Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by Георгий (04-06-2018 17:52:20)
Running from D:\
Windows 10 Home Single Language Version 1709 16299.431 (X64) (2018-02-19 23:50:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

DefaultAccount (S-1-5-21-1460541748-495540164-1647599008-503 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1460541748-495540164-1647599008-504 - Limited - Disabled)
Администратор (S-1-5-21-1460541748-495540164-1647599008-500 - Administrator - Disabled)
Георгий (S-1-5-21-1460541748-495540164-1647599008-1001 - Administrator - Enabled) => C:\Users\Георгий
Гость (S-1-5-21-1460541748-495540164-1647599008-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Battery Calibration (HKLM-x32\...\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.)
Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
BurnRecovery (HKLM-x32\...\{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1704.1801 - Application) Hidden
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1704.1801 - Application)
Catz 5 (HKLM-x32\...\{12DCDE3D-5C8E-4C5E-A7E4-CEF30F578179}) (Version:  - )
Cossacks 3 (HKLM-x32\...\1797227701_is1) (Version: 1.9.7.85.5756 - GOG.com)
Cossacks 3: Days of Brilliance (HKLM-x32\...\2058625388_is1) (Version: 1.9.7.85.5756 - GOG.com)
Cossacks 3: Digital Deluxe Upgrade (HKLM-x32\...\1945153467_is1) (Version: 1.9.7.85.5756 - GOG.com)
Cossacks 3: Early Bird (HKLM-x32\...\1282435442_is1) (Version: 1.9.7.85.5756 - GOG.com)
Cossacks 3: Guardians of the Highlands (HKLM-x32\...\1483750963_is1) (Version: 1.9.7.85.5756 - GOG.com)
Cossacks 3: Path to Grandeur (HKLM-x32\...\1365995253_is1) (Version: 1.9.7.85.5756 - GOG.com)
Cossacks 3: Rise to Glory (HKLM-x32\...\1830579185_is1) (Version: 1.9.7.85.5756 - GOG.com)
Cossacks 3: The Golden Age (HKLM-x32\...\1318550073_is1) (Version: 1.9.7.85.5756 - GOG.com)
Dragon Center (HKLM-x32\...\{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1711.2101 - Micro-Star International Co., Ltd.) Hidden
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1711.2101 - Micro-Star International Co., Ltd.)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
ESET Security (HKLM\...\{B489BC2D-0079-4631-97BF-CA2378299D43}) (Version: 11.0.159.9 - ESET, spol. s r.o.)
GameRanger (HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\GameRanger) (Version:  - GameRanger Technologies)
Help Desk (HKLM-x32\...\{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1706.1901 - Micro-Star International Co., Ltd.) Hidden
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1706.1901 - Micro-Star International Co., Ltd.)
Heroes of Might and Magic V v.1.6 (HKLM-x32\...\Heroes of Might and Magic V_is1) (Version:  - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4708 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\97FE6BFA6A40EE4967381F4313B334031A3B6E03) (Version: 1.1.4.0 - ENE TECHNOLOGY INC.)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
LogMeIn Hamachi (HKLM-x32\...\{892DB406-ADF8-4C30-9840-8438AF5B8763}) (Version: 2.2.0.607 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.607 - LogMeIn, Inc.)
Malwarebytes, версия 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office стандартный 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM-x32\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)
MSI Feature Navigator (HKLM-x32\...\{2BD90BC2-5B5C-4493-8633-66D0CADF8B33}) (Version: 1.0.1703.1601 - Micro-Star International Co., Ltd.) Hidden
MSI Feature Navigator (HKLM-x32\...\InstallShield_{2BD90BC2-5B5C-4493-8633-66D0CADF8B33}) (Version: 1.0.1703.1601 - Micro-Star International Co., Ltd.)
MSI Remind Manager Service (HKLM-x32\...\{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1705.3101 - Micro-Star International Co., Ltd.) Hidden
MSI Remind Manager Service (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1705.3101 - Micro-Star International Co., Ltd.)
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 2.0.0.032 - Portrait Displays, Inc.)
Nancy Drew: Sea of Darkness (HKLM-x32\...\{241C6D36-570D-4616-B07F-E460AF6E59D2}) (Version: 8.0.0.30162 - Her Interactive, Inc.)
NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation)
NVIDIA Аудиодрайвер HD 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA Графический драйвер 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Драйвер 3D Vision 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Системное программное обеспечение PhysX 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Opera Stable 53.0.2907.68 (HKLM-x32\...\Opera 53.0.2907.68) (Version: 53.0.2907.68 - Opera Software)
Oracle VM VirtualBox 5.2.2 (HKLM\...\{9F5D10F9-A372-4B1E-BEB3-001B47E0C325}) (Version: 5.2.2 - Oracle Corporation)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.309 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8302 - Realtek Semiconductor Corp.)
RICOH SP 150 (HKLM-x32\...\{236068F9-94B6-45CD-A6BE-3BF03170AAB8}) (Version: 1.045.00 - Ricoh Co., Ltd.) Hidden
RICOH SP 150 (HKLM-x32\...\InstallShield_{236068F9-94B6-45CD-A6BE-3BF03170AAB8}) (Version: 1.045.00 - Ricoh Co., Ltd.)
SCM (HKLM\...\{F6E94387-38E9-4D98-9FE1-038F575768BA}) (Version: 13.017.06089 - Application)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0360 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.12.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.12.2 - SteelSeries ApS)
Stronghold Crusader (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.30.1004 - Firefly Studios)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.184 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Telegram Desktop version 1.2.14 (HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.14 - Telegram Messenger LLP)
TINA (HKLM-x32\...\{FBB4D1AE-13EF-42EC-8B94-C4F08CCC40B2}) (Version: 9.00.000 - DesignSoft)
Total War ATTILA Age of Charlemagne (HKLM-x32\...\Total War ATTILA Age of Charlemagne_is1) (Version: 1.0 - PLAZA)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9C4F3AF4-21D8-43BD-A69C-517BB96012CF}) (Version: 2.12.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
War Thunder Launcher 1.0.3.58 (HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.50 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{A39B5969-9683-49F9-AA69-F40EF0D91441}) (Version: 3.0.1705.3123 - SplitmediaLabs)
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Обновления NVIDIA 24.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 24.0.0.0 - NVIDIA Corporation) Hidden
Панель управления NVIDIA 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.05 - NVIDIA Corporation) Hidden
Программное обеспечение Intel® Chipset Device (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\2  -  programs\EAV\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => D:\2  -  programs\Alcohol\Alcohol 120\AxShlex.dll [2014-09-06] (Alcohol Soft Development Team)
ContextMenuHandlers2-x32: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => D:\2  -  programs\Alcohol\Alcohol 120\AxShlEx64.dll [2014-09-06] (Alcohol Soft Development Team)
ContextMenuHandlers2-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\2  -  programs\EAV\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\2  -  programs\malware\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxDTCM.dll [2017-06-22] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => D:\2  -  programs\EAV\shellExt.dll [2017-12-18] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\2  -  programs\malware\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {164838F3-489F-4A6E-9C46-EC3E59F2E21A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-29] (NVIDIA Corporation)
Task: {1E3DB0F3-56FB-4523-A4A0-D014E5CF6989} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {3EFFCFA9-F299-4504-8F35-6BB037263317} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2017-11-21] (Micro-Star International Co., Ltd.)
Task: {40D774D7-87C4-4C84-A664-32EDEDB51671} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => D:\2  -  programs\Microsoft Office\Office16\msoia.exe
Task: {5618A153-0CC3-4A56-A2CF-17214DE1E986} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => D:\2  -  programs\Microsoft Office\Office16\msoia.exe
Task: {68CB5D1F-EDB7-4ECA-BB5E-15533E2E6F34} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-29] (NVIDIA Corporation)
Task: {6B2FA29F-B978-4647-B6EA-7AF1CA249AF1} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe
Task: {7724E9FC-5AB3-47A6-BAE3-D19ED8F43295} - System32\Tasks\CCleanerSkipUAC => D:\2  -  programs\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd)
Task: {7AAA851E-4B97-4F6A-B382-6F75B9BDCB18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {8C64F74F-8B73-46E6-B43D-81EAD7CD5B5F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-29] (NVIDIA Corporation)
Task: {8E66D026-77FF-43B0-B02D-FEABF751F794} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {97D0A0D3-FA2E-4F12-AEF2-A83928A7F035} - System32\Tasks\update-S-1-5-21-1460541748-495540164-1647599008-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {9AF77585-5FCB-4C25-A961-E6E21FE1AE74} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-02-25] (Intel(R) Corporation)
Task: {9B3B75CF-A4AC-4C32-A14C-534E3ABA1245} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
Task: {A24FE0AC-8191-49EA-8DA1-80AABCDC0DEA} - System32\Tasks\Opera scheduled Autoupdate 1510324497 => D:\2  -  programs\Opera\launcher.exe [2018-05-23] (Opera Software)
Task: {B3961284-7BEF-4BFD-AEF4-04F3C4992C33} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2017-06-20] (Micro-Star International Co., Ltd.)
Task: {B43E40E4-5DA9-4C1C-B446-37C8F794FD6C} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
Task: {B81CAE7F-1CB9-4310-9562-5FD4152EBEEE} - System32\Tasks\CCleaner Update => D:\2  -  programs\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd)
Task: {BD3AD8CE-19DF-43E9-9CDF-42786871E0D2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {BEC87FD6-8F82-40AC-A6CB-4429CEC2C0EF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-29] (NVIDIA Corporation)
Task: {C00F94CE-8F6C-44E4-8C5F-3E883A9568B5} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter]
Task: {C2E78191-0BE3-4349-BFBE-AEFB3252A73D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-29] (NVIDIA Corporation)
Task: {D199516A-9DCF-410D-B615-4AB19CD0C17C} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe
Task: {E5CFC557-A956-4FB2-91BA-EC956EA09A8E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-29] (NVIDIA Corporation)
Task: {EF11E88B-EE71-439B-9429-AA50C5F4DE87} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
Task: {F533B82B-ED48-406D-B786-889914B51FD3} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {FD5B0282-5E4D-43AF-93F5-75C889E2754D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-29] (NVIDIA Corporation)
Task: {FFA2A7C7-9101-4308-88B7-16FF2FCC1ED8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1460541748-495540164-1647599008-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <==== Cyrillic
Shortcut: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <==== Cyrillic
Shortcut: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <==== Cyrillic
Shortcut: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Деинсталлировать War Thunder.lnk -> D:\4  -  stuff\WarThunder\WarThunder\unins000.exe () <==== Cyrillic
Shortcut: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spirit\Удалить игру.lnk -> D:\4  -  stuff\Spirit\Spirit\UNWISE.EXE (No File) <==== Cyrillic
Shortcut: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PascalABC.NET\Удаление PascalABC.NET.lnk -> D:\2  -  programs\Pascal\PascalABC.NET\Uninstall.exe () <==== Cyrillic
Shortcut: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSC Game World\Cossacks II\Официальный сайт игры Казаки II.lnk -> hxxp://www.cossacks2.ru
Shortcut: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\SendTo\Передача файлов через Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\Users\Георгий\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Браузер Opera.lnk -> C:\Program Files (x86)\Common Files\Opera\launcher.exe (No File) <==== Cyrillic
Shortcut: C:\Users\Георгий\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Браузер Opera.lnk -> D:\2  -  programs\Opera\launcher.exe (Opera Software) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive для бизнеса.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\grv_icons.exe () <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype для бизнеса 2016.lnk -> C:\Windows\Installer\{90160000-0011-0000-1000-0000000FF1CE}\lyncicon.exe () <==== Cyrillic

ShortcutWithArgument: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Журнал ошибок.lnk -> D:\4  -  stuff\WarThunder\WarThunder\.game_logs () -> cd  <==== Cyrillic
ShortcutWithArgument: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Повторы боев.lnk -> D:\4  -  stuff\WarThunder\WarThunder\Replays () -> cd  <==== Cyrillic
ShortcutWithArgument: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Скриншоты.lnk -> D:\4  -  stuff\WarThunder\WarThunder\Screenshots () -> cd  <==== Cyrillic
ShortcutWithArgument: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\SendTo\Получатель факса.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo <==== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 16:41 - 2017-09-29 16:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-06-29 22:21 - 2017-05-01 23:51 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-05-02 00:44 - 2018-02-22 03:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-05-02 00:45 - 2018-02-22 03:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-24 22:52 - 2018-05-23 07:59 - 101425752 _____ () D:\2  -  programs\Opera\53.0.2907.68\opera_browser.dll
2018-05-24 22:52 - 2018-05-23 07:59 - 004447832 _____ () D:\2  -  programs\Opera\53.0.2907.68\libglesv2.dll
2018-05-24 22:52 - 2018-05-23 07:59 - 000100440 _____ () D:\2  -  programs\Opera\53.0.2907.68\libegl.dll
2017-06-06 10:23 - 2017-06-06 10:23 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-05-17 22:31 - 2018-05-01 10:32 - 000788256 _____ () D:\6  -  steam\SDL2.dll
2018-06-02 01:53 - 2018-06-01 22:02 - 002632480 _____ () D:\6  -  steam\video.dll
2017-11-11 00:06 - 2016-09-01 04:02 - 004969248 _____ () D:\6  -  steam\v8.dll
2018-03-23 23:57 - 2017-12-20 04:43 - 000351520 _____ () D:\6  -  steam\libavresample-3.dll
2018-03-23 23:57 - 2017-12-20 04:43 - 000695584 _____ () D:\6  -  steam\libavformat-57.dll
2018-03-23 23:57 - 2017-12-20 04:43 - 000847136 _____ () D:\6  -  steam\libavutil-55.dll
2018-03-23 23:57 - 2017-12-20 04:43 - 000783648 _____ () D:\6  -  steam\libswscale-4.dll
2018-03-23 23:57 - 2017-12-20 04:43 - 005137696 _____ () D:\6  -  steam\libavcodec-57.dll
2017-11-11 00:06 - 2016-09-01 04:02 - 001563936 _____ () D:\6  -  steam\icui18n.dll
2017-11-11 00:06 - 2016-09-01 04:02 - 001195296 _____ () D:\6  -  steam\icuuc.dll
2018-06-02 01:53 - 2018-06-01 22:02 - 000979744 _____ () D:\6  -  steam\bin\chromehtml.DLL
2017-11-11 00:06 - 2016-07-05 01:17 - 000266560 _____ () D:\6  -  steam\openvr_api.dll
2018-05-17 22:31 - 2018-05-01 10:32 - 000788256 _____ () D:\6  -  steam\bin\cef\cef.win7\SDL2.dll
2018-05-17 22:31 - 2018-05-14 22:39 - 083524384 _____ () D:\6  -  steam\bin\cef\cef.win7\libcef.dll
2017-11-11 00:06 - 2015-09-25 02:52 - 000119208 _____ () D:\6  -  steam\winh264.dll
2018-05-17 22:31 - 2018-05-14 22:39 - 002253600 _____ () D:\6  -  steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2018-05-17 22:31 - 2018-05-14 22:39 - 000109856 _____ () D:\6  -  steam\bin\cef\cef.win7\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-19 00:03 - 2018-05-23 09:32 - 000001107 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	localhost
127.0.0.1	www.subdomain.localhost
127.0.0.1	www.subdomain.test1.ru
127.0.0.1	subdomain.localhost
127.0.0.1	subdomain.test1.ru
127.0.0.1	www.localhost
127.0.0.1	www.test1.ru
127.0.0.2	custom-host
127.0.0.2	www.custom
127.0.0.1	test1.ru
127.0.0.2	custom

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1460541748-495540164-1647599008-1001\Control Panel\Desktop\\Wallpaper -> D:\voda-glubina-luchi-svet-more-okean-staya-kosyak-ryby-delfin-siluet-ochertanie-kontur.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Nahimic2UILauncher"
HKLM\...\StartupApproved\Run: => "SCM"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc32"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc64"
HKLM\...\StartupApproved\Run: => "MsiTrueColor"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\StartupApproved\StartupFolder: => "Create virtual drive for Denwer.lnk"
HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\StartupApproved\Run: => "SteelSeries Engine"
HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\StartupApproved\Run: => "AlcoholAutomount"
HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\StartupApproved\Run: => "GameCenterMailRu"
HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\StartupApproved\Run: => "spdetector3"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{530686FB-D23B-47FE-8130-152BBD3A370E}D:\4  -  stuff\heroes\heroes of might and magic v\hammers of fate\bin\h5_game.exe] => (Allow) D:\4  -  stuff\heroes\heroes of might and magic v\hammers of fate\bin\h5_game.exe
FirewallRules: [TCP Query User{BCD76469-19F5-4FD9-B9D2-4BBFB38E2A9C}D:\4  -  stuff\heroes\heroes of might and magic v\hammers of fate\bin\h5_game.exe] => (Allow) D:\4  -  stuff\heroes\heroes of might and magic v\hammers of fate\bin\h5_game.exe
FirewallRules: [UDP Query User{7E3A14BB-56C6-4C5A-BD9C-FC4E02E9CC3E}C:\users\георгий\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\георгий\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{B9F9E2CE-A196-4389-8658-46131AB011CC}C:\users\георгий\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\георгий\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{B6A87EE3-C231-4593-9F81-C096FAD2FEE1}D:\4  -  stuff\attila\total war attila age of charlemagne\attila.exe] => (Allow) D:\4  -  stuff\attila\total war attila age of charlemagne\attila.exe
FirewallRules: [TCP Query User{C723CDAA-BFA4-41E9-88BA-0E599C26CE18}D:\4  -  stuff\attila\total war attila age of charlemagne\attila.exe] => (Allow) D:\4  -  stuff\attila\total war attila age of charlemagne\attila.exe
FirewallRules: [UDP Query User{FD166741-AB62-4354-9927-07CF1BA7BD05}D:\6  -  steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Allow) D:\6  -  steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [TCP Query User{43C6AEEE-1CEF-4DA5-80CE-4D7A38229CA5}D:\6  -  steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe] => (Allow) D:\6  -  steam\steamapps\common\ark\shootergame\binaries\win64\shootergameserver.exe
FirewallRules: [{8D251772-B60C-497A-99C9-271AEB086FE6}] => (Allow) D:\6  -  steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{8F50FC71-9A4B-4573-A804-0A11A0728B37}] => (Allow) D:\6  -  steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{B430A845-BCCD-4E22-9CC5-4B4889F8E29D}] => (Allow) D:\6  -  steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{AE8FFBCD-FD15-46AA-B07E-C9400C391B45}] => (Allow) D:\6  -  steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [UDP Query User{AF0DE61C-DA3F-4D6D-B5DB-378BF2D83DE3}D:\4  -  stuff\warthunder\warthunder\win64\aces.exe] => (Allow) D:\4  -  stuff\warthunder\warthunder\win64\aces.exe
FirewallRules: [TCP Query User{1B5965B1-A632-4DAF-B607-4F3280255CDD}D:\4  -  stuff\warthunder\warthunder\win64\aces.exe] => (Allow) D:\4  -  stuff\warthunder\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{DE567AE4-3C8D-4D54-A04F-1A7380B7B595}D:\4  -  stuff\warthunder\warthunder\launcher.exe] => (Allow) D:\4  -  stuff\warthunder\warthunder\launcher.exe
FirewallRules: [TCP Query User{F3051512-D90A-463E-AAB0-17697C697EE2}D:\4  -  stuff\warthunder\warthunder\launcher.exe] => (Allow) D:\4  -  stuff\warthunder\warthunder\launcher.exe
FirewallRules: [{0D23A0EE-D0D9-43F5-896D-6D7875912742}] => (Allow) D:\6  -  steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{40F88921-40B2-4418-B662-3FFC6A4BEA05}] => (Allow) D:\6  -  steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{10843C25-97F8-43C5-8E79-E5FB88AE77F8}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{A37210E2-2088-47F8-8842-E63C8A63728B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{7DF2A8DA-FE1D-4F14-81DF-761BFA9EAF34}] => (Allow) D:\6  -  steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8A94A88F-B3A7-4880-98B9-DAB9FAC3B698}] => (Allow) D:\6  -  steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{20ED0628-3CDF-48F9-9E08-670D73A490B2}] => (Allow) D:\6  -  steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe
FirewallRules: [{59ECB9A1-A029-41A5-8AA0-FB2301486E98}] => (Allow) D:\6  -  steam\steamapps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe
FirewallRules: [{6BA604C0-1AE7-407F-8A63-692038CB0972}] => (Allow) D:\6  -  steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{EA647DE8-8861-47DC-B881-337CEDA7FA46}] => (Allow) D:\6  -  steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [UDP Query User{A9B89429-71A3-45FE-835A-1D888E44314B}D:\2  -  programs\filedrop\filedrop\filedrop.exe] => (Allow) D:\2  -  programs\filedrop\filedrop\filedrop.exe
FirewallRules: [TCP Query User{8E788445-AAA9-4B2B-92AA-28BDA15A3558}D:\2  -  programs\filedrop\filedrop\filedrop.exe] => (Allow) D:\2  -  programs\filedrop\filedrop\filedrop.exe
FirewallRules: [{382E0F1F-12CA-4C98-B6E1-FFB1FC5456D4}] => (Allow) D:\6  -  steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{73FD2189-46AF-44B7-A8DB-554D5E53C9DB}] => (Allow) D:\6  -  steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{FA332F64-BD8D-404B-AA18-E3588248BD07}] => (Allow) C:\Program Files (x86)\Common Files\Visual Studio\Common7\IDE\WDExpress.exe
FirewallRules: [{5429E36F-BC8C-44F4-A3C0-52E2C0557633}] => (Allow) D:\6  -  steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BA083A2B-E021-49A9-8511-E6398EED783B}] => (Allow) D:\6  -  steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EF14E0B0-A107-4074-882C-76C169E06443}] => (Allow) D:\6  -  steam\Steam.exe
FirewallRules: [{A3FAFE5E-2E18-49AD-8A0C-A7B84FF7AF4A}] => (Allow) D:\6  -  steam\Steam.exe
FirewallRules: [{B4DD665D-539A-420D-A5CC-C6CB773C75C9}] => (Allow) C:\Users\Георгий\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{07224DEB-3262-48D8-97F2-46F6B38D8193}] => (Allow) C:\Users\Георгий\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3FD327D8-8E39-43E7-BBED-A37DA2761CE0}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe
FirewallRules: [{787A72E9-46A2-43C7-B35C-59AB6DDD1C15}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe
FirewallRules: [{80B03E3A-858D-4808-B052-998DA3D5A855}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
FirewallRules: [{59D912AB-C8ED-432C-B30B-33A78DC5D432}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
FirewallRules: [{408FF06A-88C2-407E-84A5-78042598E0F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D70C5EF3-6BBB-4A6E-A8EF-F69518EE399C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1912401C-01FD-4974-A924-895DE6729379}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{38CFE615-F2BD-431B-8175-8E2005F987CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B6C261F6-C76E-4F87-A181-B2978457492B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B2A2B905-428A-4B92-A059-CB4C7847A36C}] => (Allow) D:\2  -  programs\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{65B81D4A-6044-4FED-A653-8184AEC7D857}] => (Allow) D:\2  -  programs\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{ED666A06-DE59-47BF-9E1B-D12D62D8D31A}] => (Allow) D:\2  -  programs\Microsoft Office\Office14\outlook.exe
FirewallRules: [TCP Query User{BE7C0B40-F688-4504-8646-14D1BB97F571}D:\4  -  stuff\stronghold\stronghold crusader.exe] => (Allow) D:\4  -  stuff\stronghold\stronghold crusader.exe
FirewallRules: [UDP Query User{D374A680-B849-44E9-8A5B-3C5BFE420255}D:\4  -  stuff\stronghold\stronghold crusader.exe] => (Allow) D:\4  -  stuff\stronghold\stronghold crusader.exe
FirewallRules: [TCP Query User{6AC530DE-46DC-4CB7-973A-CD62C87D5781}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{5BB446F7-F237-40DF-9208-F7AF3263AD48}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{34F5AA17-7C3A-422D-8B69-46E9FC6DB2E3}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{782E8512-7E6F-4F73-B03C-BBAA0DD7DFDB}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{89009671-F1A3-45C4-921E-1AC3B702FADD}] => (Block) D:\4  -  stuff\stronghold\stronghold crusader.exe
FirewallRules: [{670E1A12-4577-4D90-9EA5-5C3822D602DA}] => (Block) D:\4  -  stuff\stronghold\stronghold crusader.exe
FirewallRules: [{A855535F-C6CF-45DD-AF96-D540D2EBDC1A}] => (Allow) D:\2  -  programs\Opera\52.0.2871.99\opera.exe
FirewallRules: [{64AEDED1-CD38-41B8-8B93-2F646C012DDC}] => (Allow) D:\2  -  programs\Opera\53.0.2907.68\opera.exe
FirewallRules: [TCP Query User{8AEE3B27-D89E-43A4-83B5-2D19DFFE164E}D:\4  -  stuff\attila\total war attila age of charlemagne\attila.exe] => (Allow) D:\4  -  stuff\attila\total war attila age of charlemagne\attila.exe
FirewallRules: [UDP Query User{83918288-0FF2-4C34-93BF-37BBE4F116F6}D:\4  -  stuff\attila\total war attila age of charlemagne\attila.exe] => (Allow) D:\4  -  stuff\attila\total war attila age of charlemagne\attila.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2018 03:06:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: HiJackThis.exe, версия: 2.8.0.4, метка времени: 0x59afc269
Имя сбойного модуля: MSVBVM60.DLL, версия: 6.0.98.15, метка времени: 0x49b01fc3
Код исключения: 0xc0000005
Смещение ошибки: 0x0000ae87
Идентификатор сбойного процесса: 0x80ec
Время запуска сбойного приложения: 0x01d3f8d7d660d1fa
Путь сбойного приложения: D:\AutoLogger\HiJackThis\HiJackThis.exe
Путь сбойного модуля: C:\WINDOWS\SYSTEM32\MSVBVM60.DLL
Идентификатор отчета: 997406d8-be1d-4cb6-a7db-193d59ebe3e4
Полное имя сбойного пакета: 
Код приложения, связанного со сбойным пакетом:

Error: (05/31/2018 03:06:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: HiJackThis.exe, версия: 2.8.0.4, метка времени: 0x59afc269
Имя сбойного модуля: HiJackThis.exe, версия: 2.8.0.4, метка времени: 0x59afc269
Код исключения: 0xc00001a5
Смещение ошибки: 0x00006ab0
Идентификатор сбойного процесса: 0x80ec
Время запуска сбойного приложения: 0x01d3f8d7d660d1fa
Путь сбойного приложения: D:\AutoLogger\HiJackThis\HiJackThis.exe
Путь сбойного модуля: D:\AutoLogger\HiJackThis\HiJackThis.exe
Идентификатор отчета: f45de03b-369e-49df-86fa-49dd7a748238
Полное имя сбойного пакета: 
Код приложения, связанного со сбойным пакетом:

Error: (05/14/2018 05:03:10 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Работа службы Windows Search остановлена из-за проблем с индексатором: The catalog is corrupt.

Подробности:
	Каталог индексов содержимого поврежден.   0xc0041801 (0xc0041801)

Error: (05/14/2018 05:03:07 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Служба поиска обнаружила поврежденные файлы данных в индексе {ИД: 4810 - onecoreuap\base\appmodel\search\search\ytrip\tripoli\inverted\decodinglayeroccurrences.cpp (599)}. Служба попытается автоматически устранить эту неполадку путем перестройки индекса.

Подробности:
	Недопустимые данные.   0x8007000d (0x8007000d)

Error: (05/14/2018 05:03:07 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Служба поиска обнаружила поврежденные файлы данных в индексе {ИД: 4810 - onecoreuap\base\appmodel\search\search\ytrip\tripoli\inverted\decodinglayeroccurrences.cpp (599)}. Служба попытается автоматически устранить эту неполадку путем перестройки индекса.

Подробности:
	Недопустимые данные.   0x8007000d (0x8007000d)

Error: (05/14/2018 05:03:07 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Служба поиска обнаружила поврежденные файлы данных в индексе {ИД: 4810 - onecoreuap\base\appmodel\search\search\ytrip\tripoli\inverted\decodinglayeroccurrences.cpp (599)}. Служба попытается автоматически устранить эту неполадку путем перестройки индекса.

Подробности:
	Недопустимые данные.   0x8007000d (0x8007000d)

Error: (05/14/2018 05:03:07 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Служба поиска обнаружила поврежденные файлы данных в индексе {ИД: 4810 - onecoreuap\base\appmodel\search\search\ytrip\tripoli\inverted\decodinglayeroccurrences.cpp (599)}. Служба попытается автоматически устранить эту неполадку путем перестройки индекса.

Подробности:
	Недопустимые данные.   0x8007000d (0x8007000d)

Error: (05/14/2018 05:03:07 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Служба поиска обнаружила поврежденные файлы данных в индексе {ИД: 4810 - onecoreuap\base\appmodel\search\search\ytrip\tripoli\inverted\decodinglayeroccurrences.cpp (599)}. Служба попытается автоматически устранить эту неполадку путем перестройки индекса.

	Недопустимые данные.   0x8007000d (0x8007000d)


System errors:
=============
Error: (06/04/2018 05:50:15 PM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 и APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 пользователю MSI\Георгий с ИД безопасности (S-1-5-21-1460541748-495540164-1647599008-1001) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.

Error: (06/04/2018 05:45:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 и APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 пользователю NT AUTHORITY\LOCAL SERVICE с ИД безопасности (S-1-5-19) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.

Error: (06/04/2018 05:21:17 PM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 и APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 пользователю MSI\Георгий с ИД безопасности (S-1-5-21-1460541748-495540164-1647599008-1001) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.

Error: (06/04/2018 05:20:43 PM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 и APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 пользователю MSI\Георгий с ИД безопасности (S-1-5-21-1460541748-495540164-1647599008-1001) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txyewy с ИД безопасности (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.

Error: (06/04/2018 06:33:35 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: Регистрация сервера {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} DCOM не выполнена за отведенное время ожидания.

Error: (06/04/2018 06:33:35 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: Регистрация сервера {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} DCOM не выполнена за отведенное время ожидания.

Error: (06/04/2018 06:33:35 AM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: Регистрация сервера {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} DCOM не выполнена за отведенное время ожидания.

Error: (06/04/2018 04:55:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 и APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 пользователю NT AUTHORITY\LOCAL SERVICE с ИД безопасности (S-1-5-19) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.


Windows Defender:
===================================
Date: 2018-02-20 22:59:07.071
Description: 
Антивирусная программа "Защитник Windows" обнаружил вредоносные или иные потенциально нежелательные программы.
Дополнительные сведения см. в:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/BrowserPassview&threatid=2147685165&enterprise=0
Имя: HackTool:Win32/BrowserPassview
ИД: 2147685165
Важность: Средний
Категория: Программное средство
Путь: file:_D:\3  -  study\учеба бездаря\inz.exe
Происхождение обнаружения: Локальный компьютер
Тип обнаружения: Конкретный
Источник обнаружения: Система
Пользователь: NT AUTHORITY\СИСТЕМА
Имя процесса: Unknown
Версия сигнатуры: AV: 1.257.313.0, AS: 1.257.313.0, NIS: 118.1.0.0
Версия модуля: AM: 1.1.14306.0, NIS: 2.1.14202.0

Date: 2018-02-20 02:55:44.066
Description: 
Антивирусная программа "Защитник Windows" обнаружил вредоносные или иные потенциально нежелательные программы.
Дополнительные сведения см. в:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/BrowserPassview&threatid=2147685165&enterprise=0
Имя: HackTool:Win32/BrowserPassview
ИД: 2147685165
Важность: Средний
Категория: Программное средство
Путь: file:_D:\3  -  study\учеба бездаря\inz.exe
Происхождение обнаружения: Локальный компьютер
Тип обнаружения: Конкретный
Источник обнаружения: Защита в реальном времени:
Пользователь: NT AUTHORITY\СИСТЕМА
Имя процесса: C:\Windows\System32\SearchProtocolHost.exe
Версия сигнатуры: AV: 1.257.313.0, AS: 1.257.313.0, NIS: 116.1.0.0
Версия модуля: AM: 1.1.14306.0, NIS: 2.1.12706.0

Date: 2018-02-20 23:09:03.824
Description: 
При попытке Антивирусная программа "Защитник Windows" обновить подпись произошла ошибка.
Новая версия подписи: 
Предыдущая версия подписи: 1.261.1398.0
Источник обновления: Сервер Центра обновления Майкрософт
Тип подписи: Антивирусная программа
Тип обновления: Полное
Пользователь: NT AUTHORITY\СИСТЕМА
Текущая версия подсистемы: 
Предыдущая версия подсистемы: 1.1.14500.5
Код ошибки: 0x80240016
Описание ошибки: Произошла неожиданная ошибка при проверке наличия обновлений. Дополнительные сведения об установке и диагностике обновлений можно найти в центре справки и поддержки. 

CodeIntegrity:
===================================

Date: 2018-06-01 15:50:33.796
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-01 15:50:33.786
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-01 15:50:33.737
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-06-01 15:50:33.729
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-31 15:15:59.267
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\2  -  programs\Opera\53.0.2907.68\opera.exe) attempted to load \Device\HarddiskVolume1\2  -  programs\malware\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-23 09:39:32.554
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-23 09:39:32.539
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-23 09:39:32.449
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\iaStorA.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 22%
Total physical RAM: 16271.71 MB
Available physical RAM: 12576.3 MB
Total Virtual: 18703.71 MB
Available Virtual: 14959.08 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:117.94 GB) (Free:47.09 GB) NTFS
Drive d: (Data) (Fixed) (Total:916.51 GB) (Free:653.71 GB) NTFS

\\?\Volume{403dfe53-7563-44ad-b73a-094352be08aa}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
\\?\Volume{f5d93bcb-1db6-4dbb-b4c3-87724d82a911}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.46 GB) NTFS
\\?\Volume{8834bfad-3382-4493-be58-8991737312e1}\ (BIOS_RVY) (Fixed) (Total:15 GB) (Free:0.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: F1D5CD01)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: F1D5CD27)

Partition: GPT.

==================== End of Addition.txt ============================