Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016 Ran by 27972 (2016-07-05 23:51:02) Running from C:\Users\27972\Documents\Farber Recovery Scan Tool Windows 10 Pro Version 1511 (X64) (2016-06-30 20:14:08) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= 27972 (S-1-5-21-2825347086-2981257662-4213469737-1000 - Administrator - Enabled) => C:\Users\27972 Aziza (S-1-5-21-2825347086-2981257662-4213469737-1003 - Limited - Enabled) => C:\Users\Aziza DefaultAccount (S-1-5-21-2825347086-2981257662-4213469737-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2825347086-2981257662-4213469737-1009 - Limited - Enabled) Sonya (S-1-5-21-2825347086-2981257662-4213469737-1002 - Administrator - Enabled) => C:\Users\Sonya Администратор (S-1-5-21-2825347086-2981257662-4213469737-500 - Administrator - Disabled) Гость (S-1-5-21-2825347086-2981257662-4213469737-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Free (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Free (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated) AIDA64 Extreme v5.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.30 - FinalWire Ltd.) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DNSUnlocker (HKLM\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: - ) DNSUnlocker (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden eShield Browser Security (HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\...\{1ED4791B-A481-4AE8-89EE-AF6F81FDEFAD}) (Version: - eShield) <==== ATTENTION FBS Trader 4 (HKLM-x32\...\FBS Trader 4) (Version: 4.00 - MetaQuotes Software Corp.) FlvPlayer (HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\...\FlvPlayer) (Version: ${VERSION} - ) <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kaspersky Free (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Лаборатория Касперского) Kaspersky Free (x32 Version: 16.0.1.445 - Лаборатория Касперского) Hidden KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl) K-Lite Codec Pack 10.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - ) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.0.3 - PandoraTV) L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version: - ) L&H TTS3000 Espaсol (HKLM-x32\...\LHTTSSPE) (Version: - ) L&H TTS3000 Franзais (HKLM-x32\...\LHTTSFRF) (Version: - ) L&H TTS3000 Italiano (HKLM-x32\...\LHTTSITI) (Version: - ) L&H TTS3000 Russian (HKLM-x32\...\LHTTSRUR) (Version: - ) Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - ) LiteForex MT4 Terminal (HKLM-x32\...\LiteForex MT4 Terminal) (Version: 6.00 - MetaQuotes Software Corp.) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Excel 2007 Help Обновление (KB963678) (HKLM-x32\...\{90120000-0016-0419-0000-0000000FF1CE}_ENTERPRISE_{420938DB-BF97-4664-BE29-0C68B4802C00}) (Version: - Microsoft) Microsoft Office Outlook 2007 Help Обновление (KB963677) (HKLM-x32\...\{90120000-001A-0419-0000-0000000FF1CE}_ENTERPRISE_{E9D6C0F9-9879-4FC4-8E13-BF0D3953E0E6}) (Version: - Microsoft) Microsoft Office Powerpoint 2007 Help Обновление (KB963669) (HKLM-x32\...\{90120000-0018-0419-0000-0000000FF1CE}_ENTERPRISE_{BD1C2AC7-63F3-4C75-8B44-DE3D700B3BC8}) (Version: - Microsoft) Microsoft Office Word 2007 Help Обновление (KB963665) (HKLM-x32\...\{90120000-001B-0419-0000-0000000FF1CE}_ENTERPRISE_{D3A002FB-0F62-4840-80AD-2D2C63F83449}) (Version: - Microsoft) Microsoft OneNote 2013 - ru-ru (HKLM\...\OneNoteFreeRetail - ru-ru) (Version: 15.0.4833.1001 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.11.2-r113542-release - Plays.tv, LLC) PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.337.376 - VoiceFive, Inc.) <==== ATTENTION PROMT Expert 8 Giant (HKLM-x32\...\{A4F761F7-FBC8-49BF-BC37-15550C3EAA85}) (Version: 8.0.297 - ПРОМТ) Punto Switcher 4.2.5 (HKLM-x32\...\{2A3C1FF6-043A-488F-9F80-46EBC23EE7C5}) (Version: 4.2.5.1238 - Яндекс) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.1-r113066-release - Raptr, Inc) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Record Page (HKLM-x32\...\Record Page) (Version: 2.0.5702.19174 - Record Page) <==== ATTENTION SaxoTrader 2 (HKLM-x32\...\{024D66E9-D50C-44A7-92B4-2DFDDD95D228}) (Version: 2.139.28.0 - Saxo Bank) Sippoint 3.2.1.552 (HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\...\Sippoint_is1) (Version: - Sippoint) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Snagit 10 (HKLM-x32\...\{542FE221-0FF1-494E-A534-380FB9F486D4}) (Version: 10.0 - TechSmith Corporation) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer) Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.55a Retail zoo - Ghisler Software GmbH) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) UpdateAdmin (HKLM-x32\...\{8F1CD30B-3A84-4B95-BFA4-CC0F885B8463}) (Version: 2.0.1999 - DownloadAdmin) <==== ATTENTION Windows Codecs (HKLM-x32\...\{EFA09999-B80F-4D1B-B590-7142D8853C77}}_is1) (Version: 1.0.0.74 - ITVA LLC) WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) Yandex (HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\...\YandexBrowser) (Version: 16.6.1.30117 - ООО «ЯНДЕКС») Игры от GameBoss (HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\...\Игры от GameBoss) (Version: - Невософт) Мастер настройки, версия 0.2.1 (HKLM-x32\...\{4821B896-601E-4F86-B92F-8B5F28F1EFCD}_is1) (Version: 0.2.1 - Beeline) Менеджер браузеров (HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\...\{12f34aee-538c-44d5-b33a-12213b7e0197}) (Version: 2.1.2.577 - Яндекс) Менеджер браузеров (x32 Version: 2.1.2.577 - Яндекс) Hidden Основные компоненты Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Основные компоненты Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 16.4.3528.0331 - Корпорация Майкрософт) Hidden Фотоальбом (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Фотографии (общедоступная версия) (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Элементы Яндекса 8.13 для Internet Explorer (HKLM-x32\...\{8E17913D-7C5A-4FCC-9E0F-A52592629223}) (Version: 8.13.0.9013 - Яндекс) Языковой пакет Microsoft Visual Studio 2010 Tools для среды выполнения Office (x64) - RUS (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - RUS) (Version: 10.0.50903 - Microsoft Corporation) Яндекс.Диск (HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\...\YandexDisk) (Version: 1.4.9.5181 - Яндекс) Яндекс.Строка (HKLM-x32\...\{E7EA820F-5EBA-4DB8-9299-DC081B0468D2}) (Version: 1.5.4.272 - Яндекс) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2825347086-2981257662-4213469737-1000_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> C:\Users\27972\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс) CustomCLSID: HKU\S-1-5-21-2825347086-2981257662-4213469737-1000_Classes\CLSID\{2D6BD2F0-5F84-4a06-924F-AEE0598B6272}\InprocServer32 -> C:\Users\27972\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс) CustomCLSID: HKU\S-1-5-21-2825347086-2981257662-4213469737-1000_Classes\CLSID\{33A431BB-FF15-4047-8FEC-F82FD3523A00}\localserver32 -> C:\Users\27972\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe (Яндекс) CustomCLSID: HKU\S-1-5-21-2825347086-2981257662-4213469737-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\27972\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2825347086-2981257662-4213469737-1000_Classes\CLSID\{898E8883-5181-4959-B230-E3C01F807653}\InprocServer32 -> C:\Program Files (x86)\TNT2\2.0.0.1995\IEToolbar64.dll => No File CustomCLSID: HKU\S-1-5-21-2825347086-2981257662-4213469737-1000_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> C:\Users\27972\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс) CustomCLSID: HKU\S-1-5-21-2825347086-2981257662-4213469737-1000_Classes\CLSID\{E36606FE-036A-4dd0-ABA9-A58F409803F0}\InprocServer32 -> C:\Users\27972\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04286734-0F4D-43E1-BE2A-CF0B7DD01ED6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {0AAC9C26-4AAF-4C4D-B90D-2489D61714ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {0B7BBD80-430A-476D-B678-8EDDCA121BA9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {12B838E5-C1C1-4EA9-8535-D6935A0C9E94} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {18B2ADC1-0CB4-463C-831A-319B5277EAF3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {18E90704-DC12-4575-9FA8-9E94707BEC84} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {1BCAB131-35CA-4C39-8B40-A2098BB4F383} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {1BFD5390-B427-4F83-B1AE-90653CA55DB5} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {207D6D67-D876-4965-9483-CAC6E342D97E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {29531296-1412-4540-BF27-D0B2E27A289B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {2A87EE45-BF47-4C0C-88E1-E9D5528F6360} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {2CEC015E-74B7-4D26-AA5C-63E5E643456F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {416E047D-1C71-47B0-9A14-A4437EAAF820} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {4506E1FD-1940-479E-9FE8-5696BE4EF939} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {459AFBDA-EC2E-482F-BD05-02DD7F03E868} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {46102543-AE30-433A-9808-4536009B144C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {46D6D576-3804-4775-A346-698C7A671D15} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {4C95E0AD-DEA4-49D7-99F4-F6FDA14129F7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {511E5365-1BC6-498F-9427-4C715C494908} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {5793444E-0DBC-4A2B-83A9-76EE0FA56E87} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.) Task: {68D9F4E8-3A11-4514-8FAC-4A9B9DB9D9F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {6A3D12B8-7465-491C-A518-EBDD54F33A5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {6BED45F7-74EB-459D-877F-F16DCDB7B8C9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {7177DC04-E018-4C8A-B745-091A05268999} - System32\Tasks\Opera scheduled Autoupdate 1427635019 => C:\Users\Aziza\AppData\Local\Programs\Opera\launcher.exe [2016-04-28] (Opera Software) Task: {74B02AE7-B222-4FD6-A550-2444C61D550D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {7A9C6702-616E-479E-A47E-140B5CC58661} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {86FDE8EE-F9A1-4D0E-8066-0E3C86D7F05A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {8CCC6164-95F9-456C-B1C4-085B2BAB8901} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {90887EF0-1C10-43DD-81D9-03145CBEF6FF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {91CB269B-BF9F-4192-B2E7-820C85BF8D2D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {91E77B5D-AB28-4644-A7F1-F70203C89C0D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {9DC2284F-F7E5-452B-A579-A61D02E74F0C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {A980E9A5-764A-430A-9896-3BA6BDD9D68D} - System32\Tasks\Обновление Браузера Яндекс => C:\Users\Aziza\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-04-18] (YANDEX LLC) Task: {AF8557CF-C020-46FF-8CAF-62B0D077E343} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-22] (Microsoft Corporation) Task: {B1E6618F-24DB-45E5-B17B-FF25DC1DF8C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-21] (Adobe Systems Incorporated) Task: {B6F2AC0C-A5DB-4D38-B5AC-78C94B183EDA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {B9CEB425-B051-4FF8-B232-A6639914D595} - System32\Tasks\Обновление Браузера Яндекс => C:\Users\Aziza\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2016-04-18] (YANDEX LLC) Task: {BF49698C-208E-4ADA-9D68-596C02EFE74B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {CAA123A3-E08B-4C0C-9E69-62BA61605578} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {CB8D4910-F742-4368-81C9-945451C89658} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {CC71A83F-3C6F-4952-8128-DE47B25B2E31} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {D83E774B-639A-4C04-A4E5-0B748CF06364} - System32\Tasks\{E9C5E3D6-0CAA-4AFB-BBA9-DD0CE5033497} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.1.0.105/ru/abandoninstall?page=tsProgressBar Task: {DA5261B3-2A69-4BA4-8B5B-9211B5C6F612} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {E1C391E6-E763-4176-B055-0E902D252D9D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {EB591647-3C8C-420B-B1CB-C991F132BDC5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F500A4D5-360F-4335-8DCF-7186F3402AE8} - System32\Tasks\DNSPLUM => dnsplum.exe <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Обновление Браузера Яндекс .job => C:\Users\27972\AppData\Local\Yandex\YandexBrowser\Application\browser.exe Task: C:\WINDOWS\Tasks\Обновление Браузера Яндекс.job => C:\Users\Aziza\AppData\Local\Yandex\YandexBrowser\Application\browser.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2014-12-13 23:00 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-04-27 08:14 - 2016-04-27 08:14 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-27 08:14 - 2016-04-27 08:14 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-07-01 00:23 - 2016-07-01 00:23 - 00959168 _____ () C:\Users\27972\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll 2015-01-26 20:17 - 2015-01-09 19:52 - 01300768 _____ () C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll 2016-06-30 23:30 - 2016-06-30 23:30 - 05031744 _____ () C:\Users\27972\AppData\Local\Yandex\SearchBand\Application\1.7.0.391\searchband64.dll 2016-04-27 08:14 - 2016-04-27 08:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-04-27 08:14 - 2016-04-27 08:14 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-04-27 08:14 - 2016-04-27 08:14 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-04-27 08:14 - 2016-04-27 08:14 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-04-27 08:14 - 2016-04-27 08:14 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-04-27 08:14 - 2016-04-27 08:14 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-06-30 23:30 - 2016-06-30 23:30 - 02101568 _____ () C:\Users\27972\AppData\Local\Yandex\SearchBand\Application\1.7.0.391\searchbandapp64.exe 2016-06-30 23:29 - 2016-06-30 23:29 - 00329536 _____ () C:\Users\27972\AppData\Local\Yandex\SearchBand\Application\1.7.0.391\phrasespotter64.dll 2016-06-10 16:06 - 2014-12-11 12:08 - 07580160 _____ () C:\Users\27972\AppData\Local\Sippoint\Sippoint.exe 2016-07-01 20:28 - 2016-06-16 16:39 - 00302944 _____ () C:\Users\27972\AppData\Roaming\Yandex\YandexDisk\libpng14-14-x64.dll 2016-07-01 20:28 - 2016-06-16 16:39 - 00187744 _____ () C:\Users\27972\AppData\Roaming\Yandex\YandexDisk\zlib1-x64.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2015-08-21 22:09 - 2015-08-21 22:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2016-04-19 17:35 - 2016-04-19 17:36 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-04-27 08:14 - 2016-04-27 08:14 - 03081568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll 2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 16.0.1\kpcengine.2.3.dll 2016-06-30 23:41 - 2016-06-30 23:42 - 00679624 _____ () C:\Users\27972\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll 2016-06-10 16:06 - 2013-12-10 15:14 - 00393216 _____ () C:\Users\27972\AppData\Local\Sippoint\opus.dll 2016-02-23 10:04 - 2016-02-23 10:04 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2016-02-23 10:06 - 2016-02-23 10:06 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2016-04-19 17:35 - 2016-04-19 17:36 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 17:35 - 2016-04-19 17:36 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-06-28 23:52 - 2016-06-22 11:47 - 01740096 _____ () C:\Users\27972\AppData\Local\Yandex\YandexBrowser\Application\50.0.2661.30117\libglesv2.dll 2016-06-28 23:52 - 2016-06-22 11:46 - 00087360 _____ () C:\Users\27972\AppData\Local\Yandex\YandexBrowser\Application\50.0.2661.30117\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 82.163.142.7 - 95.211.158.134 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^27972^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Punto Switcher.lnk => C:\Windows\pss\Punto Switcher.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BNM => C:\Users\27972\AppData\Local\Beeline Network Manager\notifier.exe MSCONFIG\startupreg: BNM Updater => C:\Users\27972\AppData\Local\Beeline Network Manager\updater\chp.exe cmd.exe /c ""C:\Users\27972\AppData\Local\Beeline Network Manager\updater\bash-run.bat" "beeline-wizard-updater"" MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload MSCONFIG\startupreg: MailRuUpdater => C:\Users\27972\AppData\Local\MailRu\MailRuUpdater.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SyncManPath => "C:\Users\27972\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" -autostart MSCONFIG\startupreg: YandexElements => "C:\Program Files (x86)\Yandex\Common\elements64.exe" /auto HKLM\...\StartupApproved\Run32: => "PlaysTV" HKLM\...\StartupApproved\Run32: => "Raptr" HKU\S-1-5-21-2825347086-2981257662-4213469737-1000\...\StartupApproved\Run: => "NevoDRM" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{452BBE58-C6A0-4661-BC71-7499BAB9CA5D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [UDP Query User{B8AA99B5-2ECA-4691-A3D1-8CF81B99719D}C:\users\27972\appdata\local\sippoint\sippoint.exe] => (Allow) C:\users\27972\appdata\local\sippoint\sippoint.exe FirewallRules: [TCP Query User{2E1156B9-7B35-4152-9964-736D323E30B3}C:\users\27972\appdata\local\sippoint\sippoint.exe] => (Allow) C:\users\27972\appdata\local\sippoint\sippoint.exe FirewallRules: [{94B1E585-5D07-4C58-B13A-C9DEA0D6EF85}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{3C6A20C9-C8EA-446C-9AC4-49DE154D59A8}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{BF535322-DBFC-4CE4-A761-8B2445A04916}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{3524E9E2-07AA-4D8D-A196-8BC6BD81B301}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{C1DAF12A-4B78-47AF-A066-41D19DE00559}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{6611CB01-CBFA-4588-8D22-A2616C6A72F6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{080ABD00-B1DF-49C5-854D-EBCC19CE51D1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{0233C0AB-854A-449A-9D23-C82D6D478954}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{3F0D7C69-E8CF-4CA5-87BA-2B91DBD71266}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{1B2308E9-61B2-4196-A6B0-02AA9C6317A9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{5655711D-83F1-4997-93E3-C220CC886544}] => (Allow) C:\Users\27972\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{0FE1E9FA-E6BA-4F51-BDA9-BB4A6BB4B419}] => (Allow) C:\Users\Sonya\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E35A966A-1138-499E-B0BF-172172342736}] => (Allow) C:\Users\Sonya\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0161ECFF-509B-4DF8-83DA-189DCE9F7740}] => (Allow) LPort=1900 FirewallRules: [{188BB2CB-D332-4ADA-BC21-26DEAFED28CE}] => (Allow) LPort=2869 FirewallRules: [{7DB12DC4-7117-466D-8E97-250C99EE47C1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{B2515DE6-1FBC-45B2-85C4-472FF52A0852}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{F30289C6-CA0F-4E0D-92F6-A492534E882A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{C4794A36-0236-405C-A934-A231FC59CF10}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{381472A3-3973-43D2-B348-5812AC4CA8BA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{841703F9-23F9-4ECD-A9D8-DA7435558F96}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{867E74C6-BA1E-496C-9941-3EEAAE6A9635}] => (Allow) C:\Users\27972\AppData\Local\TNT2\2.0.0.1995\TNT2User.exe FirewallRules: [{53A4E74B-F476-4903-A7D6-02B5FCCE3A40}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe FirewallRules: [{A6656C16-9533-45E2-84B2-0D8BFDFFE242}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe ==================== Restore Points ========================= 04-07-2016 09:54:34 Запланированная контрольная точка 05-07-2016 16:16:24 oszone11 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/05/2016 04:17:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Сбой служб шифрования в ходе обработки вызова OnIdentity() в объекте "Системный модуль записи". Details: AddLegacyDriverFiles: Unable to back up image of binary Протокол Microsoft LLDP. System Error: Отказано в доступе. . Error: (07/05/2016 03:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZIZA) Description: Сбой активации приложения Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. Ошибка: -2144927142. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational. Error: (07/05/2016 01:58:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Имя сбойного приложения: pmropn.exe, версия: 1.3.337.376, метка времени: 0x571a7ffa Имя сбойного модуля: pmropn.exe, версия: 1.3.337.376, метка времени: 0x571a7ffa Код исключения: 0xc0000005 Смещение ошибки: 0x000c63ce Идентификатор сбойного процесса: 0x30fc Время запуска сбойного приложения: 0xpmropn.exe0 Путь сбойного приложения: pmropn.exe1 Путь сбойного модуля: pmropn.exe2 Идентификатор отчета: pmropn.exe3 Полное имя сбойного пакета: pmropn.exe4 Код приложения, связанного со сбойным пакетом: pmropn.exe5 Error: (07/05/2016 03:27:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Имя сбойного приложения: pmropn.exe, версия: 1.3.337.376, метка времени: 0x571a7ffa Имя сбойного модуля: ntdll.dll, версия: 10.0.10586.122, метка времени: 0x56cc16f5 Код исключения: 0xc0000005 Смещение ошибки: 0x00044f55 Идентификатор сбойного процесса: 0x1658 Время запуска сбойного приложения: 0xpmropn.exe0 Путь сбойного приложения: pmropn.exe1 Путь сбойного модуля: pmropn.exe2 Идентификатор отчета: pmropn.exe3 Полное имя сбойного пакета: pmropn.exe4 Код приложения, связанного со сбойным пакетом: pmropn.exe5 Error: (07/05/2016 12:07:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZIZA) Description: Сбой активации приложения Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. Ошибка: -2144927141. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational. Error: (07/04/2016 11:10:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZIZA) Description: Сбой активации приложения Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. Ошибка: -2147024865. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational. Error: (07/04/2016 11:10:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZIZA) Description: Сбой активации приложения Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. Ошибка: -2144927141. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational. Error: (07/04/2016 09:54:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Сбой служб шифрования в ходе обработки вызова OnIdentity() в объекте "Системный модуль записи". Details: AddLegacyDriverFiles: Unable to back up image of binary Протокол Microsoft LLDP. System Error: Отказано в доступе. . Error: (07/04/2016 07:58:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AZIZA) Description: Сбой активации приложения Microsoft.Windows.Photos_8wekyb3d8bbwe!App. Ошибка: -2144927141. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational. Error: (07/04/2016 07:58:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: AZIZA) Description: Работа пакета Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy+CortanaUI завершена, так как его приостановка заняла слишком много времени. System errors: ============= Error: (07/05/2016 10:31:46 PM) (Source: disk) (EventID: 11) (User: ) Description: Драйвер обнаружил ошибку контроллера \Device\Harddisk3\DR3. Error: (07/05/2016 08:13:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/05/2016 03:40:28 PM) (Source: DCOM) (EventID: 10010) (User: AZIZA) Description: {14286318-B6CF-49A1-81FC-D74AD94902F9} Error: (07/05/2016 03:35:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Служба Kaspersky Anti-Virus Service 16.0.1 была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 10000 мсек: Перезапуск службы. Error: (07/05/2016 03:35:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "PlaysService" из-за ошибки %%1053 = Служба не ответила на запрос своевременно. Error: (07/05/2016 03:35:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "PlaysService". Error: (07/05/2016 03:34:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Служба "NetTcpActivator" является зависимой от службы "NetTcpPortSharing", которую не удалось запустить из-за ошибки %%1058 = Указанная служба не может быть запущена, так как отключена либо она сама, либо все связанные с ней устройства. Error: (07/05/2016 03:32:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Служба хранения данных пользователя_3af09". Error: (07/05/2016 03:32:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Синхронизация узла_3af09". Error: (07/05/2016 03:32:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Служба Служба доступа к данным пользователя_3af09 была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 10000 мсек: Перезапуск службы. CodeIntegrity: =================================== Date: 2016-06-30 23:03:20.685 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-30 22:53:58.298 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-30 22:15:05.248 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD E-350D APU with Radeon(tm) HD Graphics Percentage of memory in use: 88% Total physical RAM: 1636.8 MB Available physical RAM: 188.56 MB Total Virtual: 4906.9 MB Available Virtual: 990.61 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:318.74 GB) (Free:177.34 GB) NTFS Drive k: (Data) (Fixed) (Total:146.48 GB) (Free:143.2 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8387D04D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=318.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================