 _____ C:\Users\Все пользователи\DisplaySessionContainer7.log_backup1 2020-02-03 17:19 - 2019-12-14 19:25 - 000012128 _____ C:\Users\Все пользователи\DisplaySessionContainer6.log_backup1 2020-01-31 22:28 - 2019-12-03 16:58 - 000000624 _____ C:\Users\Андрей\Desktop\cpuz.ini 2020-01-31 22:14 - 2019-12-14 16:07 - 000000000 ____D C:\Program Files (x86)\R.G. Mechanics 2020-01-30 20:44 - 2019-12-17 18:31 - 000011985 _____ C:\Users\Все пользователи\DisplaySessionContainer11.log_backup1 2020-01-27 23:34 - 2019-12-03 16:43 - 000000000 ____D C:\Users\Андрей\Documents\The Witcher 3 2020-01-25 14:55 - 2019-12-12 01:12 - 000000000 ____D C:\WINDOWS\system32\NDF 2020-01-23 13:45 - 2019-12-12 01:12 - 000000167 _____ C:\WINDOWS\win.ini 2020-01-23 13:44 - 2019-12-12 01:12 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2020-01-22 20:35 - 2019-12-21 18:11 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\TS3Client 2020-01-22 20:35 - 2019-12-13 11:56 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\uTorrent 2020-01-21 14:34 - 2019-12-25 14:08 - 000000440 _____ C:\Users\Андрей\Desktop\cst.ini 2020-01-21 14:34 - 2019-12-25 14:08 - 000000064 _____ C:\Users\Андрей\Desktop\i63A9x4.bin 2020-01-17 23:28 - 2019-12-12 19:00 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\Discord 2020-01-16 01:11 - 2019-12-12 15:49 - 000000000 ____D C:\Users\Андрей\AppData\Roaming\Sirus Launcher 2020-01-14 19:24 - 2019-12-12 01:12 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2020-01-14 19:24 - 2019-12-12 01:12 - 000000000 ____D C:\WINDOWS\system32\Macromed ==================== Files in the root of some directories ======== 2020-01-02 16:12 - 2020-01-02 16:12 - 000007598 _____ () C:\Users\Андрей\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================