Результат сканирования Farbar Recovery Scan Tool (FRST) (x64) Версия: 16-09-2024 Запущено с помощью Avalon (Администратор) на AVALON-PC (ASUS All Series) (23-09-2024 13:52:51) Запущено из C:\AAA\11\FRST64.exe Загруженные профили: Avalon Платформа: Microsoft Windows 7 Максимальная Service Pack 1 (X64) Язык: Русский (Россия) Браузер по умолчанию: IE Режим загрузки: Normal ==================== Процессы (В белом списке) ================= (Если запись включена в fixlist, процесс будет закрыт. Файл не будет перемещён.) (atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe (C:\Program Files (x86)\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> ) C:\Program Files (x86)\TeamViewer\crashpad_handler.exe <2> (C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe (C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe (C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProxy.exe (C:\ProgramData\Lesta\GameCenter\lgc.exe ->) (LESTA LLC -> ©2022-2024 Lesta Games Agency, LLC) C:\ProgramData\Lesta\GameCenter\dlls\lgc_renderer_host.exe <3> (C:\Users\Avalon\AppData\Roaming\NCALayer\NCALayer.exe ->) (BELLSOFT -> BellSoft) C:\Users\Avalon\AppData\Roaming\NCALayer\jre\bin\javaw.exe (C:\Windows\SysWOW64\srvany.exe ->) () [Файл не подписан] C:\Windows\KMService.exe (explorer.exe ->) () [Файл не подписан] [Файл уже используется] C:\Users\Avalon\AppData\Roaming\NCALayer\NCALayer.exe (explorer.exe ->) (DT Soft Ltd -> DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (explorer.exe ->) (LESTA LLC -> ©2022-2024 Lesta Games Agency, LLC) C:\ProgramData\Lesta\GameCenter\lgc.exe (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (explorer.exe ->) (YANDEX LLC -> YANDEX LLC) [Файл не подписан] C:\Users\Avalon\AppData\Local\Yandex\YandexBrowser\Application\browser.exe <16> (services.exe ->) () [Файл не подписан] C:\Windows\SysWOW64\srvany.exe (services.exe ->) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe (services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe (services.exe ->) (AnyDesk Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (services.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Реестр Windows (В белом списке) =================== (Если запись включена в fixlist, элемент реестра будет сброшен на значение по умолчанию или удалён. Файл не будет перемещён.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-08-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe [180736 2019-10-26] (ESET, spol. s r.o. -> ESET) HKLM\...\Run: [Realtek HD Audio] => C:\ProgramData\ReaItekHD\taskhostw.exe (Нет файла) <==== ВНИМАНИЕ HKU\S-1-5-21-1854963628-2713006132-4040804188-1000\...\Run: [Lesta Game Center] => C:\ProgramData\Lesta\GameCenter\lgc.exe [1934488 2024-06-13] (LESTA LLC -> ©2022-2024 Lesta Games Agency, LLC) HKU\S-1-5-21-1854963628-2713006132-4040804188-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-05] (DT Soft Ltd -> DT Soft Ltd) HKU\S-1-5-21-1854963628-2713006132-4040804188-1000\...\Run: [YandexBrowserAutoLaunch_D65F749BEA77066B46465931FD75176D] => C:\Users\Avalon\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [4570288 2024-09-18] (YANDEX LLC -> YANDEX LLC) [Файл не подписан] HKLM\Software\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -> "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-27] (Google LLC -> Google LLC) HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\Windows\System32\cscobj.dll [2010-11-21] (Microsoft Windows -> Корпорация Майкрософт) Startup: C:\Users\Avalon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NCALayer.lnk [2020-08-21] ShortcutTarget: NCALayer.lnk -> C:\Users\Avalon\AppData\Roaming\NCALayer\NCALayer.exe () [Файл не подписан] [Файл уже используется] <==== ВНИМАНИЕ GroupPolicy: Ограничение ? <==== ВНИМАНИЕ Policies: C:\ProgramData\NTUSER.pol: Ограничение <==== ВНИМАНИЕ ==================== Запланированные задачи (В белом списке) ================= (Если запись включена в fixlist, она будет удалена из реестра. Файл не будет удалён, если он не указан отдельно.) Task: {774B318C-0A87-406F-99B0-DBF1F47AA2DB} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709344 2021-02-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {ACB606E4-27CE-4250-B1BA-3F0120925648} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) Task: {CAD368A0-551B-4750-907D-E560CF053DCF} - System32\Tasks\DownloadStudio Standalone Updater => "C:\Program Files (x86)\Download Studio\dstudio-gui.exe" --self-update (Нет файла) Task: {1D6654FB-59A4-45F9-B08A-55479C0FDA47} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET Internet Security 13.0.22.0\upgrade.exe [1847320 2022-04-13] (ESET, spol. s r.o. -> ESET) Task: {CE33C412-A1F4-46EA-8E80-F80E8A0CA4F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-16] (Google Inc -> Google Inc.) Task: {98FAEE77-156B-4CD8-8A49-A0ED9912EF29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-16] (Google Inc -> Google Inc.) Task: {07427246-8A44-42AB-AE22-786B7952C189} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [663880 2022-11-16] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (запись имеет ещё 6 символов). Task: {627FC3E2-89E5-4D61-AF4D-342E1A1DD2B0} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [714568 2022-11-16] (Mozilla Corporation -> Mozilla Foundation) Task: {F57B4472-F710-4278-98F8-74926D444632} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {9C4399C9-6C6B-4CC2-9212-00852121060A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [782136 2019-03-06] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {EA017418-E1B1-4435-B943-B9EB5A044585} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3788144 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D7286CE4-22A4-4ABB-9876-F0BB4480A83E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648504 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler Task: {12CAD46C-A9DD-44D8-9FB4-ED71705F67F1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {70E22889-213A-44B4-B1C6-40DF3CD5BC93} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [897008 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {CB14656E-4C3E-49EC-9455-BD1FB1880592} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {33E7D129-441C-4EFC-AF92-FBE8018E807C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {02AF23F2-1805-4305-9CCD-484DEE533ABA} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {6A41DA90-ED71-4068-89AD-840D6C628A8F} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1130480 2019-06-18] (NVIDIA Corporation -> NVIDIA Corporation) Task: {36266373-9BBF-47CC-919B-92C85A226EA5} - System32\Tasks\Opera scheduled assistant Autoupdate 1582728592 => C:\Program Files (x86)\Opera\launcher.exe [2469120 2022-04-01] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0) Task: {5169234D-250B-446C-8D1B-CCF9CBA535B8} - System32\Tasks\Opera scheduled Autoupdate 1495034904 => C:\Program Files (x86)\Opera\launcher.exe [2469120 2022-04-01] (Opera Software AS -> Opera Software) Task: {C02722CA-0A3C-44DD-85EF-3B19A7A66698} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60496 2021-02-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {F49C6C16-7164-48E3-BDD7-0D5420BA1A07} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60496 2021-02-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {9D1CAFCE-5CE4-4120-8D88-CC17D411ACAC} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68176 2021-02-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {B64EE501-2A7C-4609-8693-B39A8D6EC096} - System32\Tasks\Восстановление сервиса обновлений Яндекс Браузера => C:\Program Files (x86)\Yandex\YandexBrowser\22.11.0.2423\service_update.exe --repair (Нет файла) Task: {0F2B4B67-61A3-41CF-B80F-A2AB46614B54} - System32\Tasks\Восстановление сервиса обновлений Яндекс.Браузера => C:\Program Files (x86)\Yandex\YandexBrowser\22.9.1.1094\service_update.exe --repair (Нет файла) Task: {76A683B0-3382-4E49-A325-E9CC41179911} - System32\Tasks\Системное обновление Браузера Яндекс => C:\Program Files (x86)\Yandex\YandexBrowser\22.11.0.2423\service_update.exe --run-as-launcher (Нет файла) (Если запись включена в fixlist, файл задачи (.job) будет перемещён. Файл, выполняемый задачей, не будет перемещён.) Task: C:\Windows\Tasks\Восстановление сервиса обновлений Яндекс.Браузера.job => C:\Program Files (x86)\Yandex\YandexBrowser\22.9.1.1094\service_update.exe Task: C:\Windows\Tasks\Восстановление сервиса обновлений Яндекс Браузера.job => C:\Program Files (x86)\Yandex\YandexBrowser\22.11.0.2423\service_update.exe Task: C:\Windows\Tasks\Системное обновление Браузера Яндекс.job => C:\Program Files (x86)\Yandex\YandexBrowser\22.11.0.2423\service_update.exe ==================== Internet (В белом списке) ==================== (Если элемент включён в fixlist, если он является элементом реестра, он будет удалён или сброшен на значение по умолчанию.) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{AE8F5BC7-E3DA-477A-98EF-3652BF1B5811}: [DhcpNameServer] 192.168.100.1 FireFox: ======== FF DefaultProfile: a7p0za1g.default-1570892109110 FF ProfilePath: C:\Users\Avalon\AppData\Roaming\Mozilla\Firefox\Profiles\a7p0za1g.default-1570892109110 [2023-04-03] FF NewTabOverride: Mozilla\Firefox\Profiles\a7p0za1g.default-1570892109110 -> Disabled: vb@yandex.ru FF Extension: (Советник Яндекс.Маркета) - C:\Users\Avalon\AppData\Roaming\Mozilla\Firefox\Profiles\a7p0za1g.default-1570892109110\Extensions\sovetnik-yandex@yandex.ru.xpi [2021-01-29] [UpdateUrl:hxxps://static.sovetnik.yandex.net/sovetnik/extension/firefox-webextension-yandex-update.json] FF Extension: (Визуальные закладки) - C:\Users\Avalon\AppData\Roaming\Mozilla\Firefox\Profiles\a7p0za1g.default-1570892109110\Extensions\vb@yandex.ru.xpi [2019-10-15] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => не найдено FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-02] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-02] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.) [Файл не подписан] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1854963628-2713006132-4040804188-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Avalon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-23] (Unity Technologies SF -> Unity Technologies ApS) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2023-12-09] Chrome: ======= CHR Profile: C:\Users\Avalon\AppData\Local\Google\Chrome\User Data\Default [2024-09-22] CHR DefaultSearchURL: Default -> hxxps://yandex.ru/search/?__PARAM__from=chromesearch&text={searchTerms} CHR DefaultSearchKeyword: Default -> yandex.ru CHR DefaultSuggestURL: Default -> hxxps://suggest.yandex.net/suggest-ff.cgi?uil=ru&part={searchTerms} CHR Extension: (OrangeMonkey) - C:\Users\Avalon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekmeppjgajofkpiofbebgcbohbmfldaf [2022-11-21] CHR Extension: (Google Документы офлайн) - C:\Users\Avalon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-16] CHR Extension: (Яндекс) - C:\Users\Avalon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgpjdiadomhinpimgchmeembbgojnjk [2022-11-21] CHR Extension: (internet-start.net) - C:\Users\Avalon\AppData\Local\Google\Chrome\User Data\Default\Extensions\llcdellnofncikmhimjdbkdjgpmcjbik [2021-06-08] CHR Extension: (Яндекс) - C:\Users\Avalon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjmpfdkmpojoeemjmfiddlhkkndcdpno [2020-11-02] CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Avalon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-08] CHR HKU\S-1-5-21-1854963628-2713006132-4040804188-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ekmeppjgajofkpiofbebgcbohbmfldaf] CHR HKU\S-1-5-21-1854963628-2713006132-4040804188-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ldgpjdiadomhinpimgchmeembbgojnjk] CHR HKLM-x32\...\Chrome\Extension: [ekmeppjgajofkpiofbebgcbohbmfldaf] CHR HKLM-x32\...\Chrome\Extension: [fdjdjkkjoiomafnihnobkinnfjnnlhdg] CHR HKLM-x32\...\Chrome\Extension: [llcdellnofncikmhimjdbkdjgpmcjbik] CHR HKLM-x32\...\Chrome\Extension: [mjmpfdkmpojoeemjmfiddlhkkndcdpno] Opera: ======= OPR Profile: C:\Users\Avalon\AppData\Roaming\Opera Software\Opera Stable [2024-09-22] OPR DefaultSuggestURL: Opera Stable -> hxxps://suggest.yandex.ru/suggest-ya.cgi?v=4&part={searchTerms}&l10n={language} OPR Extension: (Rich Hints Agent) - C:\Users\Avalon\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2024-05-20] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Avalon\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-14] OPR Extension: (SaveFrom.net помощник) - C:\Users\Avalon\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2024-07-24] Yandex: ======= YAN Profile: C:\Users\Avalon\AppData\Local\Yandex\YandexBrowser\User Data\Default [2024-09-23] YAN DefaultSearchURL: Default -> hxxps://browser-resources.s3.yandex.net/old/get/browser/launcher_images/windows/not_yandex/youtube_win.targetsize-256.png YAN Extension: (FoE - Helper) - C:\Users\Avalon\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\bkagcmloachflbbkfmfiggipaelfamdf [2024-07-20] ==================== Службы (В белом списке) =================== (Если запись включена в fixlist, она будет удалена из реестра. Файл не будет удалён, если он не указан отдельно.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [190464 2021-02-24] () [Файл не подписан] R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3910472 2024-02-11] (AnyDesk Software GmbH -> AnyDesk Software GmbH) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] (ASUSTeK Computer Inc. -> ) R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPLauncher.exe [60704 ] (Advanced Micro Devices, Inc. -> AMD) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2243136 2019-10-26] (ESET, spol. s r.o. -> ESET) S3 ekrnEpfw; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2243136 2019-10-26] (ESET, spol. s r.o. -> ESET) S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-16] (Google Inc -> Google Inc.) S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-10-16] (Google Inc -> Google Inc.) R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2017-02-20] () [Файл не подписан] R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [19335992 2024-09-03] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation) S2 TenorshareDataRecoveryService; C:\Program Files (x86)\Tenorshare Any Data Recovery\service\TenorshareDataRecoveryService [X] ===================== Драйверы (В белом списке) =================== (Если запись включена в fixlist, она будет удалена из реестра. Файл не будет удалён, если он не указан отдельно.) U5 amdkmdap; C:\Windows\System32\Drivers\amdkmdap.sys [614176 2021-02-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] (ASUSTeK Computer Inc. -> ) R2 BlueStacksDrv; C:\Program Files (x86)\BlueStacks\BstkDrv_bgp.sys [315976 2020-10-05] (Bluestack Systems, Inc -> Bluestack System Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2017-12-16] (DT Soft Ltd -> DT Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149944 2019-10-26] (ESET, spol. s r.o. -> ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [103264 2019-10-26] (ESET, spol. s r.o. -> ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [189512 2019-10-26] (ESET, spol. s r.o. -> ESET) R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50712 2019-10-26] (ESET, spol. s r.o. -> ESET) R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [77184 2019-10-26] (ESET, spol. s r.o. -> ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61640 2019-10-26] (ESET, spol. s r.o. -> ESET) R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [114136 2019-10-26] (ESET, spol. s r.o. -> ESET) S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [60928 2019-08-24] (Microsoft Windows Hardware Compatibility Publisher -> GenesysLogic) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-06-26] (Martin Malik - REALiX -> REALiX(tm)) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (cert@ezbsystems.com -> EZB Systems, Inc.) S3 iVCam; C:\Windows\System32\DRIVERS\iVCam.sys [1089912 2020-11-03] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Microsoft Windows -> Корпорация Майкрософт) R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2024-09-23] (secr9tos) [Файл не подписан] S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2019-08-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2020-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Windows -> Корпорация Майкрософт) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation) S2 amdacpksd; \??\C:\Windows\system32\drivers\amdacpksd.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (В белом списке) =================== (Если запись включена в fixlist, она будет удалена из реестра. Файл не будет удалён, если он не указан отдельно.) ==================== Один месяц (создан) (В белом списке) ========= (Если запись включена в лист исправлений, файл/папка будут перемещены.) 2024-09-23 13:49 - 2024-09-23 13:50 - 000015922 _____ C:\Users\Avalon\Downloads\FRST.txt 2024-09-23 13:48 - 2024-09-23 13:53 - 000000000 ____D C:\FRST 2024-09-23 13:47 - 2024-09-23 13:47 - 002397696 _____ (Farbar) C:\Users\Avalon\Downloads\FRST64.exe 2024-09-23 13:43 - 2024-09-23 13:43 - 000000000 ____D C:\Windows\ABR 2024-09-23 13:29 - 2024-09-23 13:31 - 004369651 _____ C:\Users\Avalon\Downloads\HiJackThis.zip 2024-09-23 12:51 - 2024-09-22 20:58 - 000005153 _____ C:\Windows\system32\Drivers\etc\2024-09-23_12-51_hosts.bak 2024-09-23 12:47 - 2024-09-23 13:50 - 000000000 ____D C:\AAA 2024-09-23 12:46 - 2024-09-23 12:46 - 009852963 _____ C:\Users\Avalon\Downloads\AVbr.zip 2024-09-23 10:46 - 2024-09-23 10:46 - 018475871 _____ C:\Users\Avalon\Downloads\AutoLogger.zip 2024-09-23 10:46 - 2024-09-20 07:40 - 018643694 _____ (Company © regist & Drongo) C:\Users\Avalon\Desktop\AutoLogger.exe 2024-09-23 10:37 - 2024-09-23 10:37 - 000000000 _____ C:\ProgramData\ReaItekHD 2024-09-23 10:12 - 2024-09-23 10:12 - 002596072 _____ (Malwarebytes) C:\Users\Avalon\Downloads\MBSetup.exe 2024-09-23 00:36 - 2024-09-23 00:36 - 000000967 _____ C:\Users\Avalon\Desktop\Зевс и Посейдон.lnk 2024-09-22 20:27 - 2024-09-22 20:27 - 000001308 _____ C:\Users\Avalon\Desktop\WinTools.net Premium.lnk 2024-09-22 20:27 - 2024-09-22 20:27 - 000000000 ____D C:\Users\Avalon\AppData\Roaming\WinTools 2024-09-22 20:27 - 2024-09-22 20:27 - 000000000 ____D C:\Users\Avalon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinTools.net Premium 2024-09-22 20:27 - 2024-09-22 20:27 - 000000000 ____D C:\Program Files (x86)\WinTools Software 2024-09-22 20:25 - 2024-09-22 20:25 - 000003358 _____ C:\Users\Avalon\Downloads\WinTools.net Premium 24.8.1 RePack (& portable) by KpoJIuK.torrent 2024-09-22 20:18 - 2024-09-23 10:18 - 000000000 ____D C:\Users\Avalon\Doctor Web 2024-09-22 19:22 - 2024-09-22 19:22 - 010112832 _____ C:\Users\Avalon\Downloads\avz4.zip 2024-09-21 23:28 - 2024-09-21 23:28 - 000013183 _____ C:\Users\Avalon\Downloads\6257592.torrent 2024-09-21 23:24 - 2024-09-21 23:24 - 005554027 _____ (SerGEAnt's Zone Of Games ) C:\Users\Avalon\Downloads\ZeusMoO.exe 2024-09-21 23:15 - 2024-09-21 23:15 - 000039799 _____ C:\Users\Avalon\Downloads\zeus_poseidon_2_1_0_10_win_gog.torrent 2024-09-21 23:04 - 2024-09-23 12:57 - 000000000 ____D C:\Users\Avalon\Desktop\AutoLogger 2024-09-21 22:44 - 2024-09-22 20:26 - 000000000 ____D C:\Users\Avalon\Downloads\зевс 2024-09-21 22:43 - 2024-09-21 22:44 - 000062155 _____ C:\Users\Avalon\Downloads\Zeus + Poseidon_v_2.1.0.10_2016.torrent 2024-09-01 11:50 - 2024-09-01 11:50 - 005580076 _____ C:\Users\Avalon\Downloads\Pharaoh_A_New_Era_v0.1.15_[Inward_Spiral_Team].7z 2024-09-01 11:28 - 2024-09-01 11:28 - 000000000 ____D C:\Users\Avalon\AppData\LocalLow\Triskell Interactive 2024-09-01 11:26 - 2024-09-01 11:26 - 000001696 _____ C:\Users\Public\Desktop\Pharaoh - A New Era.lnk 2024-09-01 11:21 - 2024-09-01 11:21 - 000000000 ____D C:\GOG Games 2024-09-01 11:17 - 2024-09-01 11:19 - 000000000 ____D C:\Users\Avalon\Downloads\Pharaoh_A_New_Era_1.5_(69158)_win_gog 2024-09-01 11:16 - 2024-09-01 11:16 - 075922872 _____ (Download Studio Project) C:\Users\Avalon\Downloads\Pharaoh_ A New Era[x7IyMowg4].exe.infected 2024-09-01 11:16 - 2024-09-01 11:16 - 000088287 _____ C:\Users\Avalon\Downloads\[gofrag.ru]pharaoh_a_new_era.torrent ==================== Один месяц (изменён) ================== (Если запись включена в лист исправлений, файл/папка будут перемещены.) 2024-09-23 13:48 - 2019-06-26 16:44 - 000000000 ____D C:\ProgramData\NVIDIA 2024-09-23 13:48 - 2018-10-16 13:43 - 000000000 ____D C:\Program Files (x86)\Google 2024-09-23 13:45 - 2020-01-07 20:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2024-09-23 13:44 - 2017-02-20 18:47 - 000000470 _____ C:\Windows\Tasks\Системное обновление Браузера Яндекс.job 2024-09-23 13:44 - 2017-02-19 16:35 - 000042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys 2024-09-23 13:44 - 2009-07-14 10:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2024-09-23 13:43 - 2023-01-08 18:45 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2024-09-23 13:35 - 2018-08-25 19:35 - 000000428 _____ C:\Windows\Tasks\Восстановление сервиса обновлений Яндекс.Браузера.job 2024-09-23 13:00 - 2009-07-14 09:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2024-09-23 13:00 - 2009-07-14 09:45 - 000026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2024-09-23 12:51 - 2017-02-19 16:35 - 000000000 ____D C:\Users\Avalon 2024-09-23 12:48 - 2019-06-26 21:20 - 000000000 ____D C:\Program Files (x86)\IObit 2024-09-23 10:38 - 2019-06-26 14:10 - 000947272 _____ C:\Windows\ntbtlog.txt 2024-09-23 08:20 - 2017-05-17 10:33 - 000000000 ____D C:\Users\Avalon\AppData\LocalLow\Mozilla 2024-09-23 07:58 - 2022-10-04 13:58 - 000000430 _____ C:\Windows\Tasks\Восстановление сервиса обновлений Яндекс Браузера.job 2024-09-23 07:08 - 2021-01-19 17:13 - 000000400 __RSH C:\ProgramData\ntuser.pol 2024-09-23 00:35 - 2017-02-19 17:27 - 000000000 ____D C:\Games 2024-09-22 22:33 - 2021-09-21 16:43 - 000000000 ____D C:\Users\Avalon\AppData\Local\ОК Игры 2024-09-22 22:33 - 2017-07-01 19:13 - 000000000 ____D C:\Users\Avalon\AppData\Roaming\uTorrent 2024-09-22 22:33 - 2017-03-14 14:06 - 000000000 ____D C:\Users\Avalon\AppData\Local\CrashDumps 2024-09-22 22:33 - 2017-02-20 18:24 - 000000000 ____D C:\Users\Avalon\AppData\Roaming\Microsoft\Шаблоны 2024-09-22 22:33 - 2017-02-20 18:24 - 000000000 ____D C:\Users\Avalon\AppData\Roaming\Microsoft\Office 2024-09-22 22:32 - 2021-01-22 14:16 - 000000000 ____D C:\Program Files (x86)\Steam 2024-09-22 22:32 - 2020-01-19 16:10 - 000000000 ____D C:\Users\Avalon\Desktop\мои ТТК 2024-09-22 22:32 - 2019-06-26 16:21 - 000000000 ____D C:\NVIDIA 2024-09-22 22:32 - 2017-10-09 01:02 - 000000000 ____D C:\Windows\Minidump 2024-09-22 22:32 - 2017-05-17 20:28 - 000000000 ____D C:\Program Files (x86)\Opera 2024-09-22 22:32 - 2017-02-19 16:50 - 000000000 ____D C:\Windows\AsusInstAll 2024-09-22 22:31 - 2023-01-08 18:36 - 000000000 ____D C:\AMD 2024-09-22 22:31 - 2017-02-19 16:46 - 000000000 ____D C:\Intel 2024-09-22 22:09 - 2019-06-26 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2024-09-22 22:09 - 2017-04-27 12:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2024-09-22 22:08 - 2023-02-01 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2024-09-22 22:08 - 2009-07-14 10:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2024-09-22 20:26 - 2019-09-26 11:00 - 000000000 ____D C:\Users\Avalon\AppData\Local\BitTorrentHelper 2024-09-21 23:10 - 2019-06-07 21:26 - 000000000 ___HD C:\Windows\msdownld.tmp 2024-09-21 23:10 - 2019-06-07 21:26 - 000000000 ____D C:\Windows\SysWOW64\directx 2024-09-21 23:04 - 2017-02-19 16:35 - 000000000 ____D C:\Users\Avalon\AppData\Roaming\Microsoft\Windows 2024-09-21 23:03 - 2009-07-14 08:20 - 000000000 ____D C:\Program Files\Common Files\System 2024-09-21 17:18 - 2017-02-20 18:47 - 000002456 _____ C:\Users\Avalon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk 2024-09-21 06:57 - 2020-08-21 18:56 - 000000000 ____D C:\Users\Avalon\AppData\Roaming\NCALayer 2024-09-20 07:30 - 2021-01-29 11:07 - 000003366 _____ C:\Windows\system32\Tasks\ESET Windows 10 upgrade – Refresh settings 2024-09-16 06:45 - 2023-01-08 22:07 - 000000000 ____D C:\Users\Avalon\AppData\Local\AMD_Common 2024-09-13 06:32 - 2009-07-14 10:08 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2024-08-28 09:05 - 2019-08-31 12:10 - 000000000 ____D C:\ProgramData\AlawarWrapper 2024-08-27 19:32 - 2011-01-21 22:27 - 000725376 _____ C:\Windows\system32\perfh019.dat 2024-08-27 19:32 - 2011-01-21 22:27 - 000151190 _____ C:\Windows\system32\perfc019.dat 2024-08-27 19:32 - 2009-07-14 10:13 - 001651812 _____ C:\Windows\system32\PerfStringBackup.INI 2024-08-27 19:32 - 2009-07-14 08:20 - 000000000 ____D C:\Windows\inf ==================== Файлы в корне каталогов ======== 2020-04-05 22:10 - 2020-04-05 22:10 - 000116870 _____ () C:\Users\Avalon\AppData\Local\Файл зашифрован. Пиши. Почта clubnika@elude.in [1910].WANNACASH NCOV v310320 ==================== FLock ============================== 2019-08-01 16:17 C:\Windows\Minidump\080119-23680-01.dmp 2019-11-09 10:35 C:\Windows\Minidump\110919-27612-01.dmp ==================== SigCheck ============================ (Нет автоматического исправления файлов, которые не проходят проверку.) LastRegBack: 2024-09-23 13:20 ==================== Конец от FRST.txt ========================