Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Герберт (25-05-2018 23:36:53)
Running from C:\Users\Герберт\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-06-03 08:25:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

HomeGroupUser$ (S-1-5-21-3698359554-1639482360-1336285663-1002 - Limited - Enabled)
Администратор (S-1-5-21-3698359554-1639482360-1336285663-500 - Administrator - Disabled)
Герберт (S-1-5-21-3698359554-1639482360-1336285663-1001 - Administrator - Enabled) => C:\Users\Герберт
Гость (S-1-5-21-3698359554-1639482360-1336285663-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3698359554-1639482360-1336285663-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 9.6.0.1367 - 360 Security Center)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
AIDA64 Extreme v5.97 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.97 - FinalWire Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.5.1 - Advanced Micro Devices, Inc.)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.1.7.1 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.1.7.1 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.031 - ASUSTek Computer Inc.)
Bloody6 (HKLM-x32\...\Bloody3) (Version: 18.03.0002 - Bloody)
Discord (HKU\S-1-5-21-3698359554-1639482360-1336285663-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
FastStone Capture v8.0 (HKLM-x32\...\FastStone Capture v8.0) (Version: v8.0 - VseTop.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.1.1049 - Foxit Software Inc.)
Furmark, версия 1.20.0.1 (HKLM-x32\...\{0009B29F-A748-22B8-BF6E-76461B153423}_is1) (Version: 1.20.0.1 - Furmark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
ICQ (версия 10.0.12331) (HKU\S-1-5-21-3698359554-1639482360-1336285663-1001\...\icq.desktop) (Version: 10.0.12331 - ICQ)
Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Joxi v 3.0.15 (HKLM-x32\...\Joxi_is1) (Version:  - )
KeePass Password Safe 2.38 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.38 - Dominik Reichl)
K-Lite Codec Pack 13.2.4 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.2.4 - KLCP)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.7.02558 - Корпорация Майкрософт)
Microsoft Office стандартный 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 60.0.1 (x64 ru) (HKLM\...\Mozilla Firefox 60.0.1 (x64 ru)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
MSI Afterburner 4.5.0 (HKLM-x32\...\Afterburner) (Version: 4.5.0 - MSI Co., LTD)
OpenOffice 4.1.3 (HKLM-x32\...\{02F9BA51-8D5E-4A4C-861E-64B0602F73BE}) (Version: 4.13.9783 - Apache Software Foundation)
OpenOffice 4.1.3 Language Pack (Russian) (HKLM-x32\...\{92D05FCC-F669-4A45-BBB4-8C9A1E01CC79}) (Version: 4.13.9783 - Apache Software Foundation)
OpenVPN 2.2.0 (HKLM-x32\...\OpenVPN) (Version: 2.2.0 - )
Opera Stable 53.0.2907.68 (HKLM-x32\...\Opera 53.0.2907.68) (Version: 53.0.2907.68 - Opera Software)
QCyber 7.1 Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: Ў°1.0.0.4Ў± - QCyber)
RoboForm 7-9-15-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-15-5 - Siber Systems)
Sades 7.1CH Gaming Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006620}) (Version: 1.00.0010 - SHENZHEN SADES DIGITAL TECHNOLOGY CO.,LTD)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 6.2 - Screaming Frog Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype, версия 8.18 (HKLM-x32\...\Skype_is1) (Version: 8.18 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Telegram Desktop version 1.2.17 (HKU\S-1-5-21-3698359554-1639482360-1336285663-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.17 - Telegram Messenger LLP)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.40 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)
Пакет обеспечения совместимости для выпуска 2007 системы Microsoft Office (HKLM-x32\...\{90120000-0020-0419-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Яндекс.Диск (HKU\S-1-5-21-3698359554-1639482360-1336285663-1001\...\YandexDisk) (Version: 1.4.19.5465 - Яндекс)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3698359554-1639482360-1336285663-1001_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс)
CustomCLSID: HKU\S-1-5-21-3698359554-1639482360-1336285663-1001_Classes\CLSID\{2D6BD2F0-5F84-4a06-924F-AEE0598B6272}\InprocServer32 -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс)
CustomCLSID: HKU\S-1-5-21-3698359554-1639482360-1336285663-1001_Classes\CLSID\{33A431BB-FF15-4047-8FEC-F82FD3523A00}\localserver32 -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe (Яндекс)
CustomCLSID: HKU\S-1-5-21-3698359554-1639482360-1336285663-1001_Classes\CLSID\{63D48440-63AB-44D0-B323-4731DFCDE9E9}\InprocServer32 -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll (Яндекс)
CustomCLSID: HKU\S-1-5-21-3698359554-1639482360-1336285663-1001_Classes\CLSID\{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}\InprocServer32 -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll (Яндекс)
CustomCLSID: HKU\S-1-5-21-3698359554-1639482360-1336285663-1001_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс)
CustomCLSID: HKU\S-1-5-21-3698359554-1639482360-1336285663-1001_Classes\CLSID\{AF8D197E-7022-4c3d-BD88-68AD35C9C169}\InprocServer32 -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll (Яндекс)
CustomCLSID: HKU\S-1-5-21-3698359554-1639482360-1336285663-1001_Classes\CLSID\{E36606FE-036A-4dd0-ABA9-A58F409803F0}\InprocServer32 -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll (Яндекс)
CustomCLSID: HKU\S-1-5-21-3698359554-1639482360-1336285663-1001_Classes\CLSID\{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}\InprocServer32 -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll (Яндекс)
ShellIconOverlayIdentifiers: [    YndCase0Sync] -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2018-02-20] (Яндекс)
ShellIconOverlayIdentifiers: [    YndCase1Modified] -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2018-02-20] (Яндекс)
ShellIconOverlayIdentifiers: [    YndCase2Error] -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2018-02-20] (Яндекс)
ShellIconOverlayIdentifiers: [    YndCase3Shared] -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskOverlays-2398.dll [2018-02-20] (Яндекс)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers1: [Joxi] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\Joxi\jcmext x64.dll [2013-04-11] ()
ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-05-14] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-05-14] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\Joxi\jcmext x64.dll [2013-04-11] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-12-11] (Foxit Software Inc.)
ContextMenuHandlers6: [Joxi] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\Joxi\jcmext x64.dll [2013-04-11] ()
ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-05-14] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3698359554-1639482360-1336285663-1001: [Yandex.Disk] -> {97836AB9-12C5-4C30-A128-B75196DD1787} => C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll [2018-02-20] (Яндекс)
ContextMenuHandlers4_S-1-5-21-3698359554-1639482360-1336285663-1001: [Yandex.Disk] -> {97836AB9-12C5-4C30-A128-B75196DD1787} => C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4724.dll [2018-02-20] (Яндекс)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01EE4996-2992-4F36-A5EA-43871A3A1283} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-06-26] (Siber Systems)
Task: {1937EEE5-AB2D-4D43-BEF9-4A283054B2F0} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2018-04-23] ()
Task: {206A291D-DB7F-444A-B9D4-FB423FC3948A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-06-06] ()
Task: {27861344-3B5B-456E-902D-10A57AAC34B0} - \Microsoft\Windows\User Profile Service\User Profile ServiceTask -> No File <==== ATTENTION
Task: {35E0D8BF-E113-47CF-8D89-AAD85D72694C} - System32\Tasks\Opera scheduled Autoupdate 1496482777 => C:\Program Files\Opera\launcher.exe [2018-05-23] (Opera Software)
Task: {465A399B-B46D-4B63-9DA5-39875364851D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {4C7F4F14-BA1D-4212-BC8E-402612428956} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {6A9D775E-A447-4EDB-8AA1-D6DB6C9C65F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-03] (Google Inc.)
Task: {6D96A5DF-530C-420C-8EC9-4551F1D11FDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-03] (Google Inc.)
Task: {7A9AD1F2-3C68-4499-810D-7EBA37FC9758} - \Open URL by RoboForm -> No File <==== ATTENTION
Task: {8D1D8477-381A-4020-9281-8B354C67DA13} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {8FD376DF-46BE-4B4A-B9CC-D979C657DAAA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {9C234821-40B4-470C-93F7-FF7262D4A3E6} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-18] ()
Task: {C0F0915B-3362-480F-93BA-CAA77660A23F} - \Opera Software Updater2 -> No File <==== ATTENTION
Task: {C8F6EC25-A9FA-4FF0-821E-E84C99F0F2BB} - \Microsoft\Windows\Services\WindowsUpdate32 -> No File <==== ATTENTION
Task: {CBF0582A-6BA7-4948-8B65-08E8BDF181B2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-01-31] (Advanced Micro Devices, Inc.)
Task: {CCCCD298-EEEB-4937-B511-4F2DEEA70847} - System32\Tasks\Opera Software Updater => C:\Users\Р“РµСЂР±РµСЂС‚\AppData\Local\Opera Software\2926940139_123.exe
Task: {F8F5A8C8-4049-4E82-B4E0-8165B64638D4} - \Driver Booster SkipUAC (Герберт) -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Герберт\Links\Яндекс.Диск.lnk -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe (Яндекс) <==== Cyrillic
Shortcut: C:\Users\Герберт\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс.Диск\Скриншоты в Яндекс.Диске.lnk -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskScreenshotEditor.exe (Яндекс) <==== Cyrillic
Shortcut: C:\Users\Герберт\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <==== Cyrillic
Shortcut: C:\Users\Герберт\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <==== Cyrillic
Shortcut: C:\Users\Герберт\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <==== Cyrillic
Shortcut: C:\Users\Герберт\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Браузер Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Браузер Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Браузер Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) <==== Cyrillic

ShortcutWithArgument: C:\Users\Герберт\Desktop\Очистка временных файлов.lnk -> C:\Program Files (x86)\360\Total Security\QHSafeMain.exe (QIHU 360 SOFTWARE CO. LIMITED) -> /runclean <==== Cyrillic
ShortcutWithArgument: C:\Users\Герберт\Desktop\Яндекс.Диск.lnk -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe (Яндекс) -> -desktop <==== Cyrillic
ShortcutWithArgument: C:\Users\Герберт\AppData\Roaming\Microsoft\Word\ТЗ%20для%20ппо%20оттиску306674891803289076\ТЗ%20для%20ппо%20оттиску.docx.lnk -> C:\Users\Герберт\Desktop\ТЗ для ппо оттиску.docx () -> 0 <==== Cyrillic
ShortcutWithArgument: C:\Users\Герберт\AppData\Roaming\Microsoft\Word\ТЗ%20для%20печати%20врача306674850226033461\ТЗ%20для%20печати%20врача.docx.lnk -> C:\Users\Герберт\Desktop\ТЗ для печати врача.docx () -> 0 <==== Cyrillic
ShortcutWithArgument: C:\Users\Герберт\AppData\Roaming\Microsoft\Word\Внешняя%20оптимизация306670743932223436\Внешняя%20оптимизация.docx.lnk -> C:\Users\Герберт\Downloads\Telegram Desktop\Внешняя оптимизация.docx () -> 0 <==== Cyrillic
ShortcutWithArgument: C:\Users\Герберт\AppData\Roaming\Microsoft\Word\Анализ%20ссылочной%20массы306670720857280835\Анализ%20ссылочной%20массы.doc.lnk -> D:\XXX\Облако\Анализ ссылочной массы.doc () -> 12 <==== Cyrillic
ShortcutWithArgument: C:\Users\Герберт\AppData\Roaming\Microsoft\Word\Анализ%206%20класс306674463644263733\Анализ%206%20класс.doc.lnk -> D:\моя\школа\анализ конт.срез\Анализ 6 класс.doc () -> 12 <==== Cyrillic
ShortcutWithArgument: C:\Users\Герберт\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс.Диск\Яндекс.Диск.lnk -> C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe (Яндекс) -> -desktop <==== Cyrillic
ShortcutWithArgument: C:\Users\Герберт\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Герберт\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2015-08-18 21:31 - 2015-08-18 21:31 - 000048640 _____ () C:\Windows\SysWOW64\ASGT.exe
2018-05-23 22:01 - 2018-03-21 23:08 - 000015360 _____ () C:\ProgramData\Microsoft\SpwiControl\4_7_1\SpwiControl.exe
2017-07-12 13:22 - 2017-07-12 13:22 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-07-12 13:22 - 2017-07-12 13:22 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-06-03 12:37 - 2018-05-14 14:25 - 000567904 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2018-05-23 22:02 - 000001383 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.2	custom-host
127.0.0.2	www.custom
127.0.0.2	custom
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3698359554-1639482360-1336285663-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Герберт\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.3.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayIt!.lnk => C:\Windows\pss\TrayIt!.lnk.CommonStartup
MSCONFIG\startupreg: Bloody2 => "C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe" Minimum
MSCONFIG\startupreg: Cm108Sound => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
MSCONFIG\startupreg: Cm6620Sound => "C:\Program Files\Sades 7.1CH Gaming Headset\CPL\FaceLift_x64.exe" /h /d
MSCONFIG\startupreg: Discord => C:\Users\Герберт\AppData\Local\Discord\app-0.0.300\Discord.exe
MSCONFIG\startupreg: GameCenterMailRu => "C:\Users\Герберт\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe" -autostart
MSCONFIG\startupreg: icq.desktop => "C:\Users\Герберт\AppData\Roaming\ICQ\bin\icq.exe" /startup
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: openvpn-gui => C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe
MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: Skype => "c:\program files (x86)\skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SyncManPath => "C:\Users\Герберт\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" -autostart
MSCONFIG\startupreg: uTorrent => "C:\Users\Герберт\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E269F411-0251-45B5-82EC-31D58596304C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DE153A3F-656E-4B49-AB13-767CD12A285B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{43558BE0-F28A-4035-A0F2-248810A4C8E5}] => (Allow) C:\Users\Герберт\Downloads\uTorrent.exe
FirewallRules: [{D9F146E0-FD89-4305-AA43-D26D83CCD112}] => (Allow) C:\Users\Герберт\Downloads\uTorrent.exe
FirewallRules: [{4E58B24A-2CC9-407C-8EBC-1B9F756544C7}] => (Allow) C:\Users\Герберт\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DFBF06F7-E59A-4A83-B375-925B88CD236E}] => (Allow) C:\Users\Герберт\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2A920316-5A86-42F0-B09B-59A9D1007108}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{23C5E0EF-9447-4FF2-B0F4-8DF1E4597AB7}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{6AF5A9A7-0B1D-4F78-96C7-1395C62848C5}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{42C603F9-E5AD-4E90-A5C8-1B619B531BC6}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{B30C6974-F5D0-482B-8C8C-5C542575111F}] => (Allow) D:\Games\Steam.exe
FirewallRules: [{1F7E034C-25A6-43A5-AF39-E23EE2C59ADB}] => (Allow) D:\Games\Steam.exe
FirewallRules: [{17427BA3-83D6-4E26-A20B-0158A119ED41}] => (Allow) D:\Games\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7CA3E37C-E687-4823-B0B7-BDF0DD24EAF8}] => (Allow) D:\Games\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5708E376-39DF-4F4F-8B6F-60FF37B31B19}] => (Allow) D:\Games\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{E64221F0-D399-407A-99A8-9E2502C69EB9}] => (Allow) D:\Games\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{FF6F383B-DC8E-4CBA-88C9-5C2A2AC48335}C:\users\герберт\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\герберт\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [UDP Query User{3C41F7ED-6ED3-4099-BC67-8AE9DC7433CA}C:\users\герберт\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\герберт\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [{27E54A7F-102E-4626-AC02-5B2C3DDBFEC6}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{68D015D7-EFA4-4991-A2A4-C1A5CDAEDE20}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{F7F63DF7-AE6F-48FA-957E-BB0033BEE32A}] => (Allow) D:\Games\steamapps\common\Hob\HobLauncher.exe
FirewallRules: [{95DE515B-E3E9-47DE-B5C3-88B8422A3331}] => (Allow) D:\Games\steamapps\common\Hob\HobLauncher.exe
FirewallRules: [{9F511B47-C78C-47F5-8717-3A0670511979}] => (Allow) D:\Games\steamapps\common\Hob\HOB.exe
FirewallRules: [{53A73B86-6D9F-41E0-B67F-514FFC10E20F}] => (Allow) D:\Games\steamapps\common\Hob\HOB.exe
FirewallRules: [{FB494FAE-7985-43E3-BF88-14BFF778200E}] => (Allow) D:\Games\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{36D1C35C-FC89-46A5-BB64-9975BC4C163D}] => (Allow) D:\Games\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{82E6960B-9A88-460C-A6E1-EB6B62330730}] => (Allow) D:\Games\steamapps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe
FirewallRules: [{C29FB2B9-422D-407F-BF5F-7505BE271102}] => (Allow) D:\Games\steamapps\common\Call of Duty Modern Warfare 3\iw5mp_server.exe
FirewallRules: [{C55F67D5-E0E2-43D9-9C9E-24B6A592FA03}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{594DFDEC-8525-47F4-A6BE-E22603A8B3A0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{09EA98BD-180F-4B7E-B02A-84A8F0CCFEB1}] => (Allow) C:\Program Files\Opera\52.0.2871.99\opera.exe
FirewallRules: [{2F9E80A0-CE88-4A94-BBAC-FAD75B2E7C50}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CEFC41F5-031D-421C-A567-CC4DEB72C2CA}] => (Allow) D:\Games\steamapps\common\Darwin Project\Darwin.exe
FirewallRules: [{B0ABFE64-FA16-420E-B3B4-60F69F95AC01}] => (Allow) D:\Games\steamapps\common\Darwin Project\Darwin.exe
FirewallRules: [{107A0D9E-6DD5-45BF-B44B-0B86700A1388}] => (Allow) D:\Games\steamapps\common\Darwin Project\Darwin\Binaries\Win64\Darwin-Win64-Shipping.exe
FirewallRules: [{1B6134D5-706D-4D54-8E41-EEE6DF872783}] => (Allow) D:\Games\steamapps\common\Darwin Project\Darwin\Binaries\Win64\Darwin-Win64-Shipping.exe
FirewallRules: [{3B49A25B-6F62-438D-A461-A367682A60E9}] => (Allow) C:\Program Files\Opera\53.0.2907.68\opera.exe
FirewallRules: [{C52EE448-8746-4B9A-ABC3-CAE9A2B52DB9}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{C2B0A6C5-C4FF-4F45-91A9-A04241EF6885}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Restore Points =========================

23-05-2018 22:22:01 Windows Defender Checkpoint
25-05-2018 20:02:00 Центр обновления Windows
25-05-2018 23:18:40 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Туннельный адаптер Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Контроллер универсальной последовательной шины USB
Description: Контроллер универсальной последовательной шины USB
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HWiNFO32/64 Kernel Driver
Description: HWiNFO32/64 Kernel Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: HWiNFO32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2018 11:23:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: AUEPMaster.exe, версия: 2.3.0.0, отметка времени: 0x5a1cb351
Имя сбойного модуля: KERNELBASE.dll, версия: 6.1.7601.24117, отметка времени 0x5add1e33
Код исключения: 0xe0434352
Смещение ошибки: 0x0000c54f
Идентификатор сбойного процесса: 0xae4
Время запуска сбойного приложения: 0x01d3f46643c14c69
Путь сбойного приложения: C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
Путь сбойного модуля: C:\Windows\syswow64\KERNELBASE.dll
Код отчета: 886636e2-6059-11e8-a70c-6cf0497cba95

Error: (05/25/2018 11:23:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Приложение: AUEPMaster.exe
Версия платформы: v4.0.30319
Описание. Процесс был завершен из-за необработанного исключения.
Сведения об исключении: System.Security.Principal.IdentityNotMappedException
   в System.Security.Principal.NTAccount.Translate(System.Security.Principal.IdentityReferenceCollection, System.Type, Boolean)
   в System.Security.Principal.NTAccount.Translate(System.Type)
   в System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(System.Security.AccessControl.AccessControlModification, System.Security.AccessControl.AccessRule, Boolean ByRef)
   в System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
   в System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
   в PPCM.PipeData.StartServer()
   в System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   в System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   в System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   в System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   в System.Threading.ThreadHelper.ThreadStart()

Error: (05/25/2018 11:23:46 PM) (Source: Performance Profile Client) (EventID: 0) (User: )
Description: Unable to launch data processes to report back to pipe servers.  Additional Info: System.ComponentModel.Win32Exception (0x80004005): Не удается найти указанный файл
   в System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
   в System.Diagnostics.Process.Start()
   в PPCM.Worker.StartDataProcesses(Int32 givenSession)
   в PPCM.Worker.Startup()

Error: (05/25/2018 11:22:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/25/2018 11:18:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Ошибка теневого копирования тома: непредвиденная ошибка при запросе интерфейса IVssWriterCallback.  hr = 0x80070005, Отказано в доступе.
.
Наиболее вероятная причина - неправильные параметры безопасности запрашивающего процесса или записывающего процесса.


Операция:
   Сбор данных модуля записи

Контекст:
   Код класса модуля записи: {e8132975-6f93-4464-a53e-1050253ae220}
   Имя модуля записи: System Writer
   Код экземпляра модуля записи: {f50e542a-c68b-429a-979b-9d0f48384dd8}

Error: (05/25/2018 10:46:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: AUEPMaster.exe, версия: 2.3.0.0, отметка времени: 0x5a1cb351
Имя сбойного модуля: KERNELBASE.dll, версия: 6.1.7601.24117, отметка времени 0x5add1e33
Код исключения: 0xe0434352
Смещение ошибки: 0x0000c54f
Идентификатор сбойного процесса: 0x7b4
Время запуска сбойного приложения: 0x01d3f460fe81370d
Путь сбойного приложения: C:\Program Files (x86)\AMD\Performance Profile Client\AUEPMaster.exe
Путь сбойного модуля: C:\Windows\syswow64\KERNELBASE.dll
Код отчета: 413d843f-6054-11e8-ac06-6cf0497cba95

Error: (05/25/2018 10:46:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Приложение: AUEPMaster.exe
Версия платформы: v4.0.30319
Описание. Процесс был завершен из-за необработанного исключения.
Сведения об исключении: System.Security.Principal.IdentityNotMappedException
   в System.Security.Principal.NTAccount.Translate(System.Security.Principal.IdentityReferenceCollection, System.Type, Boolean)
   в System.Security.Principal.NTAccount.Translate(System.Type)
   в System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(System.Security.AccessControl.AccessControlModification, System.Security.AccessControl.AccessRule, Boolean ByRef)
   в System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
   в System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
   в PPCM.PipeData.StartServer()
   в System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   в System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   в System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   в System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   в System.Threading.ThreadHelper.ThreadStart()

Error: (05/25/2018 10:46:00 PM) (Source: Performance Profile Client) (EventID: 0) (User: )
Description: Unable to launch data processes to report back to pipe servers.  Additional Info: System.ComponentModel.Win32Exception (0x80004005): Не удается найти указанный файл
   в System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
   в System.Diagnostics.Process.Start()
   в PPCM.Worker.StartDataProcesses(Int32 givenSession)
   в PPCM.Worker.Startup()


System errors:
=============
Error: (05/25/2018 11:21:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Сбой при загрузке драйвера(ов) перезагрузки или запуска системы: 
HWiNFO32

Error: (05/25/2018 10:51:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "Service control program to work with the Internet" неожиданно прервана. Это произошло (раз): 1.

Error: (05/25/2018 10:50:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "ASGT" неожиданно прервана. Это произошло (раз): 1.

Error: (05/25/2018 10:41:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "Service control program to work with the Internet" неожиданно прервана. Это произошло (раз): 1.

Error: (05/25/2018 10:29:53 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Компьютер был перезагружен после критической ошибки.  Код ошибки: 0x000000f4 (0x0000000000000003, 0xfffffa8007666700, 0xfffffa80076669e0, 0xfffff80003164190). Дамп памяти сохранен в: C:\Windows\MEMORY.DMP. Код отчета: 052518-30997-01.

Error: (05/25/2018 10:29:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Предыдущее завершение работы системы в 22:28:13 на ‎25.‎05.‎2018 было неожиданным.

Error: (05/25/2018 10:14:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба Служба общих сетевых ресурсов проигрывателя Windows Media была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 30000 мсек: Перезапуск службы.

Error: (05/25/2018 10:14:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "Service control program to work with the Internet" неожиданно прервана. Это произошло (раз): 1.


Windows Defender:
===================================
Date: 2018-05-23 22:11:21.037
Description: 
Защитник Windows обнаружила программу-шпион или другую потенциально нежелательную программу.
Дополнительные сведения см. ниже:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/ICLoader&threatid=222548
Имя:SoftwareBundler:Win32/ICLoader
ИД:222548
Серьезность:Высокий
Категория:Средство увязки программ в пакет
Путь к:file:C:\Users\Герберт\AppData\Local\Temp\Rar$EXb0.184\KMSAutonet.exe
Тип обнаружения:Конкретный
Источник обнаружения:Система
Состояние:Неизвестно
Пользователь:NT AUTHORITY\система
Имя процесса:

Date: 2018-05-23 22:11:21.036
Description: 
Защитник Windows обнаружила программу-шпион или другую потенциально нежелательную программу.
Дополнительные сведения см. ниже:
http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/Adposhel&threatid=226527
Имя:Adware:Win32/Adposhel
ИД:226527
Серьезность:Высокий
Категория:Рекламная программа
Путь к:file:C:\Users\Герберт\AppData\Local\Temp\UAleVGbPB\UAleVGbPB.exe
Тип обнаружения:Конкретный
Источник обнаружения:Система
Состояние:Неизвестно
Пользователь:NT AUTHORITY\система
Имя процесса:

Date: 2018-05-23 22:03:24.976
Description: 
Защитник Windows обнаружила программу-шпион или другую потенциально нежелательную программу.
Дополнительные сведения см. ниже:
http://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/Adposhel&threatid=226527
Имя:Adware:Win32/Adposhel
ИД:226527
Серьезность:Высокий
Категория:Рекламная программа
Путь к:file:C:\Users\Герберт\AppData\Local\Temp\UAleVGbPB\UAleVGbPB.exe;process:pid:5632
Тип обнаружения:Конкретный
Источник обнаружения:Защита в реальном времени:
Состояние:Неизвестно
Пользователь:\
Имя процесса:

Date: 2018-05-23 22:01:14.128
Description: 
Защитник Windows обнаружила программу-шпион или другую потенциально нежелательную программу.
Дополнительные сведения см. ниже:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/ICLoader&threatid=222548
Имя:SoftwareBundler:Win32/ICLoader
ИД:222548
Серьезность:Высокий
Категория:Средство увязки программ в пакет
Путь к:file:C:\Users\Герберт\AppData\Local\Temp\Rar$EXb0.184\KMSAutonet.exe;process:pid:5724
Тип обнаружения:Конкретный
Источник обнаружения:Защита в реальном времени:
Состояние:Неизвестно
Пользователь:\
Имя процесса:

Date: 2018-05-23 22:01:09.680
Description: 
Защитник Windows обнаружила программу-шпион или другую потенциально нежелательную программу.
Дополнительные сведения см. ниже:
http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/ICLoader&threatid=222548
Имя:SoftwareBundler:Win32/ICLoader
ИД:222548
Серьезность:Высокий
Категория:Средство увязки программ в пакет
Путь к:file:C:\Users\Герберт\AppData\Local\Temp\Rar$EXb0.184\KMSAutonet.exe
Тип обнаружения:Конкретный
Источник обнаружения:Защита в реальном времени:
Состояние:Неизвестно
Пользователь:\
Имя процесса:

CodeIntegrity:
===================================

Date: 2017-06-18 18:53:17.817
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-18 18:53:17.786
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-18 08:23:01.488
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-18 08:23:01.457
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-17 14:24:33.424
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-17 14:24:33.393
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-17 11:38:52.703
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-17 11:38:52.672
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tap0801.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 35%
Total physical RAM: 7422.49 MB
Available physical RAM: 4786.34 MB
Total Virtual: 23804.66 MB
Available Virtual: 20742.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:161.82 GB) (Free:110.67 GB) NTFS
Drive d: () (Fixed) (Total:303.85 GB) (Free:111.9 GB) NTFS

\\?\Volume{7f1cd603-4835-11e7-978b-806e6f6e6963}\ (Зарезервировано системой) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 160CB81B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=161.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=303.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================