Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02 Ran by Андрей (11-02-2020 15:04:10) Running from C:\Users\Андрей\Downloads Windows 10 Pro Version 1903 18362.476 (X64) (2019-12-11 22:27:21) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= DefaultAccount (S-1-5-21-4010367299-2433800681-3590494015-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-4010367299-2433800681-3590494015-504 - Limited - Disabled) Администратор (S-1-5-21-4010367299-2433800681-3590494015-500 - Administrator - Disabled) Андрей (S-1-5-21-4010367299-2433800681-3590494015-1001 - Administrator - Enabled) => C:\Users\Андрей Гость (S-1-5-21-4010367299-2433800681-3590494015-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) «Fable III» 1.1.1.3 (HKLM-x32\...\«Fable III»_is1) (Version: 1.1.1.3 - Microsoft) µTorrent (HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\uTorrent) (Version: 3.5.5.45395 - BitTorrent Inc.) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.314 - Adobe) Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 13.2.0 - IObit) AIDA64 Extreme v6.20 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.20 - FinalWire Ltd.) Any Video Converter 6.3.6 (HKLM-x32\...\Any Video Converter) (Version: 6.3.6 - Anvsoft) CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform) cFosSpeed v10.50 (HKLM\...\cFosSpeed) (Version: 10.50 - cFos Software GmbH, Bonn) Chrome Remote Desktop Host (HKLM-x32\...\{738276A2-92E7-4313-9E4D-D090F7DA98EC}) (Version: 79.0.3945.10 - Google Inc.) DAEMON Tools Lite 10.5.1.0229 (HKLM\...\DAEMON Tools Lite_is1) (Version: 10.5.1.0229 - l-rePack®) Discord (HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Dying Light (HKLM-x32\...\Dying Light_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm) Game Summary (HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Overwolf_nafihghfcpikebhfhdhljejkcifgbdahdhngepfb) (Version: 215.1.23 - Overwolf app) Geeks3D.com FurMark 1.9.2 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D.com) HSPA Locker v1.3b (HKLM-x32\...\{D1EBD03E-DC16-4B1A-8B9D-81D739AA17AF}) (Version: 1.3 - Job 3.14) MegaFon Internet (HKLM\...\RooX MegaFon Internet) (Version: 3.0.0 - RooX Solutions) Microsoft Office профессиональный плюс 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{D04659D1-EB2D-3DE5-A833-837A623CCCF7}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27033 (HKLM-x32\...\{cc3a7c63-31fb-4129-9024-63ebefd86a95}) (Version: 14.16.27033.0 - Microsoft Corporation) MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.1 - Notepad++ Team) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.141.79.25 - Overwolf Ltd.) RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder) S.T.A.L.K.E.R. - Надежда на Мир, 1.0 (HKLM-x32\...\S.T.A.L.K.E.R. - Надежда на Мир_is1) (Version: 1.0 - GSC Game World) Sirus Launcher 1.0.2-beta.10 (HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\9db7ae5f-4ac3-5dce-a80b-c51b32c70f9d) (Version: 1.0.2-beta.10 - AvengerWeb) Skyrim - Legendary Edition (HKLM-x32\...\Skyrim - Legendary Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) SVEN 7.1 GAMING HEADSET (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006620}) (Version: 1.00.0019 - SVEN PTE Ltd) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.10 - TeamSpeak Systems GmbH) TeamSpeak Overlay (HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.2 - Overwolf app) Telegram Desktop version 1.8.15 (HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.8.15 - Telegram FZ-LLC) Update for Skype for Business 2016 (KB3114516) 32-Bit Edition (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{94D22892-1C1F-4577-8610-709F405A36AA}) (Version: - Microsoft) Update for Skype for Business 2016 (KB3114516) 32-Bit Edition (HKLM-x32\...\{90160000-012B-0419-0000-0000000FF1CE}_Office16.PROPLUS_{94D22892-1C1F-4577-8610-709F405A36AA}) (Version: - Microsoft) Wargaming.net Game Center (HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\Wargaming.net Game Center) (Version: 19.9.1.8579 - Wargaming.net) WinRAR 5.50 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) World of Tanks RU (2) (HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\WOT.RU.PRODUCTION(2)) (Version: - Wargaming.net) World of Tanks RU (HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\WOT.RU.PRODUCTION) (Version: - Wargaming.net) Wotspeak ModPack 1.7.1.2 ver.4, версия 1.7.1.2 (HKLM-x32\...\{JustDj-5BB6-48C0-B04A-8985E39DF495}_is1) (Version: 1.7.1.2 - JustDJ) Yandex (HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\YandexBrowser) (Version: 20.2.1.238 - ООО «ЯНДЕКС») Голосовой помощник Алиса (HKLM-x32\...\{4D922459-6A2E-4E43-B7A1-86872A9078F3}) (Version: 5.0.0.1903 - Яндекс) Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM-x32\...\{90160000-001F-0422-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Кнопка "Яндекс" на панели задач (HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\YaPinLancher) (Version: 2.2.0.50 - Яндекс) Обновления NVIDIA 38.0.1.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.1.0 - NVIDIA Corporation) Hidden Средства проверки правописания Microsoft Office 2016 — русский (HKLM-x32\...\{90160000-001F-0419-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Packages: ========= iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-12] (Apple Inc.) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-12] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad] MSN Погода -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-12-12] (NVIDIA Corp.) Яндекс.Музыка -> C:\Program Files\WindowsApps\A025C540.Yandex.Music_3.27.7233.0_x64__vfvw9svesycw6 [2019-12-12] (Yandex) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-10-28] (Notepad++ -> ) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit) ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_595646f842b3f1a0\nvshext.dll [2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <==== Cyrillic Shortcut: C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <==== Cyrillic Shortcut: C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <==== Cyrillic Shortcut: C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop\Деинсталлировать Telegram.lnk -> C:\Users\Андрей\AppData\Roaming\Telegram Desktop\unins000.exe () <==== Cyrillic Shortcut: C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\SendTo\Передача файлов через Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic Shortcut: C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Надежда на Мир.lnk -> C:\Games\S.T.A.L.K.E.R. - Надежда на Мир\Stalker-COP.exe () <==== Cyrillic ShortcutWithArgument: C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Средства Microsoft Office 2016\Активация MS Office.lnk -> C:\Windows\Activator.exe () -> -p12345 <==== Cyrillic ShortcutWithArgument: C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wargaming.net\World_of_Tanks_RU (2)\Удалить World of Tanks RU (2).lnk -> C:\World_of_Tanks_RU\wgc_api.exe (Wargaming) -> --uninstall <==== Cyrillic ShortcutWithArgument: C:\Users\Андрей\AppData\Roaming\Microsoft\Windows\SendTo\Получатель факса.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo <==== Cyrillic ==================== Loaded Modules (Whitelisted) ============= 2016-12-08 14:23 - 2016-12-08 14:23 - 001146880 _____ () [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\Huawei\NDISAPI.dll 2019-10-26 14:04 - 2019-10-26 14:04 - 000232960 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2019-10-26 14:03 - 2019-10-26 14:03 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2019-10-26 14:04 - 2019-10-26 14:04 - 000650240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2019-10-26 14:03 - 2019-10-26 14:03 - 000074240 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2019-10-26 14:03 - 2019-10-26 14:03 - 000369664 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2019-09-09 17:29 - 2019-09-09 17:29 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll 2019-09-09 17:30 - 2019-09-09 17:30 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll 2019-09-09 17:30 - 2019-09-09 17:30 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll 2020-01-09 18:57 - 2014-11-10 10:53 - 000247296 ____N (C-MEDIA Electronics INC.) [File not signed] C:\Program Files\SVEN 7.1 GAMING HEADSET\CPL\Driver\x64\vista\osConfLib.dll 2013-06-27 12:33 - 2013-06-27 12:33 - 000026624 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\plugins\imageformats\qgif4.dll 2013-06-27 12:33 - 2013-06-27 12:33 - 000028672 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\plugins\imageformats\qico4.dll 2013-06-27 12:32 - 2013-06-27 12:32 - 000201216 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\plugins\imageformats\qjpeg4.dll 2013-07-19 17:26 - 2013-07-19 17:26 - 002598912 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\QtCore4.dll 2013-06-27 11:16 - 2013-06-27 11:16 - 008581632 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\QtGui4.dll 2013-06-27 11:10 - 2013-06-27 11:10 - 001053696 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\QtNetwork4.dll 2013-06-27 11:23 - 2013-06-27 11:23 - 001341440 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\QtScript4.dll 2013-06-27 12:29 - 2013-06-27 12:29 - 013112320 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\QtWebKit4.dll 2013-06-27 11:10 - 2013-06-27 11:10 - 000356352 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\QtXml4.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 001216000 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\Agent.Impl.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 000170496 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\Agent.Summary.Impl.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 000089600 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\Agent.Summary.UI.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 000074240 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\Agent.Summary.UI.MGF.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 000766464 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\Agent.UI.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 002656768 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\Agent.UI.MGF.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 000079872 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\Agent.Update.Impl.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 000182272 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\Agent.Update.UI.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 000109568 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\Agent.Update.UI.MGF.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 001071104 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\CommonLibrary.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 001028096 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\GuiLibrary.dll 2017-06-05 17:06 - 2017-06-05 17:06 - 002176512 _____ (RooX Solutions) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\NetworkLibrary.dll 2016-12-08 14:23 - 2016-12-08 14:23 - 001158144 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\libeay32.dll 2016-12-08 14:23 - 2016-12-08 14:23 - 000270848 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\MegaFon\MegaFon Internet\ssleay32.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-12 01:12 - 2019-12-12 01:11 - 000000824 ___SH C:\WINDOWS\system32\drivers\etc\hosts 2020-01-25 14:56 - 2020-01-25 14:56 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 10.78.83.244 - 10.78.62.244 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= Ethernet: Надежный многоадресный протокол (RMP) -> ms_rmcast (enabled) Ethernet: cFosSpeed for faster Internet connections (NDIS 6) -> cfosspeed (enabled) Сеть мобильной связи 2: cFosSpeed for faster Internet connections (NDIS 6) -> cfosspeed (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_2DE8C0D837BD4E162AB3BAA54CE5ADFC" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\StartupApproved\Run: => "Wargaming.net Game Center" HKU\S-1-5-21-4010367299-2433800681-3590494015-1001\...\StartupApproved\Run: => "uTorrent" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{3CE6C0F0-9802-4776-8F69-B7129F645678}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{FF754603-DC7B-4069-8DBA-5BB8B688D5B1}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{E2A36A69-F8A8-4756-B86C-7A293C6F8A71}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (Google LLC -> Google Inc.) FirewallRules: [TCP Query User{BFC0A3EC-D1D0-40D8-A2B8-5D0439A152AB}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{D026E563-734A-47C9-8391-CA953C8169B3}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{98E151EC-2864-45D0-8F16-BF7D4E663515}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0B93A898-1C55-4B13-B80E-F97AD4F4886F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{EFB7E882-2A50-4887-91B2-0F177BA75BC7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D1A088BA-1366-4D34-A8FC-3FA532048A04}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{A47E9170-0025-4C6D-9856-2F7248CF2757}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C063574D-4C8C-4E7B-8516-3865E3973781}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{3AD6866A-B8A8-4F2C-9D35-BB0015609DF5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8ABB22DA-4C60-4991-8782-DF02E46626D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{89185CB6-BDFD-4E21-8224-D52C1C1E8617}D:\far cry 4\bin\farcry4.exe] => (Block) D:\far cry 4\bin\farcry4.exe No File FirewallRules: [UDP Query User{824157A2-B2C1-401D-A55B-AEFF050760FF}D:\far cry 4\bin\farcry4.exe] => (Block) D:\far cry 4\bin\farcry4.exe No File FirewallRules: [{94B735DB-91FC-47F7-882C-A8935E64256B}] => (Allow) C:\Users\Андрей\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{70FDD30D-4452-4E80-82F4-0DD1597F9C2F}] => (Allow) C:\Users\Андрей\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{13EEEC4C-F17E-4E52-96A5-E35B9FCC0CAC}] => (Allow) C:\Users\Андрей\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{E4C6F132-3E39-4DF7-BEC4-B25DF4EBA9D3}] => (Allow) C:\Users\Андрей\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{15DBEF15-BEDC-4816-816C-EE985BC95687}] => (Allow) C:\Users\Андрей\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{5D1E01FD-A6A0-4DBE-B2DE-D025B389A182}] => (Allow) C:\Users\Андрей\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{2DEBB917-4F60-43D7-B64D-690E99AAE724}C:\world_of_tanks_ru\win32\worldoftanks.exe] => (Allow) C:\world_of_tanks_ru\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{23C90A35-A77D-418F-895E-F8A61A484319}C:\world_of_tanks_ru\win32\worldoftanks.exe] => (Allow) C:\world_of_tanks_ru\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [TCP Query User{6A488289-E7EB-4EDE-9ABD-871B55708BC8}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{E609318C-B091-4660-881F-62384F6EAE14}C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\dlls\wgc_renderer.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{DEEE975C-1643-4031-956F-1C8D3CE2A79E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{EC25B25A-90A4-4CB8-B035-B3A3BE230158}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{FC0193A4-63A3-4BFB-9CB3-2DA92DC68A3D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E75E0FFD-FE2D-40B7-8C6B-D8ACF4786CBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{58F790D0-55C6-497B-A044-4A0DA1C7F917}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{9A36DE61-AE69-4530-B051-B06AB3D127DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{BA7D2DF6-2989-456F-8EA1-691828497658}] => (Allow) LPort=9393 FirewallRules: [{0BD97855-AC8E-42AA-A49A-277375AEE824}] => (Allow) LPort=9494 FirewallRules: [{9104E2F7-D774-49D9-A685-19146FC804A5}] => (Allow) LPort=9393 FirewallRules: [{A193854A-4AA3-4202-8680-4338D544CD50}] => (Allow) LPort=9494 FirewallRules: [TCP Query User{4B12262A-3159-422F-BFD5-E62B3B76CA1D}D:\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Allow) D:\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe (Respawn Entertainment) [File not signed] FirewallRules: [UDP Query User{F3FCFA96-EC50-4295-A1CE-7E9505C13EE2}D:\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Allow) D:\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe (Respawn Entertainment) [File not signed] FirewallRules: [TCP Query User{D4994224-EC3A-4B18-93E9-399913D4BF0A}C:\r.g. catalyst\fable iii\fable3.exe] => (Allow) C:\r.g. catalyst\fable iii\fable3.exe (Microsoft Corporation -> Lionhead Studios Limited) FirewallRules: [UDP Query User{EF8811BF-56D0-47AA-81B7-250B24A65EBE}C:\r.g. catalyst\fable iii\fable3.exe] => (Allow) C:\r.g. catalyst\fable iii\fable3.exe (Microsoft Corporation -> Lionhead Studios Limited) FirewallRules: [TCP Query User{73E40DAC-69E0-4A6F-BED3-DB00CE3556FB}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{DBB4098F-548F-4C61-9F5D-2ABBB1EECC93}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [TCP Query User{ADE35C5E-32C3-4CFA-AA45-A60A004FE880}C:\r.g. catalyst\fable iii\fable3.exe] => (Allow) C:\r.g. catalyst\fable iii\fable3.exe (Microsoft Corporation -> Lionhead Studios Limited) FirewallRules: [UDP Query User{687EB6CA-1B9E-43C0-89CB-6CD6F6272066}C:\r.g. catalyst\fable iii\fable3.exe] => (Allow) C:\r.g. catalyst\fable iii\fable3.exe (Microsoft Corporation -> Lionhead Studios Limited) FirewallRules: [TCP Query User{3E5C4F46-DD53-40C4-9099-6BF32F519CE1}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Block) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe (TECHLAND SP Z O O -> Techland) [File not signed] FirewallRules: [UDP Query User{F7815CE1-1B8E-46F1-AE00-96B8C87FEBA9}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Block) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe (TECHLAND SP Z O O -> Techland) [File not signed] FirewallRules: [{CB3F5022-F3EC-4944-A5D3-3DBADDD3049F}] => (Allow) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{65BECE9D-CB70-4F00-BEAD-EDD179936E75}] => (Allow) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{EAEB21F6-E3CD-4707-A66B-83BEB3007433}] => (Allow) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{0D50CAE3-F600-496F-A633-595A48246EEF}] => (Allow) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{4C58A5E3-1C53-47B1-A5E7-B233297306ED}] => (Block) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{D7D00738-C7F4-458C-9E3D-36C21DF18263}] => (Block) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{FFDA3D1E-96AA-4F6F-9CEB-9EA1C1B40C52}] => (Block) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{E9C960C7-3069-4AE4-AB69-D5DC07D495AE}] => (Block) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{797D23EF-3E96-4DF8-A4C2-E8F1984FAD91}] => (Block) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{F5A77171-956D-409D-848E-B628DFDABF9B}] => (Block) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{53CA52CD-F516-4F47-9FE3-2D513CD562C5}] => (Block) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{078FBDB0-4463-4ED6-837B-E027D5790EAC}] => (Block) C:\Program Files (x86)\Overwolf\0.141.79.25\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{71C9CE4A-A90B-4CD6-8093-8B56E33D2272}] => (Allow) C:\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC -> YANDEX LLC) ==================== Restore Points ========================= Check "VSS" service ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (02/11/2020 03:05:04 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Ошибка теневого копирования тома: Непредвиденная ошибка при вызове подпрограммы CoCreateInstance.. hr = 0x80070422, Указанная служба не может быть запущена, так как отключена либо она сама, либо все связанные с ней устройства. . Операция: Создание экземпляра сервера VSS Error: (02/11/2020 03:05:04 PM) (Source: VSS) (EventID: 13) (User: ) Description: Информация теневого копирования тома: не удается запустить COM-сервер с CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} под именем IVssCoordinatorEx2. [0x80070422, Указанная служба не может быть запущена, так как отключена либо она сама, либо все связанные с ней устройства. ] Операция: Создание экземпляра сервера VSS Error: (02/11/2020 03:03:57 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8204,R,98) TILEREPOSITORYS-1-5-18: Ошибка -1023 (0xfffffc01) при открытии файла журнала C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (02/11/2020 02:43:45 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (10564,R,98) TILEREPOSITORYS-1-5-18: Ошибка -1023 (0xfffffc01) при открытии файла журнала C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (02/11/2020 02:37:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Имя сбойного приложения: OverwolfLauncher.exe, версия: 2.0.2.28, метка времени: 0x5e332993 Имя сбойного модуля: OverwolfLauncher.exe, версия: 2.0.2.28, метка времени: 0x5e332993 Код исключения: 0xc0000005 Смещение ошибки: 0x00000000000e86fa Идентификатор сбойного процесса: 0x31f4 Время запуска сбойного приложения: 0x01d5e0cf9a01ed83 Путь сбойного приложения: C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe Путь сбойного модуля: C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe Идентификатор отчета: 8052ac49-691a-41f6-bd28-fc3a189d203c Полное имя сбойного пакета: Код приложения, связанного со сбойным пакетом: Error: (02/11/2020 02:13:11 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3808,R,98) TILEREPOSITORYS-1-5-18: Ошибка -1023 (0xfffffc01) при открытии файла журнала C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (02/11/2020 01:59:42 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (1492,R,98) TILEREPOSITORYS-1-5-18: Ошибка -1023 (0xfffffc01) при открытии файла журнала C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (02/11/2020 01:53:36 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (9776,R,98) TILEREPOSITORYS-1-5-18: Ошибка -1023 (0xfffffc01) при открытии файла журнала C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. System errors: ============= Error: (02/11/2020 02:36:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Служба "MessagingService_1c2969a" завершена из-за ошибки Устройство не готово. Error: (02/11/2020 02:34:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: Регистрация сервера {995C996E-D918-4A8C-A302-45719A6F4EA7} DCOM не выполнена за отведенное время ожидания. Error: (02/11/2020 01:09:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Служба "MessagingService_5ca54" завершена из-за ошибки Устройство не готово. Error: (02/11/2020 01:09:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "WsDrvInst" из-за ошибки Служба не ответила на запрос своевременно. Error: (02/11/2020 01:09:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Превышение времени ожидания (45000 мс) при ожидании подключения службы "WsDrvInst". Error: (02/11/2020 01:09:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "HWDeviceService64.exe" из-за ошибки Не удается найти указанный файл. Error: (02/11/2020 01:09:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "cFosSpeedS" из-за ошибки Не удается найти указанный файл. Error: (02/11/2020 01:09:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "luafv" из-за ошибки Загрузка драйвера была заблокирована Windows Defender: =================================== Date: 2020-02-09 20:25:50.578 Description: Программа Антивирусная программа "Защитник Windows" обнаружила вредоносные или другие потенциально нежелательные программы. Чтобы узнать больше, см. приведенные далее сведения. https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Eqtonex.C&threatid=2147726379&enterprise=0 Имя: Trojan:Win32/Eqtonex.C ИД: 2147726379 Серьезность: Критический Категория: Троян Путь: file:_C:\Users\Андрей\AppData\Local\Microsoft\Windows\INetCache\IE\AR3XJ0H7\scaner[1].dat Начало обнаружения: Интернет Тип обнаружения: Конкретный Источник обнаружения: Защита в реальном времени: Пользователь: DESKTOP-EJ2NMSO\Андрей Название процесса: C:\ProgramData\RealtekHD\taskhostw.exe Версия службы анализа безопасности: AV: 1.307.2578.0, AS: 1.307.2578.0, NIS: 1.307.2578.0 Версия подсистемы: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-02-09 15:13:46.567 Description: Проверка, выполняемая Антивирусная программа "Защитник Windows", была остановлена до полного завершения. ИД проверки: {3589A840-A011-4C46-8F84-85BB9295FD66} Тип проверки: Антивредоносная программа Параметры проверки: Быстрая проверка Пользователь: NT AUTHORITY\СИСТЕМА Date: 2020-02-05 16:10:42.919 Description: Проверка, выполняемая Антивирусная программа "Защитник Windows", была остановлена до полного завершения. ИД проверки: {7C2BAA57-3877-421D-8043-9C8C24F7796E} Тип проверки: Антивредоносная программа Параметры проверки: Быстрая проверка Пользователь: NT AUTHORITY\СИСТЕМА Date: 2020-02-05 16:06:26.524 Description: Проверка, выполняемая Антивирусная программа "Защитник Windows", была остановлена до полного завершения. ИД проверки: {C7790E3D-DC63-44E1-B465-423C284839A2} Тип проверки: Антивредоносная программа Параметры проверки: Быстрая проверка Пользователь: NT AUTHORITY\СИСТЕМА Date: 2020-02-05 00:56:18.712 Description: Проверка, выполняемая Антивирусная программа "Защитник Windows", была остановлена до полного завершения. ИД проверки: {CE2366A7-CBC9-4624-B4A3-26F20C979862} Тип проверки: Антивредоносная программа Параметры проверки: Быстрая проверка Пользователь: NT AUTHORITY\СИСТЕМА Date: 2020-02-09 20:11:11.912 Description: При обновлении службы анализа безопасности в программе Антивирусная программа "Защитник Windows" возникла ошибка. Новая версия службы анализа безопасности: Предыдущая версия службы анализа безопасности: 1.307.2578.0 Источник обновления: Сервер Центра обновления Майкрософт Тип службы анализа безопасности: Антивирусная программа Тип обновления: Полное Пользователь: NT AUTHORITY\СИСТЕМА Текущая версия подсистемы: Предыдущая версия подсистемы: 1.1.16600.7 Код ошибки: 0x80240022 Описание ошибки: Программе не удается проверить наличие обновлений определений. Date: 2020-02-09 20:11:11.912 Description: При обновлении службы анализа безопасности в программе Антивирусная программа "Защитник Windows" возникла ошибка. Новая версия службы анализа безопасности: Предыдущая версия службы анализа безопасности: 1.307.2578.0 Источник обновления: Сервер Центра обновления Майкрософт Тип службы анализа безопасности: Антивирусная программа Тип обновления: Полное Пользователь: NT AUTHORITY\СИСТЕМА Текущая версия подсистемы: Предыдущая версия подсистемы: 1.1.16600.7 Код ошибки: 0x80240022 Описание ошибки: Программе не удается проверить наличие обновлений определений. Date: 2020-02-09 14:47:53.979 Description: При обновлении службы анализа безопасности в программе Антивирусная программа "Защитник Windows" возникла ошибка. Новая версия службы анализа безопасности: Предыдущая версия службы анализа безопасности: 1.307.2578.0 Источник обновления: Центр Майкрософт по защите от вредоносных программ Тип службы анализа безопасности: Антивирусная программа Тип обновления: Полное Пользователь: NT AUTHORITY\NETWORK SERVICE Текущая версия подсистемы: Предыдущая версия подсистемы: 1.1.16600.7 Код ошибки: 0x80072ee7 Описание ошибки: Не удается разрешить имя или адрес сервера Date: 2020-02-09 14:47:53.979 Description: При обновлении службы анализа безопасности в программе Антивирусная программа "Защитник Windows" возникла ошибка. Новая версия службы анализа безопасности: Предыдущая версия службы анализа безопасности: 1.307.2578.0 Источник обновления: Центр Майкрософт по защите от вредоносных программ Тип службы анализа безопасности: Антишпионская программа Тип обновления: Полное Пользователь: NT AUTHORITY\NETWORK SERVICE Текущая версия подсистемы: Предыдущая версия подсистемы: 1.1.16600.7 Код ошибки: 0x80072ee7 Описание ошибки: Не удается разрешить имя или адрес сервера Date: 2020-02-09 14:47:53.979 Description: При обновлении службы анализа безопасности в программе Антивирусная программа "Защитник Windows" возникла ошибка. Новая версия службы анализа безопасности: Предыдущая версия службы анализа безопасности: 1.307.2578.0 Источник обновления: Центр Майкрософт по защите от вредоносных программ Тип службы анализа безопасности: Антивирусная программа Тип обновления: Полное Пользователь: NT AUTHORITY\NETWORK SERVICE Текущая версия подсистемы: Предыдущая версия подсистемы: 1.1.16600.7 Код ошибки: 0x80072ee7 Описание ошибки: Не удается разрешить имя или адрес сервера CodeIntegrity: =================================== Date: 2020-02-11 14:44:46.039 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.141.79.25\OWExplorer.dll that did not meet the Microsoft signing level requirements. Date: 2020-02-11 14:44:46.035 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.141.79.25\OWExplorer.dll that did not meet the Microsoft signing level requirements. Date: 2020-02-11 14:43:19.626 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.141.79.25\OWExplorer.dll that did not meet the Microsoft signing level requirements. Date: 2020-02-11 14:43:19.615 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.141.79.25\OWExplorer.dll that did not meet the Microsoft signing level requirements. Date: 2020-02-11 14:43:17.586 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.141.79.25\OWExplorer.dll that did not meet the Microsoft signing level requirements. Date: 2020-02-11 14:43:17.579 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.141.79.25\OWExplorer.dll that did not meet the Microsoft signing level requirements. Date: 2020-02-11 14:38:47.391 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.141.79.25\OWExplorer.dll that did not meet the Microsoft signing level requirements. Date: 2020-02-11 14:38:47.286 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Users\Андрей\AppData\Local\Yandex\YandexBrowser\Application\browser.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.141.79.25\OWExplorer.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. Fce 03/03/2014 Motherboard: Gigabyte Technology Co., Ltd. H61M-S2PV REV 2.2 Processor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz Percentage of memory in use: 58% Total physical RAM: 8156.02 MB Available physical RAM: 3371.43 MB Total Virtual: 11868.02 MB Available Virtual: 4095.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.92 GB) (Free:57.56 GB) NTFS Drive d: () (Fixed) (Total:465.76 GB) (Free:349.57 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (MegaFon Modem) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS \\?\Volume{8cf88693-0000-0000-0000-80c137000000}\ () (Fixed) (Total:0.55 GB) (Free:0.15 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 0E2D5A37) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 8CF88693) Partition 1: (Not Active) - (Size=222.9 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=566 MB) - (Type=27) ==================== End of Addition.txt =======================