prosim o kontrolu logu, dakujem ))

Zpráva

patrik52 · #1 Příspěvek od **patrik52** » 02 srp 2019 08:58

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by User (administrator) on WIN-5FD8BUTV92C (LENOVO 20201) (02-08-2019 10:25:12)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Windows\KMS-R@1n.exe
() [File not signed] C:\Windows\KMS-R@1nHook.exe
() [File not signed] C:\Windows\KMS-R@1nHook.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) [File not signed] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe
(BitTorrent Inc.) [File not signed] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\78.4.119\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\78.4.119\QtWebEngineProcess.exe
(Filefacts.net) [File not signed] C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(StarWind Software) [File not signed] D:\Alcohol 120\StarWind\StarWindServiceAE.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Viber Media S.à r.l. -> Viber Media S.Ã r.l.) C:\Users\User\AppData\Local\Viber\Viber.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18384360 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489920 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489920 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489920 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5462504 2017-06-16] (Realtek Semiconductor Corp. -> Realtek semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-12-10] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5782336 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [282352 2017-06-19] (Total PC -> Filefacts.net)
HKLM-x32\...\Run: [SFAUpdater] => C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [656656 2015-03-27] (Filefacts.net) [File not signed]
HKU\S-1-5-21-96769000-1560203112-1725275601-1000\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2017-07-29] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-96769000-1560203112-1725275601-1000\...\Run: [Viber] => C:\Users\User\AppData\Local\Viber\Viber.exe [40403528 2019-07-01] (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
HKU\S-1-5-21-96769000-1560203112-1725275601-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638008 2018-07-01] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-96769000-1560203112-1725275601-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-96769000-1560203112-1725275601-1000\...\Run: [AlcoholAutomount] => D:\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
HKU\S-1-5-21-96769000-1560203112-1725275601-1000\...\Run: [Steam] => D:\steam\steam.exe [3146016 2019-03-06] (Valve -> Valve Corporation)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3571200 2015-02-28] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3591680 2015-02-28] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2018-11-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2018-11-16] (Electronic Arts -> On2.com)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\Windows\System32\cscobj.dll [2010-11-21] (Microsoft Windows -> Корпорация Майкрософт)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [171384 2017-06-28] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [149224 2017-06-28] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation)
IFEO\OSPPSVC.EXE: [Debugger] KMS-R@1nHook.exe
IFEO\SppSvc.exe: [Debugger] KMS-R@1nHook.exe

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {38AEBC28-81B8-4945-80B4-354CECAB1748} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8B9A2181-FB38-45D4-875E-653E2A72BBDF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8E64716C-23A6-4B69-A681-52ADD0DB4023} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic path OfficeSoftwareProtectionProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate
Task: {961E76FA-AABC-4D13-8040-617DD2B4544E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2017-07-29] (Google Inc -> Google Inc.)
Task: {A170AEAE-B346-4C85-8813-B25AEECB5032} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2017-07-29] (Google Inc -> Google Inc.)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {A77BAFDA-2D23-4988-84F8-85792FE9CA75} - System32\Tasks\update-S-1-5-21-96769000-1560203112-1725275601-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {BB9D6E79-9959-41D5-AB9F-FDB05E737D08} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {CF2D70F4-EE61-41C8-BD52-48C7760872B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {D85B575D-449E-473B-B133-8275EB88427A} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {E1F70BB9-5BE6-4E14-8927-123358352E65} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-29] (Dropbox, Inc -> Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-96769000-1560203112-1725275601-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B744C0B5-C2CB-46C7-971B-42C6EBC49AB5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BD45F75A-3A88-4D93-B843-E27300810850}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C20A9320-5FD8-46AA-98D5-086057BB318F}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-96769000-1560203112-1725275601-1000 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2261463
SearchScopes: HKU\S-1-5-21-96769000-1560203112-1725275601-1000 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2261463
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2018-01-11] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2018-01-11] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2018-01-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2018-01-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-96769000-1560203112-1725275601-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies SF -> Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://mail.ru/cnt/10445?gp=811036
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811036"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2019-08-02]
CHR Extension: (Презентации) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-28]
CHR Extension: (Документы) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]
CHR Extension: (Диск Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-29]
CHR Extension: (AdGuard Антибаннер) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2019-07-21]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-29]
CHR Extension: (ZenMate VPN - лучшее решение для интернет-безопасности) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2019-08-02]
CHR Extension: (Таблицы) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]
CHR Extension: (Google Документы офлайн) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Cut the Rope 2) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkgpbgnjclnnofnecabolhjkflldijij [2017-07-29]
CHR Extension: (Hex FRVR) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kibjffjfmagcmicpmogpieelngkcfggn [2017-07-29]
CHR Extension: (Little Alchemy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2017-07-29]
CHR Extension: (LetyShops — кэшбэк-сервис) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lphicbbhfmllgmomkkhjfkpbdlncafbn [2019-08-02]
CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Yandex Access) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oakfpjifgmfpainopanfgfckhkcfgacb [2018-01-31]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-23]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AxAutoMntSrv; D:\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft -> Alcohol Soft Development Team)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-07-30] (Dropbox, Inc -> Dropbox, Inc.)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-09-03] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2167056 2018-07-01] (Electronic Arts, Inc. -> Electronic Arts)
R2 StarWindServiceAE; D:\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256096 2016-11-03] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-07-15] (Microsoft Windows -> Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-07-16] (Microsoft Corporation) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [33360 2015-10-16] (Software Security Systems -> CrystalIdea Software)
R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [14848 2012-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Cypress Semiconductor, Inc.)
S3 e1qexpress; C:\Windows\System32\DRIVERS\e1q60x64.sys [244736 2009-06-10] (Microsoft Windows -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [188992 2016-02-10] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94440 2017-07-15] (Microsoft Windows -> Корпорация Майкрософт)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [420832 2017-04-27] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [3229672 2017-06-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [51304 2016-11-03] (Synaptics Incorporated -> Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [394296 2019-01-22] (Disc Soft Ltd -> Duplex Secure Ltd.)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Windows -> Корпорация Майкрософт)
U3 a2ftkfhj; C:\Windows\System32\Drivers\a2ftkfhj.sys [0 0000-00-00] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-02 10:25 - 2019-08-02 10:34 - 000024548 _____ C:\Users\User\Downloads\FRST.txt
2019-08-02 10:24 - 2019-08-02 10:25 - 000000000 ____D C:\FRST
2019-08-02 10:24 - 2019-08-02 10:24 - 002096128 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2019-08-02 10:24 - 2019-08-02 10:24 - 001447936 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2019-08-02 10:17 - 2019-08-02 10:17 - 000000000 ____D C:\Users\User\AppData\Roaming\Origin
2019-08-01 23:13 - 2019-08-01 23:13 - 000000766 _____ C:\Users\User\Desktop\(64)The Sims 4.lnk
2019-08-01 23:13 - 2019-08-01 23:13 - 000000748 _____ C:\Users\User\Desktop\(32)The Sims 4.lnk
2019-08-01 19:58 - 2019-08-01 19:58 - 000123100 _____ C:\Users\User\Downloads\rutor_is_The_Sims_4_by_xatab_torrent.torrent
2019-07-31 00:38 - 2019-07-31 00:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-07-30 15:19 - 2019-07-30 15:19 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-07-30 15:19 - 2019-07-30 15:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-07-30 15:19 - 2019-07-30 15:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-07-30 15:19 - 2019-07-30 15:19 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-07-20 10:28 - 2019-07-20 10:28 - 000536553 _____ C:\Users\User\Downloads\odporučaci list.PDF
2019-07-20 10:28 - 2019-07-20 10:28 - 000434804 _____ C:\Users\User\Downloads\suhlas veducej ustavu.PDF
2019-07-18 23:18 - 2019-07-18 23:18 - 000075455 _____ C:\Users\User\Downloads\eInvoice_060938283Z.pdf
2019-07-17 12:44 - 2019-07-17 12:44 - 000577127 _____ C:\Users\User\Downloads\перевод.pdf
2019-07-17 12:43 - 2019-07-17 12:43 - 000296138 _____ C:\Users\User\Downloads\перевод1.pdf
2019-07-17 12:42 - 2019-07-17 12:42 - 000353571 _____ C:\Users\User\Downloads\перевод0.pdf
2019-07-17 12:39 - 2019-07-17 12:39 - 000552123 _____ C:\Users\User\Downloads\приложение.pdf
2019-07-17 12:38 - 2019-07-17 12:38 - 000354465 _____ C:\Users\User\Downloads\приложение0.pdf
2019-07-17 12:37 - 2019-07-17 12:37 - 000200055 _____ C:\Users\User\Downloads\приложение1.pdf
2019-07-16 18:32 - 2019-07-16 18:32 - 000609160 _____ C:\Users\User\Downloads\img-913160743.pdf
2019-07-16 18:31 - 2019-07-16 18:31 - 000200055 _____ C:\Users\User\Downloads\img-908104130.pdf
2019-07-16 18:30 - 2019-07-16 18:30 - 000354465 _____ C:\Users\User\Downloads\img-314154826 (1).pdf
2019-07-16 18:27 - 2019-07-16 18:27 - 000560766 _____ C:\Users\User\Downloads\diplom.pdf
2019-07-09 19:52 - 2019-07-09 19:52 - 000000000 ____D C:\Users\User\AppData\Local\Viber

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-02 10:34 - 2017-07-29 15:37 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2019-08-02 10:26 - 2009-07-14 07:45 - 000025408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-08-02 10:26 - 2009-07-14 07:45 - 000025408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-08-02 10:18 - 2017-11-22 16:24 - 000000000 ____D C:\Users\Все пользователи\Origin
2019-08-02 10:18 - 2017-11-22 16:24 - 000000000 ____D C:\ProgramData\Origin
2019-08-02 10:17 - 2018-05-24 20:21 - 000000000 ____D C:\Users\User\AppData\Local\Origin
2019-08-02 10:15 - 2017-11-22 16:22 - 000000000 ____D C:\Program Files (x86)\Origin
2019-08-02 10:13 - 2017-07-29 16:01 - 000000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2019-08-02 10:12 - 2018-06-16 12:21 - 000000442 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2019-08-02 10:12 - 2017-07-29 17:47 - 000001092 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-08-02 10:11 - 2017-07-29 15:53 - 000000000 ____D C:\Users\Все пользователи\NVIDIA
2019-08-02 10:11 - 2017-07-29 15:53 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-02 10:11 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-01 23:16 - 2017-09-23 23:46 - 000000000 ____D C:\Users\User\Documents\Electronic Arts
2019-08-01 23:15 - 2017-07-16 14:59 - 000000000 ____D C:\Users\Все пользователи\Package Cache
2019-08-01 23:15 - 2017-07-16 14:59 - 000000000 ____D C:\ProgramData\Package Cache
2019-08-01 23:14 - 2018-02-07 17:35 - 000000000 ____D C:\Windows\SysWOW64\directx
2019-08-01 23:13 - 2018-05-24 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2019-08-01 22:44 - 2017-07-29 17:47 - 000001096 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-08-01 21:22 - 2018-01-19 13:01 - 000000386 _____ C:\Windows\Tasks\update-sys.job
2019-08-01 20:28 - 2018-01-19 13:01 - 000000386 _____ C:\Windows\Tasks\update-S-1-5-21-96769000-1560203112-1725275601-1000.job
2019-07-31 18:38 - 2017-08-15 22:55 - 000000000 ____D C:\Users\User\AppData\Roaming\ViberPC
2019-07-31 00:38 - 2017-07-29 17:47 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-07-29 12:30 - 2017-08-15 23:07 - 000000000 ____D C:\Users\User\Documents\ViberDownloads
2019-07-16 09:16 - 2017-07-29 15:38 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-16 09:16 - 2017-07-29 15:38 - 000002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories ================

2018-01-19 13:01 - 2018-01-19 13:01 - 000000003 _____ () C:\Users\User\AppData\Local\updater.log
2018-01-19 13:01 - 2018-01-19 13:01 - 000000425 _____ () C:\Users\User\AppData\Local\UserProducts.xml
2018-11-27 05:37 - 2018-11-27 05:37 - 000000000 _____ () C:\Users\User\AppData\Local\{9AE51CF6-1604-4C12-BD4F-93BC3D65B18B}
2018-11-26 05:44 - 2018-11-26 05:44 - 000000000 _____ () C:\Users\User\AppData\Local\{F0551D66-5AF3-4458-A8B6-C4A537B944C0}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-07-26 21:11
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by User (02-08-2019 10:35:31)
Running from C:\Users\User\Downloads
Windows 7 Professional Service Pack 1 (X64) (2017-07-29 12:30:29)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

HomeGroupUser$ (S-1-5-21-96769000-1560203112-1725275601-1002 - Limited - Enabled)
User (S-1-5-21-96769000-1560203112-1725275601-1000 - Administrator - Enabled) => C:\Users\User
Администратор (S-1-5-21-96769000-1560203112-1725275601-500 - Administrator - Disabled)
Гость (S-1-5-21-96769000-1560203112-1725275601-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-96769000-1560203112-1725275601-1000\...\uTorrent) (Version: 3.4.6.42178 - BitTorrent Inc.)
AIDA64 (HKLM-x32\...\AIDA64) (Version: - FinalWire Ltd.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.01.1705, 19.03.2016 - AIMP DevTeam)
CCleaner (HKLM\...\CCleaner) (Version: - Piriform Ltd.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 78.4.119 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Grand Theft Auto - San Andreas (HKLM-x32\...\Grand Theft Auto - San Andreas_is1) (Version: - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
K-Lite Mega Codec Pack 12.0.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.0.5 - KLCP)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft .NET Framework 4.7 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.7.02053 - Корпорация Майкрософт)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{0513c9cf-7191-45a7-ace9-ecdad03c93a4}) (Version: 12.0.40660.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{10dc8dbf-d3d7-4e23-be07-120fe5c66b78}) (Version: 12.0.40660.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d3ea57b6-46d6-4824-a20f-6b8213001903}) (Version: 14.10.25017.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{e89464af-e7f0-4ed3-bf43-f1a5986113db}) (Version: 14.10.25017.0 - Корпорация Майкрософт)
Need For Speed - Carbon Collector's Edition™ RePack by -=Hooli G@n=- (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}_is1) (Version: 1.4 - -=Hooli G@n=-)
NVIDIA Графический драйвер 384.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.76 - NVIDIA Corporation)
NVIDIA Системное программное обеспечение PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.5.17432 - Electronic Arts, Inc.)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31236 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8199 - Realtek Semiconductor Corp.)
SimCity Complete Edition (HKLM-x32\...\SimCity_is1) (Version: 10.1.0.0 - v7i7p7)
Skype, версия 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
Smart File Advisor 1.1.8 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.8 - Filefacts.net) <==== ATTENTION
STDU Viewer version 1.6.375.0 (HKLM-x32\...\STDU Viewer_is1) (Version: 1.6.375.0 - STDUtility)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.1.19 - Synaptics Incorporated)
Telegram Desktop version 1.7 (HKU\S-1-5-21-96769000-1560203112-1725275601-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.7 - Telegram Messenger LLP)
The Sims 4 v.1.53.115.1020 (HKLM-x32\...\The Sims 4_is1) (Version: - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.48.90.1020 - Electronic Arts Inc.)
Tropico 5 v.1.10 (HKLM-x32\...\Tropico 5_is1) (Version: - )
Uninstall Tool (HKLM-x32\...\Uninstall Tool 3.4.4 Build 5416 Final) (Version: - )
Unity Web Player (HKU\S-1-5-21-96769000-1560203112-1725275601-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Viber (HKLM-x32\...\{EAF077BA-8EA4-4CEC-A215-4ACAE713A8BF}) (Version: 6.9.0.1048 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-96769000-1560203112-1725275601-1000\...\{a85cbe05-cc32-4419-ad8f-7ff7bc41bc05}) (Version: 6.9.0.1048 - Viber Media Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinRAR 5.31 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM-x32\...\{90160000-001F-0422-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Обновления NVIDIA 25.6.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 25.6.0.0 - NVIDIA Corporation)
Панель управления NVIDIA 384.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 384.76 - NVIDIA Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM-x32\...\{90160000-001F-0419-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-07-29] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => D:\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => D:\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft -> Alcohol Soft Development Team)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2017-07-29] (Artem Izmaylov -> AIMP DevTeam) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-06-28] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <==== Cyrillic
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <==== Cyrillic
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <==== Cyrillic
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo\Передача файлов через Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic

ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения Chrome\Hex FRVR.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=kibjffjfmagcmicpmogpieelngkcfggn

==================== Loaded Modules (Whitelisted) ==============

2017-09-03 18:48 - 2017-09-03 18:48 - 000026112 _____ () [File not signed] C:\Windows\KMS-R@1n.exe
2017-09-03 18:48 - 2017-09-03 18:48 - 000004096 _____ () [File not signed] C:\Windows\KMS-R@1nHook.dll
2017-09-03 18:48 - 2017-09-03 18:48 - 000005120 _____ () [File not signed] C:\Windows\KMS-R@1nHook.exe
2017-07-29 16:01 - 2017-07-29 16:01 - 000340480 _____ (BitTorrent Inc.) [File not signed] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.6_42178\utorrentie.exe
2017-07-29 15:38 - 2012-07-21 14:55 - 000180736 _____ (fccHandler) [File not signed] C:\Windows\system32\ac3acm.acm
2019-01-22 21:15 - 2015-03-27 04:56 - 000656656 _____ (Filefacts.net) [File not signed] C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe
2017-07-29 15:55 - 2013-12-10 15:15 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2017-07-16 14:51 - 2017-07-16 14:51 - 002651136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll
2018-01-19 13:01 - 2017-05-23 15:59 - 000494080 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2018-01-19 13:01 - 2017-05-23 15:59 - 000478208 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
2018-01-19 13:01 - 2017-05-23 15:59 - 000256000 _____ (Skillbrains) [File not signed] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2009-12-24 00:34 - 2009-12-24 00:34 - 000370688 _____ (StarWind Software) [File not signed] D:\Alcohol 120\StarWind\StarWindServiceAE.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2018-06-16 12:21 - 2019-08-02 10:12 - 000000442 _____ C:\Windows\system32\drivers\etc\hosts.ics

192.168.0.100 WIN-5FD8BUTV92C.mshome.net # 2023 6 6 24 7 19 51 234

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-96769000-1560203112-1725275601-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B040FB0A-94EF-4FA2-9D07-063DBB9032F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{31D6E8A1-FE22-4815-91FB-07E890589684}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BD934FE-698B-459C-BFAD-268C8E88EB94}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF4F4B72-1FF3-43FD-9CF0-B3224F056295}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8F2CAD73-AFD2-4A3B-91E8-B7ADA88C9A7C}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{272024D4-71DA-488D-8825-0F0108FB6480}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{428A006E-D93F-43D5-9D48-244B7B1D4E8A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{844A1500-B427-45E5-9B13-856F5E385A6A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{82A21A96-0DB1-4A75-BEBC-AE86F99CBDC6}] => (Allow) D:\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8BDD97E7-C704-4F26-AB9D-C7CB25DD0DFC}] => (Allow) D:\steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{512EDE72-D999-4D8E-BD9C-7F0BD6EC0786}] => (Allow) D:\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{84BA4DA8-410E-4D9A-B55F-64DFF1A55AA9}] => (Allow) D:\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5B0C734C-5004-4679-91D4-F249ABDB4884}] => (Allow) D:\steam\steamapps\common\SovietRepublic\SOVIET.exe () [File not signed]
FirewallRules: [{32A2005E-42D4-4854-89A9-4DE3EE8CB162}] => (Allow) D:\steam\steamapps\common\SovietRepublic\SOVIET.exe () [File not signed]
FirewallRules: [{9B56A0D2-E6C1-4360-B2BC-6A5DB4D86B39}] => (Allow) D:\steam\steamapps\common\SovietRepublic\SETUPAPPLICATION SOVIET.exe (3DIVISION) [File not signed]
FirewallRules: [{27F1F21C-EB7C-4199-A5B3-0A8EF7E5210F}] => (Allow) D:\steam\steamapps\common\SovietRepublic\SETUPAPPLICATION SOVIET.exe (3DIVISION) [File not signed]
FirewallRules: [{C8B4A4EC-4312-489B-BC0D-779C1E1F190D}] => (Allow) D:\The Sims 4 Get Famous\Game\Bin\TS4.exe No File
FirewallRules: [{E7882072-1240-4467-90D9-9FE7C50CE3DD}] => (Allow) D:\The Sims 4 Get Famous\Game\Bin\TS4.exe No File
FirewallRules: [{FD082EFA-0838-42D6-B5CE-75F1FFCC375C}] => (Allow) D:\The Sims 4 Get Famous\Game\Bin\TS4_x64.exe No File
FirewallRules: [{A89FDB95-4300-44D6-B997-6670F851B146}] => (Allow) D:\The Sims 4 Get Famous\Game\Bin\TS4_x64.exe No File
FirewallRules: [{E7AB3BB9-81BF-449B-9E64-A2E41381E7B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DE84A845-9E31-41F1-978A-7B8AE19D1E6A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

01-06-2019 21:09:38 Запланированная контрольная точка
09-06-2019 22:44:49 Запланированная контрольная точка
17-06-2019 12:28:08 Запланированная контрольная точка
18-06-2019 19:45:53 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
18-06-2019 19:46:21 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
18-06-2019 21:28:29 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
18-06-2019 21:30:41 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
02-07-2019 00:14:41 Запланированная контрольная точка
15-07-2019 20:52:38 Запланированная контрольная точка
23-07-2019 17:21:36 Запланированная контрольная точка
30-07-2019 18:09:53 Запланированная контрольная точка
01-08-2019 23:15:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

==================== Faulty Device Manager Devices =============

Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Адаптер мини-порта виртуального WiFi Microsoft
Description: Адаптер мини-порта виртуального WiFi Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Logitech Cordless Device
Description: Logitech Cordless Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Toshiba RFBUS Driver
Description: Toshiba RFBUS Driver
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2019 10:12:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/31/2019 12:38:14 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Объект или свойство не найдено.

Error: (07/31/2019 12:38:14 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Объект или свойство не найдено.

System errors:
=============
Error: (08/02/2019 10:19:17 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Служба "Центр обновления Windows" зависла при запуске.

Error: (08/02/2019 10:15:26 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Получено следующее предупреждение о неустранимой ошибке: 70.

Error: (08/02/2019 10:15:26 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Получено следующее предупреждение о неустранимой ошибке: 40.

Error: (08/02/2019 10:12:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Получено следующее предупреждение о неустранимой ошибке: 40.

Error: (08/02/2019 10:12:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Получено следующее предупреждение о неустранимой ошибке: 70.

Error: (08/02/2019 10:11:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Предыдущее завершение работы системы в 23:31:34 на ‎01.‎08.‎2019 было неожиданным.

Error: (07/23/2019 08:33:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Получено следующее предупреждение о неустранимой ошибке: 80.

Error: (07/23/2019 08:33:18 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Получено следующее предупреждение о неустранимой ошибке: 70.

==================== Memory info ===========================

BIOS: LENOVO 71CN31WW(V1.10) 11/16/2012
Motherboard: LENOVO INVALID
Processor: Intel(R) Pentium(R) CPU B980 @ 2.40GHz
Percentage of memory in use: 75%
Total physical RAM: 6003.61 MB
Available physical RAM: 1474.25 MB
Total Virtual: 12005.39 MB
Available Virtual: 7402.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:197.9 GB) (Free:143.47 GB) NTFS
Drive d: () (Fixed) (Total:733.27 GB) (Free:580.63 GB) NTFS

\\?\Volume{aa702ec9-7458-11e7-889a-806e6f6e6963}\ (Зарезервировано системой) (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 1CFE27DD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=197.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=733.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#2 Příspěvek od **Conder** » 03 srp 2019 00:31

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
Nechaj zaskrtnute vsetky nalezy
Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah sem skopiruj

patrik52 · #3 Příspěvek od **patrik52** » 03 srp 2019 11:54

Posielam log, nieco naslo )
# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-03-2019
# Duration: 00:00:05
# OS: Windows 7 Professional
# Cleaned: 6
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\User\AppData\Roaming\DRPSu

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su
Deleted HKCU\Software\drpsu
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Smart File Advisor_is1
Deleted HKLM\Software\Wow6432Node\drpsu
Deleted HKLM\Software\drpsu

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1753 octets] - [03/08/2019 13:42:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **Conder** » 04 srp 2019 02:45

Poprosim o obidva nove logy z FRST.

VIRY.CZ

prosim o kontrolu logu, dakujem ))

prosim o kontrolu logu, dakujem ))

Re: prosim o kontrolu logu, dakujem ))

Re: prosim o kontrolu logu, dakujem ))

Re: prosim o kontrolu logu, dakujem ))