почти на каждой открытой странице в браузере при клике мышкой в поле окна происходит обновление страницы на страницу рекламы internetgazeta.cardvrmirrorr.ru Невозможно даже в почту зайти. Adwcleaner и malwarebytes не помогли
Вот результат проверки frst
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
Ran by Татьяна (05-06-2017 19:36:58)
Running from C:\Users\Татьяна\Downloads
Windows 8 Pro (X64) (2014-10-25 10:56:30)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
UpdatusUser (S-1-5-21-2938026407-1273681603-1291515782-1002 — Limited — Enabled)
Администратор (S-1-5-21-2938026407-1273681603-1291515782-500 — Administrator — Enabled) => C:\Users\Администратор
Гость (S-1-5-21-2938026407-1273681603-1291515782-501 — Limited — Disabled)
Татьяна (S-1-5-21-2938026407-1273681603-1291515782-1001 — Administrator — Enabled) => C:\Users\Татьяна
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled — Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Cloud Antivirus (Disabled — Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD}
AV: Malwarebytes (Enabled — Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: COMODO Sandbox (Disabled — Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
AS: Malwarebytes (Enabled — Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled — Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with «Hidden» flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\uTorrent) (Version: 3.5.0.43804 — BitTorrent Inc.)
7-Zip 15.14 (x64) (HKLM\…\7-Zip) (Version: 15.14 — Igor Pavlov)
Adguard (HKLM-x32\…\{e2a82ed3-dba7-43f6-8ef3-e303140c55dd}) (Version: 6.1.331.1732 — Performix LLC)
Adguard (x32 Version: 6.1.331.1732 — Performix LLC) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\…\Adobe Flash Player Plugin) (Version: 10.0.22.87 — Adobe Systems Incorporated)
AIDA64 Extreme v5.80 (HKLM-x32\…\AIDA64 Extreme_is1) (Version: 5.80 — FinalWire Ltd.)
Apple Mobile Device Support (HKLM\…\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 — Apple Inc.)
Apple Software Update (HKLM-x32\…\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 — Apple Inc.)
ArchiCAD 19 RUS (HKLM\…\001FFF2FFF19FF00FF2001F01F02F000-R1) (Version: 19.0 — GRAPHISOFT)
ARCHICAD 20 RUS (HKLM\…\001FFF2FFF20FF00FF2001F01F02F000-R1) (Version: 20.0 — GRAPHISOFT)
AutoCAD Structural Detailing 2014 — English (Version: 2014.0.0.3388 — Autodesk) Hidden
AutoCAD Structural Detailing 2014 — English (Version: 2014.1.0.3388 — Autodesk) Hidden
AutoCAD Structural Detailing 2014 Language Pack — English (Version: 2014.0.0.3388 — Autodesk) Hidden
Autodesk 3ds Max 2016 (HKLM\…\Autodesk 3ds Max 2016) (Version: 18.0.873.0 — Autodesk)
Autodesk 3ds Max 2016 (Version: 18.0.873.0 — Autodesk) Hidden
Autodesk 3ds Max 2016 Populate Data (HKLM\…\{57E92DED-DC7C-41E5-B9E1-76D83BD2EABE}) (Version: 18.0.0.0 — Autodesk)
Autodesk 3ds Max Design 2015 SP2 (HKLM\…\Autodesk 3ds Max Design 2015 SP2) (Version: 17.2.259.0 — Autodesk)
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\…\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.19 — Autodesk)
Autodesk Application Manager (HKLM-x32\…\Autodesk Application Manager) (Version: 4.0.69.0 — Autodesk)
Autodesk AutoCAD Structural Detailing 2014 — English (HKLM\…\AutoCAD Structural Detailing 2014 — English) (Version: 2014.1.0.3388 — Autodesk)
Autodesk AutoCAD Structural Detailing 2014 — English SP1 (HKLM\…\AutoCAD Structural Detailing 2014 — English SP1) (Version: 1 — Autodesk)
Autodesk Backburner 2013.0.0 (HKLM-x32\…\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 — Autodesk, Inc.)
Autodesk Civil View for 3ds Max 2016 64-bit (HKLM\…\{1C4FFAF0-6DBB-4F7A-A386-46747D060826}) (Version: 18.0.0.0 — Autodesk)
Autodesk Content Service (HKLM-x32\…\Autodesk Content Service) (Version: 3.1.3.0 — Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 — Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 — Autodesk) Hidden
Autodesk Inventor Server Engine for 3ds Max 2016 (HKLM\…\{9167CA34-4E58-49E3-8892-3C439739D2D3}) (Version: 18.0 — Autodesk)
Autodesk Material Library 2015 (HKLM-x32\…\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 — Autodesk)
Autodesk Material Library 2016 (HKLM-x32\…\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.19 — Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\…\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 — Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\…\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.19 — Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\…\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 — Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\…\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.19 — Autodesk)
Autodesk Network License Manager (HKLM\…\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.11.0 — Autodesk)
Autodesk Revit Interoperability for 3ds Max (HKLM\…\Autodesk Revit Interoperability for 3ds Max ) (Version: 16.0.394.0 — Autodesk)
Autodesk Revit Interoperability for 3ds Max (Version: 16.0.394.0 — Autodesk) Hidden
Bonjour (HKLM\…\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 — Apple Inc.)
CodeMeter Runtime Kit v5.22a (HKLM\…\{8D299F2C-A3C8-49A5-A726-E885AB397243}) (Version: 5.22.1508.501 — WIBU-SYSTEMS AG)
CyberLink LabelPrint (HKLM-x32\…\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 — CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\…\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 — CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\…\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 — CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\…\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 — CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\…\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 — CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\…\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 — CyberLink Corp.)
EPSON SX430 Series Printer Uninstall (HKLM\…\EPSON SX430 Series) (Version: — SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\…\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 — SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\…\ESET Online Scanner) (Version: — )
FARO LS 1.1.501.0 (64bit) (HKLM-x32\…\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 — FARO Scanner Production)
Foxit PhantomPDF (HKLM\…\{DBBA8D69-E1B5-4FB2-8F70-48215FF80D30}) (Version: 5.0.1.523 — Foxit Corporation)
Google Chrome (HKLM-x32\…\Google Chrome) (Version: 58.0.3029.110 — Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 — Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 — Google Inc.) Hidden
GRAPHISOFT BIMx Desktop Viewer (HKLM-x32\…\103FFFFFFF20FF00FF2801F01F02F000-R1) (Version: 20.0 — GRAPHISOFT)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 — Hewlett-Packard Company) Hidden
HP Connected Remote (HKLM-x32\…\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 — Hewlett-Packard)
HP Registration Service (HKLM\…\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 — Hewlett-Packard)
HP Support Assistant (HKLM-x32\…\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 — Hewlett-Packard Company)
HP Support Information (HKLM-x32\…\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 — Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\…\{50980478-879F-4347-8247-29FF7A78C2EE}) (Version: 12.6.14.19 — Hewlett-Packard Company)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\…\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 — Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\…\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 — Intel Corporation)
iTunes (HKLM\…\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 — Apple Inc.)
Java 7 Update 51 (HKLM-x32\…\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 — Oracle)
Java 8 Update 45 (HKLM-x32\…\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 — Oracle Corporation)
Kyocera Product Library (HKLM\…\Kyocera Product Library) (Version: 4.2.1909 — KYOCERA Document Solutions Inc.)
KYOCERA Status Monitor 4 (HKLM\…\{24EE7F6D-C648-463f-9E71-DC5FD2258D16}) (Version: 4.1.3407 — KYOCERA Document Solutions Inc.)
Lumion 6.0 (HKLM\…\Lumion 6.0_is1) (Version: 6.0 — Act-3D B.V.)
Malwarebytes, версия 3.1.2.1733 (HKLM\…\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 — Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 — Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\…\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\…\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\…\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\…\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\…\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\…\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x64 9.0.30729.4148 (HKLM\…\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x64 9.0.30729.6161 (HKLM\…\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.17 (HKLM-x32\…\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.4148 (HKLM-x32\…\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 — Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable — x86 9.0.30729.6161 (HKLM-x32\…\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 — Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable — 10.0.40219 (HKLM\…\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable — 10.0.40219 (HKLM-x32\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) — 11.0.51106 (HKLM-x32\…\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) — 11.0.61030 (HKLM-x32\…\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.61030 (HKLM-x32\…\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 — Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) — 14.0.23026 (HKLM-x32\…\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 — Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) — 14.0.23026 (HKLM-x32\…\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 — Microsoft Corporation)
Movavi Video Editor 12 (HKLM-x32\…\Movavi Video Editor 12) (Version: 12.4.0 — Movavi)
Movavi Video Suite 16.0.2 (HKLM-x32\…\Movavi Video Suite_is1) (Version: 16.0.2 — MOVAVI)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 — NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 — NVIDIA Corporation)
NVIDIA Графический драйвер 327.02 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 — NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 327.02 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 — NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\…\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 — Apache Software Foundation)
Personal Accelerator for Revit (HKLM\…\Personal Accelerator for Revit) (Version: 16.0.1109.0 — Autodesk)
Realtek Ethernet Controller Driver (HKLM-x32\…\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 — Realtek)
Realtek High Definition Audio Driver (HKLM-x32\…\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6942 — Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5826 — CyberLink Corp.) Hidden
SketchUp 2015 (HKLM-x32\…\{D0A0BE3D-8D66-4BE9-87C4-D30CA5AA93A3}) (Version: 15.3.330 — Trimble Navigation Limited)
SketchUp Import for AutoCAD 2014 (HKLM-x32\…\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 — Autodesk)
Skype™ 6.22 (HKLM-x32\…\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 — Skype Technologies S.A.)
STDU Viewer version 1.6.375.0 (HKLM-x32\…\STDU Viewer_is1) (Version: 1.6.375.0 — STDUtility)
TP-LINK TL-WN721N_TL-WN722N Драйвер (HKLM-x32\…\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 — TP-LINK)
VLC media player (HKLM\…\VLC media player) (Version: 2.2.4 — VideoLAN)
VRay 2.50.01 for 3ds Max 2015 VRay 2.50.01 for 3ds Max 2015 (HKLM-x32\…\VRay 2.50.01 for 3ds Max 2015 VRay 2.50.01 for 3ds Max 2015) (Version: VRay 2.50.01 for 3ds Max 2015 — VRay 2.50.01 for 3ds Max 2015)
V-Ray for 3dsmax 2016 for x64 (HKLM\…\V-Ray for 3dsmax 2016 for x64) (Version: 3.20.03 — Chaos Software Ltd)
VueScan x64 (HKLM\…\VueScan x64) (Version: — )
Wacom (HKLM\…\Pen Tablet Driver) (Version: 5.3.5-3 — Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\…\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 — Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\…\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.20 of 2013-Dec-18 (Build 1230) (Setup) — WIBU-SYSTEMS AG)
ZET 9 Lite 2.20 (HKLM-x32\…\ZET 9 Lite 2.20) (Version: 2.20 — ZET Astrology Software)
Архиватор WinRAR (HKLM-x32\…\WinRAR archiver) (Version: — )
Отмена установки принтера EPSON WF-7015 Series (HKLM\…\EPSON WF-7015 Series) (Version: — SEIKO EPSON Corporation)
Панель управления NVIDIA 327.02 (Version: 327.02 — NVIDIA Corporation) Hidden
Поддержка программ Apple (HKLM-x32\…\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 — Apple Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {32FAFEF1-5FB0-4E73-AEE1-22773E4F3905} — System32\Tasks\{8623CC48-AE1D-44EE-A958-A55A1BD6DE5B} => pcalua.exe -a «C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\removeAdAppMgr.exe»
Task: {40F22AE2-477D-45EE-878D-CDD600D2174A} — System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {4605051C-481F-421B-9F5B-8B98F93F4903} — System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)
Task: {5623951C-0FA5-47ED-8169-6E7A7AF1303E} — System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)
Task: {56FE58E8-B7BA-4355-981A-E974B47B7DC8} — System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => %ProgramFiles(x86)%\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {580760AD-8717-4691-A3D9-87ADD7058DA8} — System32\Tasks\ASC8_SkipUac_Татьяна => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: {618FCA95-A52F-4F8F-AEFD-D10633C36D78} — System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {627C4B28-D775-45EA-BC16-9935524A605C} — System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-04-01] (HP Inc.)
Task: {B0188156-FD38-4120-B0BF-EE9B609AA022} — System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {BA09D8A4-820A-411F-A419-438196607498} — System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {BA835096-5DFD-41C0-953E-0FD365EE0FB8} — System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {BAEA3911-DC47-49F3-BF28-85CC1F41D9D8} — System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {C14B9E04-0ACD-4996-8C41-D00DBF586D41} — System32\Tasks\{AFFF358B-F374-4F42-97E5-A66B02FC32C9} => pcalua.exe -a «C:\Program Files\GRAPHISOFT\ArchiCAD 18\Uninstall.AC\uninstaller.exe»
Task: {C9F972AC-B8F4-476C-87C3-D4758227BEA6} — System32\Tasks\Dr.Web Update Key => C:\Dr.Web7v4\plus\!update_key.bat
Task: {D0672105-5EBD-4B46-AC30-A2D9F675D368} — System32\Tasks\{BDE85966-9E74-475E-A11F-016C7E2C4200} => pcalua.exe -a «C:\Program Files (x86)\Autodesk\Content Service\Setup\Setup.exe» -c /P {62F029AB-85F2-0000-866A-9FC0DD99DDBC} /M ContentService /LANG en-US
Task: {D21417A3-A703-4E8A-91EF-327E0BE44DD4} — System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {D3494E86-842D-4153-99E3-FD36D5DA93AD} — System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: {D9B64E35-C130-4297-AA2C-73EFC01DE1F2} — System32\Tasks\Uninstaller_SkipUac_Татьяна => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {E01EB373-9499-45EF-8D75-08199E1DD6CF} — System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Task: {E5AC6C34-9C91-49AA-A0FD-409460FD53FB} — System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {FCCAD9F5-2125-4782-B31A-B9CC64C06E96} — System32\Tasks\HPCeeScheduleForТатьяна => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Татьяна.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForТатьяна.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Татьяна.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Татьяна\Links\Загрузки.lnk -> C:\Users\Татьяна\Downloads () <===== Cyrillic
Shortcut: C:\Users\Татьяна\Links\ПРОЕКТЫ Архив.lnk -> I:\ПРОЕКТЫ Архив () <===== Cyrillic
Shortcut: C:\Users\Татьяна\Links\ПРОЕКТЫ.lnk -> I:\ПРОЕКТЫ () <===== Cyrillic
Shortcut: C:\Users\Татьяна\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Корзина.lnk -> [LFx@_dP/N1SPSU(Ly9K-q/{7A06FD0D-E245-432D-A497-B390B4535317}\>@78=0] <===== Cyrillic
Shortcut: C:\Users\Татьяна\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files (x86)\WINRAR\Rar.txt () <===== Cyrillic
Shortcut: C:\Users\Татьяна\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files (x86)\WINRAR\WinRAR.chm () <===== Cyrillic
==================== Loaded Modules (Whitelisted) ==============
2014-08-05 20:00 — 2008-06-10 08:38 — 00062464 ____N () C:\Program Files (x86)\WINRAR\rarext64.dll
2014-11-24 16:40 — 2014-08-19 22:12 — 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2012-10-12 19:22 — 2012-10-12 19:22 — 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 19:22 — 2012-10-12 19:22 — 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 19:22 — 2012-10-12 19:22 — 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-10-25 13:57 — 2014-10-25 13:57 — 00120224 _____ () C:\Users\Татьяна\AppData\Local\assembly\dl3\H5004WYA.J3E\A7AAEKK1.AKG\1c1bb4a8\004b58b8_95a8cd01\HPItunesModule.DLL
2017-06-05 17:44 — 2017-05-31 11:09 — 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-05-16 12:53 — 2017-05-09 12:13 — 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-16 12:53 — 2017-05-09 12:13 — 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2016-12-05 19:36 — 2016-10-19 16:16 — 04661248 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\Расширения ARCHICAD\ArchiFrame\ArchiFrame20_64.apx
2016-12-05 19:34 — 2016-08-31 20:58 — 02402304 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\Расширения ARCHICAD\CadimageTools\Cadimage Cabinets.apx
2016-12-05 19:34 — 2016-08-31 20:59 — 03400704 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\Расширения ARCHICAD\CadimageTools\Cadimage Coverings.apx
2016-12-05 19:34 — 2016-08-31 21:00 — 03670016 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\Расширения ARCHICAD\CadimageTools\Cadimage Doors+Windows.apx
2016-12-05 19:34 — 2016-08-31 20:53 — 03281920 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\Расширения ARCHICAD\CadimageTools\Cadimage Electrical.apx
2016-12-05 19:34 — 2016-08-31 20:50 — 04665856 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\Расширения ARCHICAD\CadimageTools\Cadimage Keynotes.apx
2016-12-05 19:34 — 2016-08-31 20:05 — 04035072 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\Расширения ARCHICAD\CadimageTools\Cadimage Objective.apx
2016-12-05 19:34 — 2016-08-31 20:56 — 03123712 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\Расширения ARCHICAD\CadimageTools\Cadimage Stairs.apx
2016-12-05 19:34 — 2016-08-31 13:45 — 02404352 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\Расширения ARCHICAD\CadimageTools\Cadimage Update.apx
2016-12-05 19:12 — 2016-10-20 04:46 — 08279040 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\edmikit500.dll
2016-12-05 19:12 — 2016-10-20 04:46 — 00880128 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\edm_libxml2.dll
2016-12-05 19:31 — 2016-10-20 04:30 — 38665232 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\modules\c4dplugin.xdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 00596496 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\modules\crashhandler.module.xdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 02494480 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\modules\crypt.module.xdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 02872336 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\modules\image.module.xdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 00475152 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\modules\mesh.module.xdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 02822160 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\modules\misc.module.xdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 01665552 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\modules\network.module.xdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 00401424 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\modules\triangulation.module.xdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 01652240 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\advanced render.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 00265232 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\archigrass.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 03406352 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\collada14.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 04084240 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\collada15.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 00672784 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\dwgobjects.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 12614160 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\fbx.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 03158032 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\hair.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 06470160 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\model.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 05908496 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\newman.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 04323344 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\objects.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 01266704 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\openexr.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 01012752 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\shader.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 01867280 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\sketch.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 02221072 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\sky.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 02419728 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\sla.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 03545616 _____ () C:\PROGRAM FILES\GRAPHISOFT\ARCHICAD 20\CINERENDER\modules\xtensions.cdl64
2016-12-05 19:31 — 2016-10-20 04:30 — 00313144 _____ () C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\resource\libs\win32\qtguiagent.exe
2014-07-31 11:16 — 2014-07-31 11:16 — 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 — 2014-07-31 11:16 — 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-17 06:22 — 2015-08-17 06:22 — 00218624 _____ () C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.lRu
2013-04-30 14:20 — 2012-06-08 06:34 — 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 — 2012-06-08 13:34 — 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-04 21:59 — 2014-11-04 21:59 — 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-03-27 20:41 — 2017-03-27 20:41 — 01415952 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL
2017-03-27 20:41 — 2017-03-27 20:41 — 00142096 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]AlternateDataStreams: C:\ProgramData\Temp:A1EDB939 [138]AlternateDataStreams: C:\Users\Все пользователи\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]AlternateDataStreams: C:\Users\Все пользователи\Temp:A1EDB939 [138] ==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The «AlternateShell» will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\Software\Classes\.scr: AutoCADScriptFile => C:\windows\system32\notepad.exe «%1»
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 08:26 — 2015-03-12 17:39 — 00000876 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Татьяна\Desktop\dd801705873d00c47e469bc8fcc84335.jpg
DNS Servers: 192.168.88.1 — 109.195.224.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\…\StartupApproved\StartupFolder: => «Network Server.lnk»
HKLM\…\StartupApproved\StartupFolder: => «CodeMeter Control Center.lnk»
HKLM\…\StartupApproved\Run32: => «ADSKAppManager»
HKLM\…\StartupApproved\Run32: => «iTunesHelper»
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\StartupApproved\Run: => «GoogleChromeAutoLaunch_0DC2622B04FE04CB226FDE56E212A091»
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\StartupApproved\Run: => «Akamai NetSession Interface»
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{BA3C38D3-FEFF-49E6-ADC7-E0B581EADB45}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{30C4444B-E21A-4BF8-B5A7-7714D0769A5B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6C78CAC7-4FAE-445F-9423-27685A028070}] => (Allow) LPort=50248
FirewallRules: [{5E54310E-2DAB-4333-8DF0-1D79B5B5A131}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{00919D85-223F-452D-B241-1FF9535B5C9E}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{5281A429-55CE-4EBC-B634-98A5B3196B9B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{88CF80DB-79B1-4E98-8666-7D46DA2C2823}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FFCB54A1-BD02-4BA6-A2A1-A88770364F56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A239B375-4999-4570-AE85-B337C336312A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D33ACCE-1EA0-4035-95B4-FEB34CF735DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8F7F146B-9999-48D2-B038-6C83FA61418E}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{4D7AD3F4-04FB-4786-85E0-8B727E03B173}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{D5F65460-48AF-423C-9708-F7A7D90A65D1}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{7A7E0299-48F4-440B-9EA8-72EEB6156253}] => (Allow) C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{6A268D8D-C332-4A67-AF63-AB160AEA4D3A}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{78863709-7381-4338-859E-0C269F3EA51D}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
FirewallRules: [{90A99E62-8550-4C07-9954-31DACDE4B782}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{394ADD65-19B5-46DC-9CC9-8836C69E7E9C}] => (Allow) C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64.exe
FirewallRules: [{063CB02B-2406-47AC-B7A3-AB531422F4DE}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{0AAA0683-FAF5-4133-AEEF-8788A66645EA}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{33FE48C0-E2E8-4708-9042-990699C2E13A}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{CB14A8EB-91E7-4206-AFE8-0DEC53C6E750}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{87DA0C3F-BA26-40FF-9875-EE47BEBC4B85}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 19\ArchiCAD.exe
FirewallRules: [{91231B16-4280-40CA-B44B-1CCFC19F7163}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 19\ArchiCAD.exe
FirewallRules: [{135AEFFC-608A-4258-B2EF-0BD00C14C668}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 19\CineRender\CineRender 64bit.exe
FirewallRules: [{E9A5B223-C3E2-4FBE-B3D7-8ABE4A6F1D39}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 19\CineRender\CineRender 64bit.exe
FirewallRules: [{48D1D4EE-E401-484A-8728-7E058CC91D72}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 19\BIMxUploader.exe
FirewallRules: [{0E48739A-87C7-49D5-B9E5-888ACD17A276}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 19\BIMxUploader.exe
FirewallRules: [{3473DCC7-B69D-4966-8AC2-BFEFE0D4911F}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{AB4407A6-A8FD-4D3B-BCF2-90DB9F05ABB7}C:\program files\graphisoft\archicad 19\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 19\archicad.exe
FirewallRules: [UDP Query User{995E93CA-EA4D-4808-A2E0-60909061FC49}C:\program files\graphisoft\archicad 19\archicad.exe] => (Allow) C:\program files\graphisoft\archicad 19\archicad.exe
FirewallRules: [TCP Query User{D5EE4AE4-C6DA-4F78-8CB4-DDA74078E73F}C:\program files\graphisoft\archicad 19\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 19\cinerender\cinerender 64bit.exe
FirewallRules: [UDP Query User{F515B5A7-97AB-46EE-949E-696304C6B88F}C:\program files\graphisoft\archicad 19\cinerender\cinerender 64bit.exe] => (Allow) C:\program files\graphisoft\archicad 19\cinerender\cinerender 64bit.exe
FirewallRules: [{8B941BEC-24A8-4A0C-9263-F18E14A5D0E8}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{C84A64A3-52E2-4DF1-BF93-09AE75E16B7B}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{7F43CF77-B8D8-47E5-BB21-02659A52E837}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{50F1A602-A257-4EDA-B591-06838AABF547}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{B6047EAF-327D-4CE2-8546-9003EFED8630}] => (Allow) C:\Program Files\Chaos Group\V-Ray\3dsmax 2016 for x64\vrlservice.exe
FirewallRules: [{8600D799-0137-4343-93DA-E21C0C87E350}] => (Allow) C:\Program Files\Chaos Group\V-Ray\3dsmax 2016 for x64\vrlservice.exe
FirewallRules: [TCP Query User{299D0FBC-C3B1-4421-B3A1-882CAEE43E3D}C:\program files\autodesk\3ds max design 2015\3dsmax.exe] => (Allow) C:\program files\autodesk\3ds max design 2015\3dsmax.exe
FirewallRules: [UDP Query User{B160ED31-253D-4E04-A086-15C84B2CB157}C:\program files\autodesk\3ds max design 2015\3dsmax.exe] => (Allow) C:\program files\autodesk\3ds max design 2015\3dsmax.exe
FirewallRules: [{BC1E70AF-EF90-47A3-AFAF-816B7D679771}] => (Block) C:\program files\autodesk\3ds max design 2015\3dsmax.exe
FirewallRules: [{675C3707-2891-482F-818F-BF8110BC0CDF}] => (Block) C:\program files\autodesk\3ds max design 2015\3dsmax.exe
FirewallRules: [{DE70F77F-4746-4A21-9A42-D07BDF2BEF19}] => (Allow) C:\Users\Татьяна\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C20FDB18-613F-44DB-9A06-B0B5C2937F56}] => (Allow) C:\Users\Татьяна\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E699F1FA-2353-44EE-AC5B-992396FBC95D}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 20\ARCHICAD.exe
FirewallRules: [{6A9F044A-D653-4718-9045-2B94EFE7FEE3}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\CineRender 64bit.exe
FirewallRules: [{1C919252-2C20-494A-8825-D979B98361C6}] => (Allow) C:\Program Files\GRAPHISOFT\ARCHICAD 20\BIMxUploader.exe
FirewallRules: [{971C21FB-4462-4487-90FD-51F2CBADD32F}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 20\OverwatchServer.exe
FirewallRules: [{0E51EF78-6F39-455A-8E90-94F58B9AAADF}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{A3FD11A5-3691-4073-964A-A5D031C54D3F}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{41132C40-02D5-4152-98A4-D045D8608E3A}C:\users\татьяна\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\татьяна\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E1191C02-786B-421A-8788-D16F493057CB}C:\users\татьяна\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\татьяна\appdata\local\akamai\netsession_win.exe
FirewallRules: [{D99B18D5-60DE-4254-A9DF-84A8D2599EC8}] => (Allow) C:\Program Files\Lumion 6.0\Lumion.exe
FirewallRules: [{B9F56088-1ACC-46DC-8A61-A08DAB17FDFF}] => (Allow) C:\Program Files\Lumion 6.0\Lumion.exe
FirewallRules: [{3A05A311-A979-4BB4-BD6E-EB3BADE4B923}] => (Allow) C:\Program Files\Lumion 6.0\Lumion.exe
FirewallRules: [{384B0530-D096-41AC-9904-59448ED5FD30}] => (Allow) C:\Program Files\Lumion 6.0\Lumion.exe
FirewallRules: [{A6331D87-17AA-42FD-9885-C410F143A6EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{ED48D5F2-1257-4B28-8D25-53F5F01EE3DD}] => (Allow) C:\Program Files\UBar\ubar.exe
FirewallRules: [{5F6DE6EC-2A09-45F2-8F78-86FDBD0B3C2F}] => (Allow) C:\Users\Татьяна\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{F398A4E0-DD6D-4716-AC61-2B8A5FE0A48E}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{C75C8262-1B21-43F9-9D30-E46277AD6D73}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{A221EE51-DB11-495D-A3CF-983F4BD8DACD}] => (Block) LPort=445
FirewallRules: [{1990A551-3538-4882-BADB-6C77F9122A41}] => (Block) LPort=445
FirewallRules: [{1E332FDF-1FAC-4B58-AB5B-76568E7484B9}] => (Allow) C:\Users\Татьяна\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5791989A-F9D3-40E4-8F29-565DE3EA5A4D}] => (Allow) C:\Users\Татьяна\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{204B7CF7-3D3E-4703-8C60-293D7B4BA633}] => (Allow) C:\Users\Татьяна\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EF1A8E1A-21CE-409F-A554-91D0844785AE}] => (Allow) C:\Users\Татьяна\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{367D31CA-526F-4473-B6A9-6D7E6B212419}] => (Allow) C:\Users\Татьяна\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{01342953-FC30-4D09-9B6C-5C2D45AACAD5}] => (Allow) C:\Users\Татьяна\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0BBA2ED6-110F-4866-BF9D-7B23A80BCC3B}] => (Allow) LPort=53000
FirewallRules: [{730578EB-2BFD-474F-967C-99697A6E3C3B}] => (Allow) LPort=52000
FirewallRules: [{39AD3B4D-AA33-4AAF-AD7E-F5E4DDBBEE4B}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
==================== Restore Points =========================
13-05-2017 14:22:49 Запланированная контрольная точка
23-05-2017 14:32:08 Запланированная контрольная точка
31-05-2017 06:14:30 Запланированная контрольная точка
04-06-2017 20:59:37 Removed Download Navigator
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/05/2017 07:33:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows не удается загрузить файл классов реестра.
СВЕДЕНИЯ — База данных реестра повреждена.
Error: (06/05/2017 07:33:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows не удалось загрузить реестр. Обычно это происходит из-за нехватки памяти или недостаточных прав безопасности.
ПОДРОБНО — База данных реестра повреждена.
для C:\Users\Татьяна\AppData\Local\Microsoft\Windows\\UsrClass.dat
Error: (06/05/2017 07:33:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows не удается загрузить файл классов реестра.
СВЕДЕНИЯ — База данных реестра повреждена.
Error: (06/05/2017 07:33:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows не удалось загрузить реестр. Обычно это происходит из-за нехватки памяти или недостаточных прав безопасности.
ПОДРОБНО — База данных реестра повреждена.
для C:\Users\Татьяна\AppData\Local\Microsoft\Windows\\UsrClass.dat
Error: (06/05/2017 07:20:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows не удается загрузить файл классов реестра.
СВЕДЕНИЯ — База данных реестра повреждена.
Error: (06/05/2017 07:20:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows не удалось загрузить реестр. Обычно это происходит из-за нехватки памяти или недостаточных прав безопасности.
ПОДРОБНО — База данных реестра повреждена.
для C:\Users\Татьяна\AppData\Local\Microsoft\Windows\\UsrClass.dat
Error: (06/05/2017 07:20:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows не удается загрузить файл классов реестра.
СВЕДЕНИЯ — База данных реестра повреждена.
Error: (06/05/2017 07:20:43 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows не удалось загрузить реестр. Обычно это происходит из-за нехватки памяти или недостаточных прав безопасности.
ПОДРОБНО — База данных реестра повреждена.
для C:\Users\Татьяна\AppData\Local\Microsoft\Windows\\UsrClass.dat
Error: (06/05/2017 07:20:31 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows не удается загрузить файл классов реестра.
СВЕДЕНИЯ — База данных реестра повреждена.
Error: (06/05/2017 07:20:31 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows не удалось загрузить реестр. Обычно это происходит из-за нехватки памяти или недостаточных прав безопасности.
ПОДРОБНО — База данных реестра повреждена.
для C:\Users\Татьяна\AppData\Local\Microsoft\Windows\\UsrClass.dat
System errors:
=============
Error: (06/05/2017 06:31:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Ошибка установки: не удается установить следующее обновление из-за ошибки 0x80070002: microsoft.windowscommunicationsapps.
Error: (06/05/2017 06:30:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Ошибка установки: не удается установить следующее обновление из-за ошибки 0x80070002: Microsoft.BingFoodAndDrink.
Error: (06/05/2017 06:30:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Ошибка установки: не удается установить следующее обновление из-за ошибки 0x80070002: Microsoft.ZuneVideo.
Error: (06/05/2017 06:30:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Ошибка установки: не удается установить следующее обновление из-за ошибки 0x80070002: Microsoft.ZuneVideo.
Error: (06/05/2017 06:30:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Ошибка установки: не удается установить следующее обновление из-за ошибки 0x80070002: Microsoft.ZuneMusic.
Error: (06/05/2017 06:30:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Ошибка установки: не удается установить следующее обновление из-за ошибки 0x80070002: Microsoft.BingHealthAndFitness.
Error: (06/05/2017 06:29:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Ошибка установки: не удается установить следующее обновление из-за ошибки 0x80070002: Microsoft.Office.OneNote.
Error: (06/05/2017 06:29:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Ошибка установки: не удается установить следующее обновление из-за ошибки 0x80070002: Microsoft.BingSports.
Error: (06/05/2017 06:29:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Ошибка установки: не удается установить следующее обновление из-за ошибки 0x80070002: Microsoft.WindowsReadingList.
Error: (06/05/2017 06:29:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Ошибка установки: не удается установить следующее обновление из-за ошибки 0x80070002: Microsoft.BingTravel.
CodeIntegrity:
===================================
Date: 2017-06-05 17:57:24.314
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-06-05 17:50:40.716
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.
Date: 2017-06-05 17:50:40.716
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.
Date: 2017-06-05 17:50:40.701
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.
Date: 2017-06-05 17:50:40.701
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.
Date: 2017-06-05 17:50:40.669
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.
Date: 2017-06-05 17:50:40.638
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.
Date: 2017-06-05 17:39:51.647
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2017-06-05 17:36:35.821
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.
Date: 2017-06-05 16:35:37.256
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\CcavGuard64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 69%
Total physical RAM: 8150.06 MB
Available physical RAM: 2480.29 MB
Total Virtual: 15318.06 MB
Available Virtual: 8035.05 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:459.55 GB) (Free:294.57 GB) NTFS ==>[system with boot components (obtained from drive)]Drive d: (Recovery Image) (Fixed) (Total:11.16 GB) (Free:1.33 GB) NTFS ==>[system with boot components (obtained from drive)]Drive g: (MAXDES2015) (CDROM) (Total:7.45 GB) (Free:0 GB) CDFS
Drive i: (Новый том) (Fixed) (Total:458.89 GB) (Free:214.65 GB) NTFS
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:437.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CC2149CA)
Partition: GPT.
========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 99C55A24)
Partition 1: (Active) — (Size=931.5 GB) — (Type=07 NTFS)
==================== End of Addition.txt ============================
И вот.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2017
Ran by Татьяна (administrator) on SIMONA (05-06-2017 19:33:25)
Running from C:\Users\Татьяна\Downloads
Loaded Profiles: Татьяна (Available Profiles: Татьяна & Администратор)
Platform: Windows 8 Pro (X64) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(COMODO) C:\Windows\Temp\ise~5c2ed955-618b-461a-be96-455aa3145fc6
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GRAPHISOFT SE) C:\Program Files\GRAPHISOFT\ARCHICAD 20\ARCHICAD.exe
(GRAPHISOFT SE) C:\Program Files\GRAPHISOFT\ARCHICAD 20\OverwatchServer.exe
(MAXON Computer GmbH) C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\CineRender.exe
() C:\Program Files\GRAPHISOFT\ARCHICAD 20\CineRender\resource\libs\win32\qtguiagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\…\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\…\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\…\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\Run: [KSS] => «C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe» autorun
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\Run: [Akamai NetSession Interface] => «C:\Users\Татьяна\AppData\Local\Akamai\netsession_win.exe»
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5622032 2017-03-27] (Performix LLC)
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\Policies\Explorer: []
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\MountPoints2: G — «G:\Setup.exe»
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\MountPoints2: {b2e39704-65c1-11e4-be8b-6c3be52747b0} — «H:\Startme.exe»
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\MountPoints2: {f7dd7e28-430c-11e4-be81-6c3be52747b0} — «G:\Setup.exe»
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-12-05]ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2014-10-23]ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (No File)
GroupPolicy: Restriction — Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 109.195.224.1 5.3.3.3
Tcpip\..\Interfaces\{B1128357-DC8E-4C19-8540-612780B52A6B}: [DhcpNameServer] 192.168.88.1 109.195.224.1 5.3.3.3
ManualProxies:
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811013
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {E92C1144-F373-444E-8EDD-A1DCDD0D08EC} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {E92C1144-F373-444E-8EDD-A1DCDD0D08EC} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link_code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2938026407-1273681603-1291515782-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
SearchScopes: HKU\S-1-5-21-2938026407-1273681603-1291515782-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/yandsearch?win=143&clid=2154478&text={searchTerms}
SearchScopes: HKU\S-1-5-21-2938026407-1273681603-1291515782-1001 -> {E92C1144-F373-444E-8EDD-A1DCDD0D08EC} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link_code=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-08] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-2938026407-1273681603-1291515782-1001 -> No Name — {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} — No File
DPF: HKLM-x32 {093500E9-F79F-4C52-A9B5-D8C7E4B3023E} file:///C:/Users/8C74~1/AppData/Local/Temp/o3dCF16.tmp.cab
DPF: HKLM-x32 {810B649C-CEAE-4AC9-BF26-81341B49E913} file:///C:/Users/8C74~1/AppData/Local/Temp/o3dBB6D.tmp.cab
FireFox:
========
FF ProfilePath: C:\Users\Татьяна\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-06-04]FF user.js: detected! => C:\Users\Татьяна\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2017-06-04]FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Поиск@Mail.Ru
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Поиск@Mail.Ru
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://mail.ru/cnt/10445?gp=811013
FF Keyword.URL: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://go.mail.ru/distib/ep/?product_id={2F966DDE-A1EF-4172-BE8B-AE8E6358FFA0}&gp=811014
FF SearchPlugin: C:\Users\Татьяна\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-121623.xml [2014-09-23]FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll [No File]FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2011-05-21] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-08] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @outline3d.com/MozillaWrapper -> C:\Program Files (x86)\Common Files\ParallelGraphics\Outline3d\npOutline3dWrapper.dll [2016-04-12] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxps://mail.ru/cnt/11956636
CHR StartupUrls: Default -> «hxxp://mail.ru/cnt/10445?gp=811009»
CHR DefaultSearchKeyword: Default -> google.ru_
CHR Profile: C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default [2017-06-05]CHR Extension: (Google Переводчик) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-11-16]CHR Extension: (Документы Google) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]CHR Extension: (Диск Google) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]CHR Extension: (YouTube) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]CHR Extension: (Google Search) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]CHR Extension: (Silver Bird) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2014-08-20]CHR Extension: (Google Документы офлайн) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]CHR Extension: (AdBlock) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-04]CHR Extension: (MusicSig для Вконтакте (Vkontakte)) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\hanjiajgnonaobdlklncdjdmpbomlhoa [2017-05-16]CHR Extension: (VkOpt) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoboppgpbgclpfnjfdidokiilachfcbb [2017-06-04]CHR Extension: (Google в качестве стартовой страницы) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjopffcocgcnkigpnnmpcoimhjbjmba [2016-06-29]CHR Extension: (ТВ для Google Chrome™) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe [2017-01-23]CHR Extension: (Google Mail Checker) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-08-20]CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]CHR Extension: (Evernote Web Clipper) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-05-31]CHR Extension: (Gmail) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]CHR Extension: (Chrome Media Router) — C:\Users\Татьяна\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-18]CHR HKLM-x32\…\Chrome\Extension: [ajkpgdiejopejkllbihfkpcbmgclpkij] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [aminlpmkfcdibgpgfajlgnamicjckkjf] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [gdknicmnhbaajdglbinpahhapghpakch] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [pleoihkpdomoijdpaibdciidfoeedamm] — hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [151312 2017-03-27] (Performix LLC)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-11-04] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-15] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2014-09-23] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S2 SvcHost Service Host; «C:\Windows\Microsoft\svchost.exe» -k LocalService [X] ===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 adgnetworktdidrv; C:\WINDOWS\System32\drivers\adgnetworktdidrv.sys [63728 2017-03-22] ()
S3 athur; C:\WINDOWS\system32\DRIVERS\athuw8x.sys [2919936 2014-04-17] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-31] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-05] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-05] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-05] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-05] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2014-11-04] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35320 2014-09-22] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [258368 2014-09-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [106760 2014-10-23] (WIBU-SYSTEMS AG)
R3 WUDFWpdComp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]R4 cmdccav; system32\drivers\CmdCCAV.sys [X] ==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-05 19:33 — 2017-06-05 19:34 — 00021926 _____ C:\Users\Татьяна\Downloads\FRST.txt
2017-06-05 19:33 — 2017-06-05 19:33 — 00000000 ____D C:\FRST
2017-06-05 19:32 — 2017-06-05 19:32 — 02433536 _____ (Farbar) C:\Users\Татьяна\Downloads\FRST64.exe
2017-06-05 19:11 — 2017-06-05 19:12 — 29806917 _____ C:\Users\Татьяна\Downloads\43735.526de86799edc (1).zip
2017-06-05 19:09 — 2017-06-05 19:09 — 02458451 _____ C:\Users\Татьяна\Desktop\Двор Козлова 69-71.dwg
2017-06-05 19:02 — 2017-06-05 19:02 — 03721477 _____ C:\Users\Татьяна\Desktop\посадка.dwg
2017-06-05 18:22 — 2017-06-05 18:23 — 29806917 _____ C:\Users\Татьяна\Downloads\43735.526de86799edc.zip
2017-06-05 18:14 — 2017-06-05 19:36 — 00000000 ____D C:\Users\Все пользователи\Adguard
2017-06-05 18:14 — 2017-06-05 19:35 — 00000000 ____D C:\ProgramData\Adguard
2017-06-05 18:14 — 2017-06-05 18:14 — 00000907 _____ C:\Users\Public\Desktop\Adguard.lnk
2017-06-05 18:14 — 2017-06-05 18:14 — 00000259 _____ C:\WINDOWS\SysWOW64\Drivers\vwifikerneldrv.sys
2017-06-05 18:14 — 2017-06-05 18:14 — 00000259 _____ C:\WINDOWS\SysWOW64\d3dx9_11.dll.tmp
2017-06-05 18:14 — 2017-06-05 18:14 — 00000259 _____ C:\Users\Все пользователи\fontcacheev1.dat
2017-06-05 18:14 — 2017-06-05 18:14 — 00000259 _____ C:\ProgramData\fontcacheev1.dat
2017-06-05 18:14 — 2017-06-05 18:14 — 00000000 ____D C:\Users\Татьяна\AppData\Roaming\Performix LLC
2017-06-05 18:14 — 2017-06-05 18:14 — 00000000 ____D C:\Users\Татьяна\AppData\Local\Performix_LLC
2017-06-05 18:14 — 2017-06-05 18:14 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2017-06-05 18:14 — 2017-06-05 18:14 — 00000000 ____D C:\Program Files (x86)\Adguard
2017-06-05 18:14 — 2017-03-22 01:50 — 00063728 _____ () C:\WINDOWS\system32\Drivers\adgnetworktdidrv.sys
2017-06-05 18:12 — 2017-06-05 18:12 — 00173328 _____ C:\Users\Татьяна\Downloads\adguardInstaller.exe
2017-06-05 17:45 — 2017-06-05 17:46 — 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-05 17:45 — 2017-06-05 17:45 — 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-05 17:45 — 2017-06-05 17:45 — 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-05 17:45 — 2017-06-05 17:45 — 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-05 17:44 — 2017-06-05 17:44 — 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-05 17:44 — 2017-06-05 17:44 — 00001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-05 17:44 — 2017-06-05 17:44 — 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2017-06-05 17:44 — 2017-06-05 17:44 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-05 17:44 — 2017-06-05 17:44 — 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-05 17:44 — 2017-06-05 17:44 — 00000000 ____D C:\Program Files\Malwarebytes
2017-06-05 17:44 — 2017-05-31 11:09 — 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-05 17:36 — 2017-06-05 17:38 — 00000004 ____H C:\Users\Все пользователи\cm-lock
2017-06-05 17:36 — 2017-06-05 17:38 — 00000004 ____H C:\ProgramData\cm-lock
2017-06-05 16:44 — 2017-06-05 16:44 — 00342523 _____ C:\Users\Татьяна\Desktop\2.dwg
2017-06-05 16:43 — 2017-06-05 16:43 — 01898295 _____ C:\Users\Татьяна\Desktop\1.dwg
2017-06-05 10:58 — 2017-06-05 19:34 — 00160510 _____ C:\WINDOWS\system32\Drivers\ccavsfi.dat
2017-06-05 10:54 — 2017-06-05 18:02 — 00000000 ____D C:\Users\Все пользователи\COMODO
2017-06-05 10:54 — 2017-06-05 18:02 — 00000000 ____D C:\ProgramData\COMODO
2017-06-05 10:42 — 2017-06-05 10:45 — 00003350 _____ C:\WINDOWS\System32\Tasks\Dr.Web Update Key
2017-06-05 10:37 — 2017-06-05 17:33 — 00000000 ____D C:\Users\Татьяна\AppData\LocalLow\uTorrent
2017-06-04 22:40 — 2017-06-04 22:40 — 00000258 __RSH C:\Users\Татьяна\ntuser.pol
2017-06-04 22:09 — 2017-06-04 22:36 — 00000000 ____D C:\Program Files (x86)\Movavi Video Editor 12
2017-06-04 22:09 — 2017-06-04 22:09 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 12
2017-06-04 22:00 — 2017-06-04 22:00 — 00000000 ____D C:\Users\Татьяна\.fontconfig
2017-06-04 21:58 — 2017-06-04 21:58 — 00004106 _____ C:\Users\Все пользователи\kjiixkes.ghp
2017-06-04 21:58 — 2017-06-04 21:58 — 00004106 _____ C:\ProgramData\kjiixkes.ghp
2017-06-04 21:58 — 2017-06-04 21:58 — 00001957 _____ C:\Users\Татьяна\Desktop\Movavi Video Suite.lnk
2017-06-04 21:58 — 2017-06-04 21:58 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Suite 16
2017-06-04 21:57 — 2017-06-04 21:58 — 00000000 ____D C:\Program Files (x86)\Movavi Video Suite 16
2017-06-04 21:57 — 2017-06-04 21:57 — 00000000 ____D C:\Users\Татьяна\AppData\Local\_VideoEditor
2017-06-04 21:57 — 2017-06-04 21:57 — 00000000 ____D C:\Users\Татьяна\AppData\Local\_VideoCapture
2017-06-04 21:57 — 2017-06-04 21:57 — 00000000 ____D C:\Users\Татьяна\AppData\Local\_Suite
2017-06-04 21:57 — 2017-06-04 21:57 — 00000000 ____D C:\Users\Татьяна\AppData\Local\_SplitMovie
2017-06-04 21:57 — 2017-06-04 21:57 — 00000000 ____D C:\Users\Татьяна\AppData\Local\_ScreenCapture
2017-06-04 21:57 — 2017-06-04 21:57 — 00000000 ____D C:\Users\Татьяна\AppData\Local\_MediaPlayer
2017-06-04 21:57 — 2017-06-04 21:57 — 00000000 ____D C:\Users\Татьяна\AppData\Local\_converter
2017-06-04 21:57 — 2017-06-04 21:57 — 00000000 ____D C:\Users\Все пользователи\Movavi Video Suite 16
2017-06-04 21:57 — 2017-06-04 21:57 — 00000000 ____D C:\Users\Все пользователи\Movavi
2017-06-04 21:57 — 2017-06-04 21:57 — 00000000 ____D C:\ProgramData\Movavi Video Suite 16
2017-06-04 21:57 — 2017-06-04 21:57 — 00000000 ____D C:\ProgramData\Movavi
2017-06-04 21:56 — 2017-06-04 21:56 — 00000000 ____D C:\Users\Татьяна\Downloads\Movavi Video Suite 16.0.2 RePack (& Portable) by TryRooM
2017-06-04 21:33 — 2017-06-05 11:04 — 00002852 _____ C:\Users\Татьяна\Desktop\µTorrent.lnk
2017-06-04 21:31 — 2017-02-11 22:25 — 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-04 21:31 — 2017-02-10 22:09 — 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-06-04 21:31 — 2017-02-10 04:31 — 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-04 21:31 — 2017-02-10 03:12 — 01375960 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-06-04 21:31 — 2017-02-09 18:28 — 01987584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-04 21:31 — 2017-02-09 18:19 — 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-04 21:31 — 2017-02-09 18:16 — 01560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-04 21:31 — 2017-02-09 18:16 — 01094656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-04 21:31 — 2017-02-09 17:59 — 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-06-04 21:31 — 2017-02-09 17:58 — 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-06-04 21:31 — 2017-02-09 17:58 — 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-06-04 21:31 — 2017-02-04 23:32 — 07444832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-04 21:31 — 2017-02-04 23:30 — 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-06-04 21:31 — 2017-02-04 23:30 — 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-06-04 21:31 — 2017-02-04 23:30 — 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-06-04 21:31 — 2017-02-04 23:30 — 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-06-04 21:31 — 2017-02-04 22:32 — 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2017-06-04 21:31 — 2017-02-04 22:30 — 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-06-04 21:31 — 2017-02-04 21:14 — 01001472 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-04 21:31 — 2017-02-04 20:50 — 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-06-04 21:31 — 2017-02-04 20:40 — 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-06-04 21:31 — 2017-02-04 20:32 — 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2017-06-04 21:31 — 2017-02-04 20:17 — 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-06-04 21:31 — 2017-02-04 20:10 — 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-06-04 21:31 — 2017-02-04 20:05 — 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-06-04 21:31 — 2017-01-22 00:37 — 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-04 21:31 — 2017-01-21 22:27 — 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2017-06-04 21:31 — 2017-01-21 22:27 — 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2017-06-04 21:31 — 2017-01-21 22:27 — 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2017-06-04 21:31 — 2017-01-21 22:22 — 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-06-04 21:31 — 2017-01-21 22:20 — 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-06-04 21:31 — 2017-01-21 21:40 — 00756736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2017-06-04 21:31 — 2017-01-21 21:40 — 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolmsg.dll
2017-06-04 21:31 — 2017-01-21 21:40 — 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2017-06-04 21:31 — 2017-01-21 21:37 — 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-04 21:31 — 2017-01-21 20:58 — 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-04 21:31 — 2017-01-21 20:48 — 01437696 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-04 21:31 — 2017-01-14 20:49 — 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-06-04 21:31 — 2017-01-11 22:37 — 02345984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-06-04 21:31 — 2017-01-10 22:08 — 01549312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-06-04 21:31 — 2017-01-05 21:20 — 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-04 21:31 — 2017-01-05 21:09 — 07076864 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-06-04 21:31 — 2017-01-05 20:36 — 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-04 21:31 — 2017-01-05 20:29 — 05273600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-06-04 21:31 — 2017-01-05 20:13 — 07796224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-04 21:31 — 2017-01-05 19:57 — 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-04 21:31 — 2016-11-20 00:24 — 00152856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-06-04 21:31 — 2016-11-19 20:22 — 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-06-04 21:31 — 2016-11-09 22:22 — 00681472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-04 21:31 — 2016-08-21 04:01 — 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-06-04 21:31 — 2016-08-13 10:40 — 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-04 21:31 — 2016-08-03 21:05 — 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-06-04 21:31 — 2016-05-19 02:18 — 00397232 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-06-04 21:31 — 2016-05-19 02:16 — 00178016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-06-04 21:31 — 2016-05-19 01:28 — 00340880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-04 21:31 — 2016-02-11 23:16 — 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-04 21:31 — 2015-11-21 21:32 — 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2017-06-04 21:31 — 2015-11-21 20:50 — 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2017-06-04 21:31 — 2015-03-20 07:10 — 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2017-06-04 21:31 — 2014-10-29 06:57 — 00389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-04 21:31 — 2014-10-29 06:51 — 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-06-04 21:31 — 2014-10-29 05:30 — 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2017-06-04 21:31 — 2014-10-29 05:18 — 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2017-06-04 21:31 — 2014-10-29 05:17 — 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcsPlugInService.dll
2017-06-04 21:31 — 2014-10-29 04:48 — 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll
2017-06-04 21:31 — 2014-10-29 04:39 — 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll
2017-06-04 21:31 — 2014-10-29 04:38 — 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcsPlugInService.dll
2017-06-04 21:31 — 2014-10-29 04:28 — 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmsgapi.dll
2017-06-04 21:31 — 2014-10-29 04:05 — 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmsgapi.dll
2017-06-04 21:30 — 2017-06-04 21:30 — 02240192 _____ (BitTorrent Inc.) C:\Users\Татьяна\Downloads\uTorrent (3).exe
2017-06-04 21:29 — 2017-06-04 21:29 — 00000000 ____D C:\Users\Все пользователи\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-06-04 21:29 — 2017-06-04 21:29 — 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-06-04 21:16 — 2017-06-04 21:16 — 00003538 __RSH C:\Users\Все пользователи\ntuser.pol
2017-06-04 21:16 — 2017-06-04 21:16 — 00003538 __RSH C:\ProgramData\ntuser.pol
2017-06-04 21:01 — 2017-06-04 21:01 — 00000000 ____D C:\Users\Татьяна\AppData\Local\Вoйти в Интeрнет
2017-06-04 20:59 — 2017-06-04 20:59 — 00000000 ____D C:\Users\Татьяна\AppData\Local\Войны престолов
2017-06-04 20:58 — 2017-06-05 15:06 — 00000000 ____D C:\Users\Татьяна\AppData\Local\etdctrl
2017-06-04 20:58 — 2017-06-05 11:14 — 00000000 ____D C:\Users\Татьяна\AppData\Local\wupdate
2017-06-04 20:57 — 2017-06-04 20:59 — 00000000 ____D C:\Users\Татьяна\AppData\LocalLow\Unity
2017-06-04 20:57 — 2017-06-04 20:59 — 00000000 ____D C:\Users\Татьяна\AppData\Local\Unity
2017-06-04 20:56 — 2017-06-04 20:56 — 00000000 ____D C:\Users\Татьяна\AppData\Local\Поиcк в Интeрнете
2017-06-04 20:56 — 2017-06-04 20:56 — 00000000 ____D C:\Users\Все пользователи\UBar
2017-06-04 20:56 — 2017-06-04 20:56 — 00000000 ____D C:\ProgramData\UBar
2017-06-04 20:54 — 2017-06-04 20:57 — 00000000 ____D C:\Users\Все пользователи\Mail.Ru
2017-06-04 20:54 — 2017-06-04 20:57 — 00000000 ____D C:\ProgramData\Mail.Ru
2017-06-04 19:06 — 2017-06-04 19:06 — 00000000 ____D C:\Users\Татьяна\AppData\Local\VideoEditor
2017-06-04 19:06 — 2017-06-04 19:06 — 00000000 ____D C:\Users\Татьяна\AppData\Local\Movavi
2017-06-04 19:04 — 2017-06-04 22:17 — 00000000 ____D C:\Users\Все пользователи\Movavi Video Editor 12
2017-06-04 19:04 — 2017-06-04 22:17 — 00000000 ____D C:\ProgramData\Movavi Video Editor 12
2017-06-04 19:04 — 2017-06-04 19:04 — 00005111 _____ C:\Users\Все пользователи\czchsjpj.srw
2017-06-04 19:04 — 2017-06-04 19:04 — 00005111 _____ C:\ProgramData\czchsjpj.srw
2017-06-04 19:04 — 2017-06-04 19:04 — 00000016 _____ C:\Users\Все пользователи\mntemp
2017-06-04 19:04 — 2017-06-04 19:04 — 00000016 _____ C:\ProgramData\mntemp
2017-06-04 19:02 — 2017-06-04 19:02 — 00000000 ____D C:\Users\Татьяна\AppData\Roaming\InstallPack
2017-06-04 18:17 — 2017-06-04 18:17 — 05724906 _____ C:\Users\Татьяна\Downloads\2й пятилетки.pdf
2017-06-03 19:04 — 2017-06-03 19:04 — 00216747 _____ C:\Users\Татьяна\Documents\305133.559bc985e12eb.jpeg
2017-06-03 18:54 — 2017-06-03 18:55 — 02286153 _____ C:\Users\Татьяна\Downloads\Двор Козлова 69-71.pdf
2017-05-31 23:10 — 2017-05-31 23:10 — 03656215 _____ C:\Users\Татьяна\Downloads\Chrtezhi_uzlov_15.02.2012.zip
2017-05-31 16:46 — 2017-05-31 16:47 — 05555298 _____ C:\Users\Татьяна\Downloads\Геленджикская. Альбом. 29.05.pdf
2017-05-30 21:02 — 2017-05-30 21:02 — 00000000 ____D C:\Users\Татьяна\Desktop\30-05_Текстура
2017-05-30 15:20 — 2017-05-30 15:20 — 01796474 _____ C:\Users\Татьяна\Downloads\КР 16.01.2017 (1).dwg
2017-05-30 13:17 — 2017-05-30 13:18 — 15371928 _____ C:\Users\Татьяна\Downloads\Kulturnye_ostanovki_compressed.pdf
2017-05-29 14:34 — 2017-05-29 14:34 — 00367360 _____ C:\Users\Татьяна\Downloads\Водосточная система_пример.dwg
2017-05-25 15:07 — 2017-05-25 15:07 — 00256253 _____ C:\Users\Татьяна\Downloads\Гостевой Дом Краснодар — КД (3).dwg
2017-05-25 14:53 — 2017-05-25 16:06 — 00380299 _____ C:\Users\Татьяна\Downloads\кладочный гостевой дом 26-04-2017.dwg
2017-05-25 14:53 — 2017-05-25 14:53 — 00336772 _____ C:\Users\Татьяна\Downloads\кладочный гостевой дом 26-04-2017.bak
2017-05-25 14:09 — 2017-05-25 14:09 — 00325191 _____ C:\Users\Татьяна\Downloads\Гараж+Галерея Краснодар — КЖ (2).dwg
2017-05-25 14:09 — 2017-05-25 14:09 — 00260437 _____ C:\Users\Татьяна\Downloads\Гараж+Галерея Краснодар — КД (2).dwg
2017-05-25 13:29 — 2017-05-25 13:29 — 01482614 _____ C:\Users\Татьяна\Downloads\Дом Краснодар — КЖ (8).dwg
2017-05-25 13:29 — 2017-05-25 13:29 — 00419522 _____ C:\Users\Татьяна\Downloads\Дом Краснодар — КД (7).dwg
2017-05-23 22:22 — 2017-05-23 22:23 — 116233999 _____ C:\Users\Татьяна\Downloads\lestnitsa (1).pdf
2017-05-23 22:18 — 2017-05-23 22:18 — 28181192 _____ C:\Users\Татьяна\Downloads\АИ.rar
2017-05-23 22:11 — 2017-05-23 22:11 — 16872878 _____ C:\Users\Татьяна\Downloads\bilbord.psd
2017-05-23 21:52 — 2017-05-23 21:52 — 09933470 _____ C:\Users\Татьяна\Downloads\besedka100.ai
2017-05-23 21:52 — 2017-05-23 21:52 — 08291612 _____ C:\Users\Татьяна\Downloads\bulvar100.ai
2017-05-23 21:52 — 2017-05-23 21:52 — 05882107 _____ C:\Users\Татьяна\Downloads\ploschad100.ai
2017-05-23 21:52 — 2017-05-23 21:52 — 05869781 _____ C:\Users\Татьяна\Downloads\ulitsa100.ai
2017-05-23 21:52 — 2017-05-23 21:52 — 00304364 _____ C:\Users\Татьяна\Downloads\modulVse.ai
2017-05-23 17:34 — 2017-05-23 21:28 — 22020992 _____ C:\Users\Татьяна\Downloads\navesy (1).pln
2017-05-23 17:34 — 2017-05-23 17:34 — 20855744 _____ C:\Users\Татьяна\Downloads\navesy (1).bpn
2017-05-23 16:30 — 2017-05-23 17:01 — 02701617 _____ C:\Users\Татьяна\Downloads\гп_с комментариями.dwg
2017-05-23 16:30 — 2017-05-23 16:30 — 02923072 _____ C:\Users\Татьяна\Downloads\гп_с комментариями.bak
2017-05-21 12:27 — 2017-05-21 12:27 — 00035100 _____ C:\Users\Татьяна\Downloads\stix-integrals-fonts-0.9-13.1.el6.noarch.rpm
2017-05-21 12:26 — 2017-05-21 12:26 — 03921396 _____ C:\Users\Татьяна\Downloads\STIXv2.0.0.zip
2017-05-20 20:05 — 2017-05-20 20:05 — 01243218 _____ C:\Users\Татьяна\Downloads\pattern_water_zigzag_-01 (1).eps
2017-05-19 19:43 — 2017-05-21 21:52 — 37203344 _____ C:\Users\Татьяна\Downloads\1905sadovaya.pln
2017-05-19 19:43 — 2017-05-21 17:46 — 23737264 _____ C:\Users\Татьяна\Downloads\1905sadovaya.bpn
2017-05-19 13:07 — 2017-05-19 13:07 — 00419294 _____ C:\Users\Татьяна\Downloads\Дом Краснодар — КД (6).dwg
2017-05-19 12:21 — 2017-05-19 12:21 — 01243218 _____ C:\Users\Татьяна\Downloads\pattern_water_zigzag_-01.eps
2017-05-19 11:17 — 2017-05-19 13:03 — 01690765 _____ C:\Users\Татьяна\Downloads\Дом Краснодар — КЖ (7).dwg
2017-05-19 11:17 — 2017-05-19 13:03 — 01484907 _____ C:\Users\Татьяна\Downloads\Дом Краснодар — КЖ (7).bak
2017-05-18 15:23 — 2017-05-18 15:23 — 56129600 _____ C:\Users\Татьяна\Downloads\ДВОР 2 Театральная.pln
2017-05-18 15:09 — 2017-05-18 15:09 — 51338928 _____ C:\Users\Татьяна\Downloads\2й пятилетки.pln
2017-05-18 11:53 — 2017-05-18 11:53 — 12482352 _____ C:\Users\Татьяна\Downloads\Альбом Театральный 2.pdf
2017-05-17 12:01 — 2017-05-17 12:01 — 00000000 ____D C:\Users\Татьяна\AppData\Roaming\Google
2017-05-16 13:25 — 2017-05-16 13:25 — 00325191 _____ C:\Users\Татьяна\Downloads\Гараж+Галерея Краснодар — КЖ (1).dwg
2017-05-16 13:25 — 2017-05-16 13:25 — 00260437 _____ C:\Users\Татьяна\Downloads\Гараж+Галерея Краснодар — КД (1).dwg
2017-05-15 18:35 — 2017-05-15 18:46 — 170944197 _____ C:\Users\Татьяна\Desktop\новый 04-02-2017.obj
2017-05-15 18:35 — 2017-05-15 18:46 — 00021040 _____ C:\Users\Татьяна\Desktop\новый 04-02-2017.mtl
2017-05-15 16:50 — 2017-05-15 16:50 — 07454624 _____ C:\Users\Татьяна\Downloads\navesy.pln
2017-05-15 13:01 — 2017-05-15 13:01 — 03527247 _____ C:\Users\Татьяна\Downloads\Catalogo_ArS.pdf
2017-05-15 11:47 — 2017-05-15 11:47 — 00323944 _____ C:\Users\Татьяна\Downloads\Гараж+Галерея Краснодар — КЖ.dwg
2017-05-15 11:47 — 2017-05-15 11:47 — 00245974 _____ C:\Users\Татьяна\Downloads\Гараж+Галерея Краснодар — КД.dwg
2017-05-14 17:34 — 2017-05-14 17:34 — 99482929 _____ C:\Users\Татьяна\Downloads\Grunge-background-colorful-spots.zip
2017-05-14 17:33 — 2017-05-14 17:33 — 00731238 _____ C:\Users\Татьяна\Downloads\Sea-waves-logo-templates.zip
2017-05-14 17:32 — 2017-05-14 17:32 — 01204504 _____ C:\Users\Татьяна\Downloads\Sea-waves-collection.zip
2017-05-14 17:31 — 2017-05-14 17:31 — 04624570 _____ C:\Users\Татьяна\Downloads\Set-four-wave-patterns-flat-design.zip
2017-05-14 15:01 — 2017-05-15 17:35 — 23611360 _____ C:\Users\Татьяна\Desktop\сетки.bpn
2017-05-13 17:43 — 2017-05-13 17:43 — 27761040 _____ C:\Users\Татьяна\Downloads\sadovaya_1_1.pln
2017-05-13 16:36 — 2017-05-13 16:36 — 28157616 _____ C:\Users\Татьяна\Desktop\sadovaya_1 (1).pln
2017-05-13 11:55 — 2017-05-13 15:14 — 28153616 _____ C:\Users\Татьяна\Downloads\sadovaya_1 (1).pln
2017-05-13 11:55 — 2017-05-13 14:09 — 28153616 _____ C:\Users\Татьяна\Downloads\sadovaya_1 (1).bpn
2017-05-12 14:33 — 2017-05-12 14:33 — 00256253 _____ C:\Users\Татьяна\Downloads\Гостевой Дом Краснодар — КД (2).dwg
2017-05-12 14:31 — 2017-05-12 14:31 — 00404026 _____ C:\Users\Татьяна\Downloads\Дом Краснодар — КД (5).dwg
2017-05-12 14:23 — 2017-05-12 14:24 — 00252957 _____ C:\Users\Татьяна\Downloads\Гостевой Дом Краснодар — КД (1).dwg
2017-05-11 13:49 — 2017-05-11 13:49 — 00053930 _____ C:\Users\Татьяна\Downloads\Кладочный план.pdf
2017-05-10 13:28 — 2017-05-11 16:54 — 00231857 _____ C:\Users\Татьяна\Downloads\Гостевой Дом Краснодар — КД.dwg
2017-05-10 13:28 — 2017-05-10 13:28 — 00234644 _____ C:\Users\Татьяна\Downloads\Гостевой Дом Краснодар — КД.bak
2017-05-10 11:13 — 2017-05-10 11:13 — 35443009 _____ C:\Users\Татьяна\Downloads\megdu_nado_i_hochu.pdf
2017-05-07 13:08 — 2017-05-13 18:17 — 35742160 _____ C:\Users\Татьяна\Downloads\sadovaya_1.pln
2017-05-07 13:08 — 2017-05-13 15:14 — 35744416 _____ C:\Users\Татьяна\Downloads\sadovaya_1.bpn
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-05 19:30 — 2014-08-04 18:29 — 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2938026407-1273681603-1291515782-1001
2017-06-05 19:06 — 2015-02-09 16:48 — 00000000 ____D C:\Users\Татьяна\Graphisoft
2017-06-05 18:59 — 2013-08-22 18:36 — 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-05 18:57 — 2013-08-22 16:36 — 00000000 ____D C:\WINDOWS\Inf
2017-06-05 18:56 — 2014-08-04 18:44 — 00000000 ____D C:\Users\Татьяна\AppData\Local\Autodesk
2017-06-05 18:55 — 2016-12-05 21:04 — 00000968 _____ C:\Users\Татьяна\AppData\Local\ArchiFrameMain.cfg
2017-06-05 18:14 — 2014-09-23 18:53 — 00000000 ____D C:\Users\Все пользователи\Package Cache
2017-06-05 18:14 — 2014-09-23 18:53 — 00000000 ____D C:\ProgramData\Package Cache
2017-06-05 18:14 — 2013-08-22 18:36 — 00000000 ____D C:\WINDOWS\WinStore
2017-06-05 17:55 — 2015-03-23 13:50 — 00000000 ____D C:\Users\Татьяна\AppData\Roaming\Enigma Software Group
2017-06-05 17:36 — 2014-12-23 15:33 — 00000440 _____ C:\WINDOWS\Tasks\Wise Care 365.job
2017-06-05 17:36 — 2014-10-25 13:33 — 00000000 ____D C:\Users\Все пользователи\NVIDIA
2017-06-05 17:36 — 2014-10-25 13:33 — 00000000 ____D C:\ProgramData\NVIDIA
2017-06-05 17:36 — 2013-08-22 17:45 — 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-05 17:33 — 2014-09-23 11:14 — 00000000 ____D C:\Users\Татьяна\AppData\Roaming\uTorrent
2017-06-05 16:12 — 2013-08-22 18:36 — 00000000 ____D C:\WINDOWS\rescache
2017-06-05 15:41 — 2013-08-22 18:36 — 00000000 ___HD C:\Program Files\WindowsApps
2017-06-05 15:02 — 2014-12-23 15:33 — 00000420 _____ C:\WINDOWS\Tasks\Wise Turbo Checker.job
2017-06-05 14:06 — 2015-01-22 16:38 — 00000573 _____ C:\Users\Татьяна\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3dsmax.lnk
2017-06-04 22:46 — 2013-08-22 16:25 — 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-06-04 22:40 — 2014-10-25 13:37 — 00000000 ____D C:\Users\Татьяна
2017-06-04 22:39 — 2013-08-22 17:44 — 00618128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-04 21:32 — 2012-07-26 10:59 — 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-04 21:31 — 2015-03-23 17:26 — 00000000 ____D C:\Users\Все пользователи\ProductData
2017-06-04 21:31 — 2015-03-23 17:26 — 00000000 ____D C:\ProgramData\ProductData
2017-06-04 21:30 — 2015-03-23 17:26 — 00000000 ____D C:\Users\Все пользователи\IObit
2017-06-04 21:30 — 2015-03-23 17:26 — 00000000 ____D C:\ProgramData\IObit
2017-06-04 21:30 — 2015-03-23 17:25 — 00000000 ____D C:\Users\Татьяна\AppData\Roaming\IObit
2017-06-04 21:29 — 2015-03-23 17:26 — 00000000 ____D C:\Users\Татьяна\AppData\LocalLow\IObit
2017-06-04 21:16 — 2013-08-22 18:36 — 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-04 19:20 — 2017-03-11 18:33 — 00000000 ____D C:\Users\Татьяна\AppData\Roaming\vlc
2017-06-04 16:15 — 2016-07-19 21:27 — 00003172 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForТатьяна
2017-06-04 16:15 — 2016-07-19 21:27 — 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForТатьяна.job
2017-05-31 22:40 — 2014-09-24 08:28 — 01997902 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-31 22:40 — 2014-09-24 07:56 — 00857206 _____ C:\WINDOWS\system32\perfh019.dat
2017-05-31 22:40 — 2014-09-24 07:56 — 00191086 _____ C:\WINDOWS\system32\perfc019.dat
2017-05-30 23:45 — 2014-09-23 20:11 — 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-30 20:25 — 2015-08-04 18:57 — 00000000 ____D C:\Users\Татьяна\AppData\Roaming\Cadimage
2017-05-30 16:34 — 2015-02-09 16:48 — 00000000 ____D C:\Users\Татьяна\Documents\BIMx
2017-05-26 18:18 — 2013-08-22 18:36 — 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-05-25 15:05 — 2017-05-05 16:24 — 00498645 _____ C:\Users\Татьяна\Downloads\Гостевой Дом Краснодар — КЖ.dwg
2017-05-25 15:04 — 2017-05-05 17:09 — 00476352 _____ C:\Users\Татьяна\Downloads\Гостевой Дом Краснодар — КЖ.bak
2017-05-23 23:14 — 2016-04-28 20:01 — 00000132 _____ C:\Users\Татьяна\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-05-23 14:23 — 2016-11-06 19:06 — 00000000 ____D C:\Users\Татьяна\Documents\Lumion 6
2017-05-19 02:30 — 2017-03-21 08:21 — 00467640 _____ (COMODO) C:\WINDOWS\system32\CcavGuard64.dll~a4099611-2195-4587-b9e0-000c6603f71a
2017-05-19 02:30 — 2017-03-21 08:21 — 00359096 _____ (COMODO) C:\WINDOWS\SysWOW64\CcavGuard32.dll~5bafdfeb-3407-421c-8bad-3924a45e942d
2017-05-18 11:44 — 2014-08-04 18:23 — 00000000 ____D C:\Users\Татьяна\AppData\Local\Packages
2017-05-16 12:53 — 2015-09-21 14:06 — 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-07 14:03 — 2015-01-09 13:04 — 00000000 ____D C:\Users\Татьяна\AppData\Local\ElevatedDiagnostics
==================== Files in the root of some directories =======
2016-04-28 20:51 — 2016-04-28 20:51 — 0000132 _____ () C:\Users\Татьяна\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-04-28 20:01 — 2017-05-23 23:14 — 0000132 _____ () C:\Users\Татьяна\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-12-05 21:04 — 2017-06-05 18:55 — 0000968 _____ () C:\Users\Татьяна\AppData\Local\ArchiFrameMain.cfg
2015-12-12 15:52 — 2015-12-12 15:52 — 0004096 ____H () C:\Users\Татьяна\AppData\Local\keyfile3.drm
2014-08-04 19:35 — 2016-06-02 01:18 — 0007596 _____ () C:\Users\Татьяна\AppData\Local\Resmon.ResmonCfg
2017-06-05 17:36 — 2017-06-05 17:38 — 0000004 ____H () C:\ProgramData\cm-lock
2017-06-04 19:04 — 2017-06-04 19:04 — 0005111 _____ () C:\ProgramData\czchsjpj.srw
2017-06-05 18:14 — 2017-06-05 18:14 — 0000259 _____ () C:\ProgramData\fontcacheev1.dat
2017-06-04 21:58 — 2017-06-04 21:58 — 0004106 _____ () C:\ProgramData\kjiixkes.ghp
2014-08-04 20:54 — 2014-08-04 20:54 — 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-08-04 18:24 — 2014-08-04 18:24 — 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2017-06-04 19:04 — 2017-06-04 19:04 — 0000016 _____ () C:\ProgramData\mntemp
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
C:\Users\Все пользователи\fontcacheev1.dat
Some files in TEMP:
====================
2015-03-09 19:25 — 2015-03-09 19:25 — 0561576 _____ (Oracle Corporation) C:\Users\Администратор\AppData\Local\Temp\jre-8u40-windows-au.exe
2017-06-04 21:01 — 2017-06-04 21:01 — 2155512 _____ () C:\Users\Татьяна\AppData\Local\Temp\r9nHedxJQ804.exe
2017-06-05 18:13 — 2017-06-05 18:13 — 35366216 _____ (Performix LLC) C:\Users\Татьяна\AppData\Local\Temp\setup.exe
2017-06-04 21:21 — 2017-06-04 21:21 — 2155512 ____N () C:\Users\Татьяна\AppData\Local\Temp\sgANxsaPtI4X.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-05 18:28
==================== End of FRST.txt ============================
Даже не могу разобраться как прикрепить к вам отчет
Start your code here
Запустите программу Блокнот и вставьте в открытое окно следующий текст
CreateRestorePoint:
Task: {C9F972AC-B8F4-476C-87C3-D4758227BEA6} — System32\Tasks\Dr.Web Update Key => C:\Dr.Web7v4\plus\!update_key.bat
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:A1EDB939 [138]
AlternateDataStreams: C:\Users\Все пользователи\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\Все пользователи\Temp:A1EDB939 [138]
HKU\S-1-5-21-2938026407-1273681603-1291515782-1001\…\Policies\Explorer: []
GroupPolicy: Restriction — Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2938026407-1273681603-1291515782-1001 -> No Name — {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} — No File
DPF: HKLM-x32 {093500E9-F79F-4C52-A9B5-D8C7E4B3023E} file:///C:/Users/8C74~1/AppData/Local/Temp/o3dCF16.tmp.cab
DPF: HKLM-x32 {810B649C-CEAE-4AC9-BF26-81341B49E913} file:///C:/Users/8C74~1/AppData/Local/Temp/o3dBB6D.tmp.cab
CHR HKLM-x32\…\Chrome\Extension: [ajkpgdiejopejkllbihfkpcbmgclpkij] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [aminlpmkfcdibgpgfajlgnamicjckkjf] — hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [gdknicmnhbaajdglbinpahhapghpakch] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] — hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\…\Chrome\Extension: [pleoihkpdomoijdpaibdciidfoeedamm] — hxxps://clients2.google.com/service/update2/crx
EmptyTemp:
Reboot:
Сохраните полученный файл в папку где находится программа FRST/FRST64 под именем fixlist
Запустите программу FRST и нажмите кнопку Fix.
Когда программа закончит работу появиться сообщение «Fix completed». Нажмите OK.
Откроется блокнот с содержимым файла fixlog.txt. Вставьте содержимое этого файла в ваш ответ.
После этого выполните новую проверку программой FRST (перед нажатием клавиши Scan поставьте галочку в пункте Addition.txt) и оба её лога прикрепите к вашему ответу.