Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2017 01 Ran by Михаил (03-10-2017 21:53:28) Running from C:\Users\Михаил\Downloads Windows 10 Enterprise 2016 LTSB Version 1607 (X64) (2017-05-11 13:08:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= DefaultAccount (S-1-5-21-3820472979-4027493990-276356326-503 - Limited - Disabled) defaultuser0 (S-1-5-21-3820472979-4027493990-276356326-1000 - Limited - Disabled) => C:\Users\defaultuser0 Администратор (S-1-5-21-3820472979-4027493990-276356326-500 - Administrator - Disabled) Гость (S-1-5-21-3820472979-4027493990-276356326-501 - Limited - Disabled) Михаил (S-1-5-21-3820472979-4027493990-276356326-1001 - Administrator - Enabled) => C:\Users\Михаил ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) AIDA64 Extreme v5.80 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.80 - FinalWire Ltd.) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.69 - NVIDIA Corporation) Hidden Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform) Cross Fire (HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\Cross Fire) (Version: 1.190 - Mail.Ru) Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform) Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc) ESET Smart Security (HKLM\...\{C7486A64-950C-48E8-9EC6-E6EDFECF530C}) (Version: 10.1.219.1 - ESET, spol. s r.o.) Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version: - ) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation) iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.) Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) K-Lite Codec Pack 13.1.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.1.6 - KLCP) Microsoft Office профессиональный плюс 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{0513c9cf-7191-45a7-ace9-ecdad03c93a4}) (Version: 12.0.40660.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{10dc8dbf-d3d7-4e23-be07-120fe5c66b78}) (Version: 12.0.40660.0 - Корпорация Майкрософт) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f3065a98-e387-4588-a776-9875d73bc533}) (Version: 14.10.25008.0 - Корпорация Майкрософт) Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{594d4687-f909-4f12-8aef-b54c99f55d11}) (Version: 14.10.25008.0 - Корпорация Майкрософт) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0a1 - Mozilla) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) Need for Speed - Most Wanted (HKLM-x32\...\Need for Speed - Most Wanted_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter) Nightly 58.0a1 (x64 ru) (HKLM\...\Nightly 58.0a1 (x64 ru)) (Version: 58.0a1 - Mozilla) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team) NVIDIA Графический драйвер 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.69 - NVIDIA Corporation) NVIDIA Системное программное обеспечение PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) OpenIV (HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\OpenIV) (Version: 2.9.906 - .black/OpenIV Team) Qualcomm USB Drivers For Windows (HKLM-x32\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.37 - QUALCOMM Incorporated) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games) Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.) StartIsBack++ (HKLM-x32\...\StartIsBack) (Version: 2.0.5 - startisback.com) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH) Telegram Desktop version 1.1.23 (HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.23 - Telegram Messenger LLP) Total Commander (HKLM-x32\...\Total Commander 9.0a 2017.5) (Version: - ) Vegas Pro 13.0 (64-bit) (HKLM\...\{77CEFB5E-CCC3-11E4-8043-F04DA23A5C58}) (Version: 13.0.444 - Sony) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden Warface (HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\Warface) (Version: 1.194 - Mail.Ru) WinRAR 5.40 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM-x32\...\{90160000-001F-0422-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Игровой центр (HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\GameCenterMailRu) (Version: 3.1275 - ООО Мэйл.Ру) Пакет драйверов Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) Пакет драйверов Windows - Realtek Semiconductor Corp. (RTL8023x64) Net (01/23/2014 6.112.0123.2014) (HKLM\...\DB28FC8E2FC77959B4D7BD6C36AFA4A1116509C5) (Version: 01/23/2014 6.112.0123.2014 - Realtek Semiconductor Corp.) Панель управления NVIDIA 385.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 385.69 - NVIDIA Corporation) Hidden Поддержка программ Apple (x64) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.) Поддержка программ Apple (x86) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.) Программное обеспечение Intel® Chipset Device (HKLM-x32\...\{49bc1e38-39b4-4728-9e75-cbe67ba9a329}) (Version: 10.1.1.42 - Intel(R) Corporation) Hidden Средства проверки правописания Microsoft Office 2016 — русский (HKLM-x32\...\{90160000-001F-0419-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-03-08] () ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd) ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-06-13] (ESET) ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\PROGRA~2\PrivaZer\PRIVAM~1.DLL -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-06-13] (ESET) ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\PROGRA~2\PrivaZer\PRIVAM~1.DLL -> No File ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\PROGRA~2\PrivaZer\PRIVAM~1.DLL -> No File ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\PROGRA~2\PrivaZer\PRIVAM~1.DLL -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-09-16] (NVIDIA Corporation) ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd) ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-06-13] (ESET) ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => C:\PROGRA~2\PrivaZer\PRIVAM~1.DLL -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) FolderExtensions: [] -> {27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5} => C:\OldNewExplorer\OldNewExplorer64.dll [2017-05-11] (www.startisback.com) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {4539A814-CB1C-45ED-AA47-732D42CD63A6} - \KMSAuto -> No File <==== ATTENTION Task: {4DD4ED84-4A65-4CF1-94CB-8243868C4B83} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\Explorer.EXE /NOUACCHECK Task: {5B8D6A6A-C901-422C-9F1A-760D7381FCF6} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2016-10-24] () Task: {5FFED88E-B4D0-454A-9A3A-7302C4B2EF88} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd) Task: {A5BE7B01-468A-46F3-B132-3124443BA59F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {A69DC0FC-EFD2-42A6-83DE-71EE41433936} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {AB41ECBA-B315-4FB2-91F5-1C4BB483F4BB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {C17392FA-D37C-4B3D-B908-2E5FDCDAC030} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe Task: {E73D142A-84FB-4ED3-B4A5-4953BCD7ED61} - System32\Tasks\StartIsBack health check => C:\Program Files (x86)\StartIsBack\startscreen.exe [2017-04-14] (www.startisback.com) Task: {F2C56599-D9A1-4014-B545-BE155C43847D} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-05-10] () Task: {F3B424E3-99A0-4F92-9574-FF815D3E9EE5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Михаил\Desktop\Игровой центр Mail.Ru.lnk -> C:\Users\Михаил\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (LLC Mail.Ru) <==== Cyrillic Shortcut: C:\Users\Михаил\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru\Игровой центр Mail.Ru\Игровой центр Mail.Ru.lnk -> C:\Users\Михаил\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe (LLC Mail.Ru) <==== Cyrillic Shortcut: C:\Users\Михаил\AppData\Roaming\Microsoft\Windows\SendTo\Передача файлов через Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 17:42 - 2016-07-16 17:42 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll 2017-05-11 23:54 - 2017-04-28 06:49 - 002681200 _____ () C:\Windows\system32\CoreUIComponents.dll 2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-05-09 00:44 - 2017-05-09 00:44 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-05-01 14:22 - 2017-05-01 14:22 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-05-01 14:22 - 2017-05-01 14:22 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-08 08:42 - 2017-03-08 08:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2017-09-27 17:31 - 2017-09-27 17:31 - 000144896 _____ () C:\Users\Михаил\AppData\Local\Mail.Ru\GameCenter\zlib1.dll 2017-09-27 17:31 - 2017-09-27 17:31 - 000076192 _____ () C:\Users\Михаил\AppData\Local\Mail.Ru\GameCenter\pxd.dll 2017-09-27 17:31 - 2017-09-27 17:31 - 000249760 _____ () C:\Users\Михаил\AppData\Local\Mail.Ru\GameCenter\LightUpdate.dll 2017-09-27 17:31 - 2017-09-27 17:31 - 002495952 _____ () C:\Users\Михаил\AppData\Local\Mail.Ru\GameCenter\BigUp2.dll 2016-05-24 00:36 - 2016-05-24 00:36 - 048962048 _____ () C:\Users\Михаил\AppData\Local\Mail.Ru\GameCenter\Chrome\3.2623.1401\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:07BF512B [150] AlternateDataStreams: C:\Users\Все пользователи\TEMP:07BF512B [150] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 17:47 - 2017-10-02 21:12 - 000003024 _____ C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 choice.microsoft.com 0.0.0.0 choice.microsoft.com.nstac.net 0.0.0.0 df.telemetry.microsoft.com 0.0.0.0 oca.telemetry.microsoft.com 0.0.0.0 oca.telemetry.microsoft.com.nsatc.net 0.0.0.0 redir.metaservices.microsoft.com 0.0.0.0 reports.wes.df.telemetry.microsoft.com 0.0.0.0 services.wes.df.telemetry.microsoft.com 0.0.0.0 settings-sandbox.data.microsoft.com 0.0.0.0 settings-win.data.microsoft.com 0.0.0.0 sqm.df.telemetry.microsoft.com 0.0.0.0 sqm.telemetry.microsoft.com 0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 0.0.0.0 telecommand.telemetry.microsoft.com 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 0.0.0.0 telemetry.appex.bing.net 0.0.0.0 telemetry.microsoft.com 0.0.0.0 telemetry.urs.microsoft.com 0.0.0.0 vortex-sandbox.data.microsoft.com 0.0.0.0 vortex-win.data.microsoft.com 0.0.0.0 vortex.data.microsoft.com 0.0.0.0 watson.telemetry.microsoft.com 0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 0.0.0.0 watson.ppe.telemetry.microsoft.com 0.0.0.0 wes.df.telemetry.microsoft.com 0.0.0.0 vortex-bn2.metron.live.com.nsatc.net 0.0.0.0 vortex-cy2.metron.live.com.nsatc.net 0.0.0.0 watson.live.com 0.0.0.0 watson.microsoft.com 0.0.0.0 feedback.search.microsoft.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3820472979-4027493990-276356326-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Михаил\Downloads\makro-priroda-paporotnik-vetki-listia-zelenyi-fon.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 3 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: NvContainerLocalSystem => 2 MSCONFIG\Services: NvContainerNetworkService => 3 MSCONFIG\Services: NvTelemetryContainer => 2 MSCONFIG\Services: qcmtusvc => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: ss_conn_service => 2 HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\StartupApproved\Run: => "VtopeBot" HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-3820472979-4027493990-276356326-1001\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{09F2A0C8-6901-410F-8537-D8468D44A34B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe FirewallRules: [{BF462CA3-F0F6-4FD5-878B-F2E92EB3D756}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe FirewallRules: [{AFC7D0B2-A167-443D-B470-82E14B5ECB83}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe FirewallRules: [{B3A72A02-5637-41CF-A0D8-6FB5150FB86C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe FirewallRules: [{8B459ED5-AE67-4D5A-A453-A75143AAD3D8}] => (Allow) C:\Users\Михаил\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CA12B9E2-4A36-48E5-8249-EF9A5DC626B5}] => (Allow) C:\Users\Михаил\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{41E7A1E0-A933-4CF8-A412-9F38072B90F8}] => (Allow) C:\Users\Михаил\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{648C2AE8-429C-453A-A465-B6B63EE684C9}] => (Allow) C:\Users\Михаил\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0782DF66-E63B-4FC0-8B3C-03DC2586D6F9}] => (Allow) C:\Users\Михаил\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{684652DE-C72A-4B5C-8EC9-3E0106D5A0FD}] => (Allow) C:\Users\Михаил\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F60F59FB-6AB0-47D4-AFAE-7908F8F80372}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5967CBCF-3C27-4CCC-AC08-21C22BD180ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B216913D-BEC3-40F5-8DCB-095660713A5B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{45B30CD0-AA16-4E55-96B4-5233974A16BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{5C8EB078-F722-48BA-83E5-3BB8E6B85346}C:\users\михаил\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\михаил\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe FirewallRules: [UDP Query User{8473D611-F75A-442E-862B-7DFB1B3C1613}C:\users\михаил\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\михаил\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe FirewallRules: [{AFAC194E-8942-471E-AD58-AE01D4A6BAFC}] => (Allow) LPort=1688 FirewallRules: [{82570B71-2494-4A08-AE30-697622E967AF}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{8EE267DD-9093-42BE-8A3A-0882F14580A6}] => (Allow) C:\Program Files (x86)\CentBrowser\Application\chrome.exe FirewallRules: [{9CF8168F-0308-4AE8-883A-9E11E026DBED}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{B8DA37FB-4D7E-4C21-B337-F6CDEB0411D3}E:\games\grand theft auto v\gta5.exe] => (Block) E:\games\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{89D3C6D1-8713-4337-B048-220A842481DA}E:\games\grand theft auto v\gta5.exe] => (Block) E:\games\grand theft auto v\gta5.exe FirewallRules: [{87865813-D212-4370-BE83-4482F9BEC644}] => (Allow) E:\Games\Grand Theft Auto V\GTA5.exe FirewallRules: [{0A2D05D4-0174-471C-99BA-5336E33B0CF7}] => (Allow) E:\Games\Grand Theft Auto V\GTA5.exe FirewallRules: [{129F5E30-7FFA-4396-8432-EFCD6D6DD8F8}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{E4D7F07F-0F44-46CC-8F33-EF4C5695B1C6}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{A808DBAF-56E4-459F-A39C-EB8F321EAF19}] => (Allow) C:\Program Files (x86)\CentBrowser\Application\chrome.exe FirewallRules: [{815FF3AF-3955-416C-A5FD-CD047E93A551}] => (Allow) E:\GamesMailRu\Cross Fire\launcher.exe FirewallRules: [{BA0E6175-20C6-4CE5-8A60-DA630D6B891A}] => (Allow) E:\GamesMailRu\Cross Fire\launcher.exe FirewallRules: [{A1EFF4F9-DDE6-4EE8-AEC8-E05C4FE420DE}] => (Allow) C:\Program Files\Nightly\firefox.exe FirewallRules: [{3B09B817-6354-4907-8E6C-EF972C5F5479}] => (Allow) C:\Program Files\Nightly\firefox.exe FirewallRules: [{20079242-FD89-4187-8A9B-307025CF8A86}] => (Allow) C:\Program Files\Nightly\firefox.exe FirewallRules: [{41B2D484-1003-41F5-909F-AFB6D6E4E424}] => (Allow) C:\Program Files\Nightly\firefox.exe ==================== Restore Points ========================= 27-09-2017 20:36:01 Запланированная контрольная точка 01-10-2017 04:04:32 Removed System Center Management Pack-Windows Server OS (RUS) 02-10-2017 21:28:10 Revo Uninstaller Pro's restore point - HP LaserJet 1020 Series 02-10-2017 21:29:43 Revo Uninstaller Pro's restore point - HP LaserJet 1020 Series 02-10-2017 21:31:32 Revo Uninstaller Pro's restore point - Opera Stable 45.0.2552.635 02-10-2017 21:32:09 Revo Uninstaller Pro's restore point - Spybot Anti-Beacon ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/03/2017 09:18:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-O9CN8JU) Description: Сбой активации приложения Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. Ошибка: -2147024894. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational. Error: (10/03/2017 09:18:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-O9CN8JU) Description: Сбой активации приложения Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. Ошибка: -2147024894. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational. Error: (10/03/2017 09:18:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-O9CN8JU) Description: Сбой активации приложения Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. Ошибка: -2147024894. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational. Error: (10/03/2017 09:18:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-O9CN8JU) Description: Сбой активации приложения Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. Ошибка: -2147024894. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational. Error: (10/03/2017 09:18:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-O9CN8JU) Description: Сбой активации приложения Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. Ошибка: -2147024894. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational. Error: (10/03/2017 09:18:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-O9CN8JU) Description: Сбой активации приложения Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI. Ошибка: -2147024894. Дополнительные сведения см. в журнале Microsoft-Windows-TWinUI/Operational. System errors: ============= Error: (10/03/2017 09:18:25 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-O9CN8JU) Description: Параметры разрешений по умолчанию для компьютера не дают разрешения Локально Активация для приложения COM-сервера с CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} и APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} пользователю DESKTOP-O9CN8JU\Михаил с ИД безопасности (S-1-5-21-3820472979-4027493990-276356326-1001) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy с ИД безопасности (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов. Error: (10/03/2017 09:18:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O9CN8JU) Description: Не удалось запустить DCOM-сервер: CortanaUI как Недоступно/Недоступно.Ошибка: "2" Произошла при запуске команды: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca Error: (10/03/2017 09:18:19 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O9CN8JU) Description: Не удалось запустить DCOM-сервер: CortanaUI как Недоступно/Недоступно.Ошибка: "2" Произошла при запуске команды: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca Error: (10/03/2017 09:18:17 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O9CN8JU) Description: Не удалось запустить DCOM-сервер: CortanaUI как Недоступно/Недоступно.Ошибка: "2" Произошла при запуске команды: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca Error: (10/03/2017 09:18:15 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O9CN8JU) Description: Не удалось запустить DCOM-сервер: CortanaUI как Недоступно/Недоступно.Ошибка: "2" Произошла при запуске команды: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca Error: (10/03/2017 09:18:13 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O9CN8JU) Description: Не удалось запустить DCOM-сервер: CortanaUI как Недоступно/Недоступно.Ошибка: "2" Произошла при запуске команды: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca Error: (10/03/2017 09:18:11 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O9CN8JU) Description: Не удалось запустить DCOM-сервер: CortanaUI как Недоступно/Недоступно.Ошибка: "2" Произошла при запуске команды: "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca Error: (10/03/2017 09:18:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Служба "CDPUserSvc_2b179" завершена из-за ошибки Неопознанная ошибка Error: (10/03/2017 09:17:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Служба "Помощник по подключению к сети" является зависимой от службы "Вспомогательная служба IP", которую не удалось запустить из-за ошибки Указанная служба не может быть запущена, так как отключена либо она сама, либо все связанные с ней устройства. Error: (10/03/2017 09:17:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Служба "BitStreamSvc" завершена из-за ошибки Не удается найти указанный файл. CodeIntegrity: =================================== Date: 2017-10-03 21:52:17.628 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-03 21:52:17.626 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-03 21:42:17.102 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-03 21:42:17.100 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-03 21:30:15.428 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-03 21:30:15.427 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-03 21:20:18.640 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-03 21:20:18.638 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-03 21:19:49.072 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-10-03 21:19:49.071 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz Percentage of memory in use: 38% Total physical RAM: 6103.77 MB Available physical RAM: 3757.88 MB Total Virtual: 17127.77 MB Available Virtual: 14353.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:78.03 GB) (Free:44.56 GB) NTFS Drive d: () (Fixed) (Total:184.06 GB) (Free:147.66 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:387.63 GB) (Free:146.94 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: C5301B90) Partition 1: (Active) - (Size=184.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5400954C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=387.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================