Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-09-2020 Ran by Samsung (administrator) on SAMSUNG-ПК (SAMSUNG ELECTRONICS CO., LTD. 305V4A/305V5A) (11-09-2020 12:46:07) Running from D:\Downloads Loaded Profiles: Samsung Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Русский (Россия) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13> (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\MountPoints2: {1eb36e77-225d-11ea-af4d-8a38d1b65448} - F:\SDI_auto.bat HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\MountPoints2: {3de9e819-7e3f-11ea-9de9-e811327012ce} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\MountPoints2: {4b22101b-61cb-11ea-86e8-e811327012ce} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\MountPoints2: {6023e2b0-2807-11ea-a8dc-e811327012ce} - F:\HiSuiteDownLoader.exe HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe [2020-09-03] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0ABA07A5-FFE7-441F-B734-1626E6ABFD4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation) Task: {83070E09-36EF-4702-871A-76397554347B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation) Task: {EFC29C57-1FEC-450A-A4D6-4B5CD83EBBA5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0 Tcpip\..\Interfaces\{0FBF41AF-EE07-4441-B499-44FE668C75BF}: [DhcpNameServer] 192.168.0.1 0.0.0.0 Internet Explorer: ================== HKU\S-1-5-21-2789528202-2806050775-268277386-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yandex.ru/?win=417&clid=2332286 SearchScopes: HKU\S-1-5-21-2789528202-2806050775-268277386-1000 -> DefaultScope 4b8076d8-2808-11ea-8499-020f4d423a5a URL = hxxps://yandex.ru/search/?win=417&clid=2332287&text={searchTerms} SearchScopes: HKU\S-1-5-21-2789528202-2806050775-268277386-1000 -> 4b8076d8-2808-11ea-8499-020f4d423a5a URL = hxxps://yandex.ru/search/?win=417&clid=2332287&text={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll => No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll => No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2019-12-26] FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxps://www.yandex.ru/?win=417&clid=2332286 FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20195126.xml [2019-12-26] FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [No File] FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [No File] FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS -> Unity Technologies ApS) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems Incorporated -> Adobe Systems) Chrome: ======= CHR Profile: C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default [2020-09-11] CHR DownloadDir: D:\Downloads CHR StartupUrls: Default -> "hxxp://vk.com/im" CHR Extension: (Документы) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-23] CHR Extension: (Диск Google) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-12-19] CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-23] CHR Extension: (Adblock Plus - бесплатный блокировщик рекламы) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-09-10] CHR Extension: (AdBlock на YouTube™) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\emngkmlligggbbiioginlkphcmffbncb [2020-05-13] CHR Extension: (Скачать музыку c VK) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjocjagfinihkkaahliainflifnlnfc [2020-03-08] CHR Extension: (Google Документы офлайн) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-08-26] CHR Extension: (AdBlock — лучший блокировщик рекламы) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-09-03] CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-23] CHR Extension: (Flash-HTML5 for YouTube™) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\omimccinlhlkpjaeaocglgmkbelejlhj [2020-08-06] CHR Extension: (Speedtest by Ookla) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2020-04-30] CHR Extension: (Gmail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-12-23] CHR Extension: (Chrome Media Router) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-27] CHR HKU\S-1-5-21-2789528202-2806050775-268277386-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ldgpjdiadomhinpimgchmeembbgojnjk] Opera: ======= OPR StartupUrls: "hxxps://www.yandex.ru/?win=417&clid=2332286" ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated) S2 TermService; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) <==== ATTENTION (no ServiceDLL) S2 TermService; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL) <==== ATTENTION (no ServiceDLL) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation) S2 AdobeUpdateService; "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe" [X] S2 AxAutoMntSrv; D:\Alcohol 120\AxAutoMntSrv.exe [X] S2 luminati_net_updater_win_alcohol_soft; D:\Alcohol 120\lumsdk\net_updater32.exe --updater win_alcohol.soft [X] S2 StarWindServiceAE; D:\Alcohol 120\StarWind\StarWindServiceAE.exe [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Microsoft Windows -> Корпорация Майкрософт) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [393880 2019-12-31] (Disc Soft Ltd -> Duplex Secure Ltd.) R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Windows -> Корпорация Майкрософт) U3 acknvhng; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-09-11 12:46 - 2020-09-11 12:46 - 000000000 ____D C:\FRST 2020-09-11 12:45 - 2020-09-11 12:45 - 000000000 ____D C:\Windows\ABR 2020-09-11 12:18 - 2020-09-11 12:18 - 000000042 _____ C:\Users\Samsung\Desktop\Новый текстовый документ.txt 2020-09-11 09:42 - 2020-09-11 09:44 - 000000000 ____D C:\Users\Samsung\Desktop\autologger 2020-09-11 09:15 - 2020-09-11 09:18 - 000000000 ____D C:\Users\Samsung\Desktop\uvs 2020-09-10 19:40 - 2020-09-11 09:54 - 011431936 _____ C:\Users\Все пользователи\temp5.exe 2020-09-10 19:40 - 2020-09-11 09:54 - 011431936 _____ C:\ProgramData\temp5.exe 2020-09-10 19:17 - 2020-09-10 19:17 - 000000000 ____D C:\Users\Samsung\CLionProjects 2020-09-10 19:13 - 2020-09-10 19:20 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\JetBrains 2020-09-10 19:13 - 2020-09-10 19:13 - 000000000 ____D C:\Users\Samsung\AppData\Local\JetBrains 2020-09-10 19:05 - 2020-09-10 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains 2020-09-10 19:02 - 2020-09-10 19:02 - 000000753 _____ C:\Users\Все пользователи\Desktop\CLion 2020.2.1 x64.lnk 2020-09-10 19:02 - 2020-09-10 19:02 - 000000753 _____ C:\Users\Public\Desktop\CLion 2020.2.1 x64.lnk 2020-09-10 19:02 - 2020-09-10 19:02 - 000000753 _____ C:\ProgramData\Desktop\CLion 2020.2.1 x64.lnk 2020-09-10 19:02 - 2020-09-10 19:02 - 000000000 ____D C:\Program Files\JetBrains 2020-09-10 18:23 - 2020-09-10 18:23 - 000000000 ____D C:\Users\Все пользователи\VS Revo Group 2020-09-10 18:23 - 2020-09-10 18:23 - 000000000 ____D C:\Users\Samsung\AppData\Local\VS Revo Group 2020-09-10 18:23 - 2020-09-10 18:23 - 000000000 ____D C:\ProgramData\VS Revo Group 2020-09-10 18:23 - 2020-09-10 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2020-09-10 18:23 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2020-09-10 18:17 - 2020-09-10 18:17 - 000000565 _____ C:\Users\Все пользователи\Desktop\Total Uninstall 6.lnk 2020-09-10 18:17 - 2020-09-10 18:17 - 000000565 _____ C:\Users\Public\Desktop\Total Uninstall 6.lnk 2020-09-10 18:17 - 2020-09-10 18:17 - 000000565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk 2020-09-10 18:17 - 2020-09-10 18:17 - 000000565 _____ C:\ProgramData\Desktop\Total Uninstall 6.lnk 2020-09-10 18:17 - 2020-09-10 18:17 - 000000016 _____ C:\Users\Все пользователи\mntemp 2020-09-10 18:17 - 2020-09-10 18:17 - 000000016 _____ C:\ProgramData\mntemp 2020-09-10 18:17 - 2020-09-10 18:17 - 000000000 ____D C:\Users\Все пользователи\Martau 2020-09-10 18:17 - 2020-09-10 18:17 - 000000000 ____D C:\ProgramData\Martau 2020-09-10 16:09 - 2020-09-10 16:09 - 000000000 ____D C:\Users\Samsung\AppData\Local\Tempzxpsign9da99fa03e6b8ee1 2020-09-10 16:08 - 2020-09-10 16:08 - 000000000 ____D C:\Users\Samsung\AppData\Local\Tempzxpsigncd70d7d719d31d86 2020-09-10 16:03 - 2020-09-10 16:03 - 000000793 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017 (32 Bit).lnk 2020-09-10 15:55 - 2020-09-10 15:55 - 000001518 _____ C:\Users\Все пользователи\Desktop\Adobe Application Manager.lnk 2020-09-10 15:55 - 2020-09-10 15:55 - 000001518 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk 2020-09-10 15:55 - 2020-09-10 15:55 - 000001518 _____ C:\ProgramData\Desktop\Adobe Application Manager.lnk 2020-09-10 14:00 - 2020-09-10 15:55 - 000001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2020-09-10 13:59 - 2020-09-11 12:29 - 000000000 __SHD C:\Users\Все пользователи\Windows 2020-09-10 13:59 - 2020-09-11 12:29 - 000000000 __SHD C:\ProgramData\Windows 2020-09-10 13:58 - 2020-09-11 12:29 - 000000000 ___HD C:\Program Files\RDP Wrapper 2020-09-10 13:58 - 2020-09-10 13:58 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe 2020-09-10 13:57 - 2020-09-10 13:57 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\Macromedia 2020-09-10 13:47 - 2020-09-11 09:54 - 000000000 __SHD C:\Users\Все пользователи\RunDLL 2020-09-10 13:47 - 2020-09-11 09:54 - 000000000 __SHD C:\ProgramData\RunDLL 2020-09-10 13:47 - 2020-09-11 09:23 - 000000000 __SHD C:\Users\Все пользователи\WindowsTask 2020-09-10 13:47 - 2020-09-11 09:23 - 000000000 __SHD C:\ProgramData\WindowsTask 2020-09-10 13:47 - 2020-09-10 15:46 - 000000000 __SHD C:\Users\Все пользователи\Setup 2020-09-10 13:47 - 2020-09-10 15:46 - 000000000 __SHD C:\ProgramData\Setup 2020-09-10 13:47 - 2020-09-10 13:59 - 000000000 __SHD C:\Users\Все пользователи\install 2020-09-10 13:47 - 2020-09-10 13:59 - 000000000 __SHD C:\ProgramData\install 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Users\Все пользователи\Norton 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Users\Все пользователи\McAfee 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Users\Все пользователи\Kaspersky Lab Setup Files 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Users\Все пользователи\Kaspersky Lab 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Users\Все пользователи\grizzly 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Users\Все пользователи\ESET 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Users\Все пользователи\Doctor Web 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Users\Все пользователи\AVAST Software 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Users\Все пользователи\360safe 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\ProgramData\Norton 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\ProgramData\McAfee 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\ProgramData\Kaspersky Lab Setup Files 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\ProgramData\Kaspersky Lab 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\ProgramData\grizzly 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\ProgramData\ESET 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\ProgramData\Doctor Web 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\ProgramData\AVAST Software 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\ProgramData\360safe 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files\SpyHunter 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files\Malwarebytes 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files\Kaspersky Lab 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files\ESET 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files\Enigma Software Group 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files\COMODO 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files\Common Files\McAfee 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files\Cezurity 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files\ByteFence 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files\AVG 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files\AVAST Software 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files (x86)\SpyHunter 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files (x86)\Panda Security 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files (x86)\Cezurity 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files (x86)\AVG 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files (x86)\AVAST Software 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\Program Files (x86)\360 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\KVRT_Data 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 __SHD C:\AdwCleaner 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 ____D C:\Windows\speechstracing 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 ____D C:\Users\Все пользователи\System32 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 ____D C:\Users\Все пользователи\MB3Install 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 ____D C:\Users\Все пользователи\Malwarebytes 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 ____D C:\Users\Все пользователи\Indus 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 ____D C:\Users\Все пользователи\Avira 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 ____D C:\ProgramData\System32 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 ____D C:\ProgramData\MB3Install 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 ____D C:\ProgramData\Indus 2020-09-10 13:47 - 2020-09-10 13:47 - 000000000 ____D C:\ProgramData\Avira 2020-09-10 13:09 - 2020-09-10 13:09 - 000000000 ____D C:\Users\Samsung\Downloads\Photoshop CC 2017 2020-09-10 13:06 - 2020-09-10 13:10 - 000000000 ____D C:\Users\Samsung\AppData\LocalLow\uTorrent 2020-09-09 23:07 - 2020-09-09 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net 2020-09-09 22:59 - 2020-09-09 22:59 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer 2020-09-09 20:15 - 2020-09-09 20:15 - 000001890 _____ C:\Users\Samsung\Desktop\Zoom.lnk 2020-09-09 10:39 - 2020-09-09 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam 2020-09-09 10:39 - 2020-09-09 10:39 - 000000000 ____D C:\Program Files (x86)\Bandicam 2020-09-08 17:23 - 2020-09-08 17:23 - 000670587 _____ C:\Users\Samsung\Desktop\решения Волькенштейн.pdf 2020-09-08 15:03 - 2020-09-08 15:02 - 010828309 _____ C:\Users\Samsung\Desktop\задачник Волькенштейн.pdf 2020-09-07 19:58 - 2020-09-07 20:00 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\Code 2020-09-07 19:58 - 2020-09-07 19:58 - 000000000 ____D C:\Users\Samsung\.vscode 2020-09-06 20:42 - 2020-09-06 20:42 - 000000000 ____D C:\Users\Samsung\Documents\CLEO_SDK 2020-09-04 21:52 - 2028-03-18 09:54 - 000000000 ____D C:\Users\Samsung\AppData\Local\CrashDumps 2020-09-04 15:24 - 2020-09-04 15:24 - 000001399 _____ C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NVIDIA GeForce NOW.lnk 2020-09-04 15:23 - 2020-09-04 15:24 - 000000000 ____D C:\Users\Samsung\AppData\Local\NVIDIA Corporation 2020-09-04 15:12 - 2020-09-04 15:12 - 000000202 _____ C:\Users\Samsung\Desktop\CT Special Forces Fire for Effect.url 2020-09-04 08:01 - 2020-09-04 08:01 - 000000000 ____D C:\Users\Samsung\Documents\Zoom 2020-09-04 08:00 - 2020-09-04 08:00 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\Zoom 2020-09-04 08:00 - 2020-09-04 08:00 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2020-09-03 12:32 - 2020-09-09 11:22 - 000000000 ___HD C:\Users\Все пользователи\Documents\AdobeGCData 2020-09-03 12:32 - 2020-09-09 11:22 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2020-09-03 12:32 - 2020-09-09 11:22 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2020-09-02 13:42 - 2020-09-02 13:42 - 000000000 ____D C:\Users\Samsung\MediaGet2 2020-09-02 13:42 - 2020-09-02 13:42 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2 2020-09-02 13:42 - 2020-09-02 13:42 - 000000000 ____D C:\Users\Samsung\AppData\Local\Media Get LLC 2020-09-01 21:47 - 2020-09-10 16:05 - 000000748 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk 2020-09-01 21:47 - 2020-09-01 21:47 - 000000000 ____D C:\Users\Samsung\Documents\Adobe 2020-09-01 21:43 - 2020-09-01 21:43 - 000000000 ____D C:\Program Files\Adobe 2020-09-01 21:41 - 2020-09-01 21:41 - 000001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2020-09-01 21:38 - 2020-09-01 21:38 - 000000000 ____D C:\Program Files (x86)\Adobe 2020-09-01 21:21 - 2020-09-01 21:35 - 000000000 ____D C:\Users\Samsung\Downloads\Adobe_Photoshop_CC_2017 2020-09-01 16:22 - 2020-09-01 16:22 - 002659523 _____ C:\Users\Samsung\Desktop\реш зад физика.pdf 2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 ____D C:\Users\Все пользователи\Microsoft Visual Studio 2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio 2020-08-24 16:56 - 2020-08-31 19:04 - 000000000 ____D C:\Users\Samsung\Desktop\поступление 2020-08-22 12:14 - 2020-08-22 12:14 - 000000000 _____ C:\Users\Samsung\AppData\Local\{79D57A8F-6644-4285-B6F5-3FD79BBB73F7} 2020-08-18 09:24 - 2017-12-27 22:20 - 001460224 _____ (Stas'M Corp.) C:\Users\Все пользователи\RDPWinst.exe 2020-08-18 09:24 - 2017-12-27 22:20 - 001460224 _____ (Stas'M Corp.) C:\ProgramData\RDPWinst.exe ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2028-03-18 09:55 - 2020-01-12 01:32 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\Discord 2020-09-11 12:37 - 2009-07-14 09:45 - 000028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2020-09-11 12:37 - 2009-07-14 09:45 - 000028320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2020-09-11 12:30 - 2009-07-14 10:09 - 000000000 ____D C:\Windows\system32\Tasks\WPD 2020-09-11 12:30 - 2009-07-14 10:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-09-10 21:09 - 2020-03-04 16:09 - 000000000 ____D C:\Users\Samsung\Documents\DAVAProject 2020-09-10 19:50 - 2020-01-01 16:56 - 000000000 ____D C:\Users\Все пользователи\Package Cache 2020-09-10 19:50 - 2020-01-01 16:56 - 000000000 ____D C:\ProgramData\Package Cache 2020-09-10 19:17 - 2019-12-19 17:32 - 000000000 ____D C:\Users\Samsung 2020-09-10 18:34 - 2019-12-26 22:50 - 000000000 ____D C:\Users\Samsung\AppData\Local\Yandex 2020-09-10 18:28 - 2009-07-14 08:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2020-09-10 18:17 - 2009-07-14 08:20 - 000000000 ____D C:\Windows\system 2020-09-10 18:13 - 2020-03-18 19:24 - 000000000 ____D C:\Windows\system32\Tasks\OfficeSoftwareProtectionPlatform 2020-09-10 16:06 - 2020-04-07 20:38 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\Adobe 2020-09-10 16:00 - 2020-04-07 20:38 - 000000000 ____D C:\Program Files\Common Files\Adobe 2020-09-10 13:47 - 2009-07-14 08:20 - 000000000 ____D C:\Program Files\Common Files\System 2020-09-10 13:10 - 2019-12-26 22:50 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\uTorrent 2020-09-10 13:09 - 2020-07-20 19:44 - 000000000 ____D C:\Users\Samsung\AppData\Local\Spotify 2020-09-10 13:07 - 2020-07-20 19:43 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\Spotify 2020-09-10 13:07 - 2019-12-26 23:05 - 000000000 ___SD C:\Users\Samsung\AppData\LocalLow\Temp 2020-09-10 13:06 - 2019-12-26 23:08 - 000000000 ____D C:\Users\Samsung\AppData\Local\BitTorrentHelper 2020-09-09 22:55 - 2020-01-01 19:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA San Andreas 2020-09-09 22:47 - 2020-01-01 17:43 - 000000000 ____D C:\Windows\SysWOW64\directx 2020-09-07 23:45 - 2020-03-12 21:01 - 000000000 ____D C:\Users\Samsung\AppData\LocalLow\Unity 2020-09-04 10:51 - 2020-04-07 22:07 - 000000000 ____D C:\Users\Samsung\Documents\Bandicam 2020-09-03 08:14 - 2019-12-19 17:35 - 000002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-09-02 13:59 - 2020-03-18 19:29 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2020-09-02 13:59 - 2019-12-19 17:37 - 000000000 ____D C:\Users\Все пользователи\Microsoft Help 2020-09-02 13:41 - 2020-03-18 21:02 - 000000000 ____D C:\Users\Все пользователи\SoftMaker 2020-09-02 13:41 - 2020-03-18 21:02 - 000000000 ____D C:\ProgramData\SoftMaker 2020-09-02 13:24 - 2020-04-07 20:38 - 000000000 ____D C:\Users\Все пользователи\Adobe 2020-09-02 13:24 - 2020-04-07 20:38 - 000000000 ____D C:\ProgramData\Adobe 2020-09-02 13:22 - 2020-04-07 20:38 - 000000000 ____D C:\Users\Samsung\AppData\Local\Adobe 2020-09-01 16:59 - 2009-07-14 08:20 - 000000000 ____D C:\Windows\system32\NDF 2020-08-31 21:34 - 2020-01-12 01:32 - 000002172 _____ C:\Users\Samsung\Desktop\Discord.lnk 2020-08-31 21:34 - 2020-01-12 01:32 - 000000000 ____D C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2020-08-31 21:34 - 2020-01-12 01:32 - 000000000 ____D C:\Users\Samsung\AppData\Local\Discord 2020-08-31 19:06 - 2020-06-08 23:02 - 000000000 ____D C:\Users\Samsung\Desktop\программирование 2020-08-31 14:38 - 2020-06-15 00:07 - 000000000 ____D C:\Users\Samsung\AppData\Local\ElevatedDiagnostics 2020-08-22 22:57 - 2019-12-19 17:34 - 000117320 _____ C:\Users\Samsung\AppData\Local\GDIPFONTCACHEV1.DAT 2020-08-20 14:24 - 2009-07-14 09:45 - 000472432 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======== 2020-08-18 09:24 - 2017-12-27 22:20 - 001460224 _____ (Stas'M Corp.) C:\ProgramData\RDPWinst.exe 2020-09-10 19:40 - 2020-09-11 09:54 - 011431936 _____ () C:\ProgramData\temp5.exe 2020-08-18 09:24 - 2017-12-27 22:20 - 001460224 _____ (Stas'M Corp.) C:\Users\Все пользователи\RDPWinst.exe 2020-09-10 19:40 - 2020-09-11 09:54 - 011431936 _____ () C:\Users\Все пользователи\temp5.exe 2020-06-20 12:44 - 2020-06-20 12:44 - 000000000 ____H () C:\Users\Samsung\AppData\Local\BITEC8A.tmp 2020-09-03 21:33 - 2020-09-03 21:33 - 000000000 _____ () C:\Users\Samsung\AppData\Local\oobelibMkey.log 2020-08-22 12:14 - 2020-08-22 12:14 - 000000000 _____ () C:\Users\Samsung\AppData\Local\{79D57A8F-6644-4285-B6F5-3FD79BBB73F7} 2020-06-20 12:43 - 2020-06-20 12:44 - 000000000 _____ () C:\Users\Samsung\AppData\Local\{802C5B04-5B07-4AC9-B798-FD07D09D78D6} 2020-03-23 21:00 - 2020-03-23 21:00 - 000000000 _____ () C:\Users\Samsung\AppData\Local\{893ED6EB-526D-4E25-9387-D27E46692233} 2020-07-23 15:49 - 2020-07-23 15:49 - 000000000 _____ () C:\Users\Samsung\AppData\Local\{8DBF7CCD-3555-4037-A3C3-2F801A4DC0C3} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2020-09-06 15:21 ==================== End of FRST.txt ========================