Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2020 Ran by Samsung (11-09-2020 12:47:36) Running from D:\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2019-12-19 12:32:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= HomeGroupUser$ (S-1-5-21-2789528202-2806050775-268277386-1002 - Limited - Enabled) John (S-1-5-21-2789528202-2806050775-268277386-1004 - Limited - Enabled) Samsung (S-1-5-21-2789528202-2806050775-268277386-1000 - Administrator - Enabled) => C:\Users\Samsung Администратор (S-1-5-21-2789528202-2806050775-268277386-500 - Administrator - Disabled) вилена (S-1-5-21-2789528202-2806050775-268277386-1003 - Administrator - Enabled) => C:\Users\вилена Гость (S-1-5-21-2789528202-2806050775-268277386-501 - Limited - Enabled) => C:\Users\Гость ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\uTorrent) (Version: 3.5.5.45790 - BitTorrent Inc.) 0.3.7 (HKLM-x32\...\{CF0938F1-17F5-4FD6-9725-9D95D34D36CF}_is1) (Version: 0.3.7 - ARIZONA, Inc.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF03}) (Version: 18.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated) Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com) Bandicam v4.6.2.1699 (HKLM-x32\...\Bandicam_is1) (Version: 4.6.2.1699 - BandiSoft (RePack by Dodakaedr)) Call of Duty - Black Ops (HKLM-x32\...\Call of Duty - Black Ops_is1) (Version: - R.G. Mechanics, spider91) CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien) CLion 2020.2.1 (HKLM-x32\...\CLion 2020.2.1) (Version: 202.6948.80 - JetBrains s.r.o.) DeskPins (HKLM-x32\...\DeskPins) (Version: 1.32 - Elias Fotinis) Discord (HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\Discord) (Version: 0.0.307 - Discord Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 85.0.4183.83 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden GTA San Andreas (HKLM-x32\...\GTA San Andreas_is1) (Version: - ) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) K-Lite Codec Pack 13.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office профессиональный плюс 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.8.5 - Notepad++ Team) NVIDIA GeForce NOW 2.0.22.96 (HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.22.96 - NVIDIA Corporation) NVIDIA Install Application (HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer) (Version: 2.1002.344.0 - NVIDIA Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 70.0.3728.154 (HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\Opera 70.0.3728.154) (Version: 70.0.3728.154 - Opera Software) Python 3.6.0 (64-bit) (HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\{37a4e38b-baf7-4500-97f1-0f7c51d9a395}) (Version: 3.6.150.0 - Python Software Foundation) Python 3.6.0 Add to Path (64-bit) (HKLM\...\{5A3CA177-8304-4D59-A44D-6A60032725E4}) (Version: 3.6.150.0 - Python Software Foundation) Hidden Python 3.6.0 Core Interpreter (64-bit) (HKLM\...\{1944B5D6-0FFB-47C0-BFEC-5C7A2F013FA7}) (Version: 3.6.150.0 - Python Software Foundation) Hidden Python 3.6.0 Development Libraries (64-bit) (HKLM\...\{A6A3184B-748E-46F4-9E28-6B5889506170}) (Version: 3.6.150.0 - Python Software Foundation) Hidden Python 3.6.0 Documentation (64-bit) (HKLM\...\{5D83032F-36B5-42E4-A114-D310119C6F51}) (Version: 3.6.150.0 - Python Software Foundation) Hidden Python 3.6.0 Executables (64-bit) (HKLM\...\{C0016766-8F63-4992-9E6F-ECFB2CB12BA6}) (Version: 3.6.150.0 - Python Software Foundation) Hidden Python 3.6.0 pip Bootstrap (64-bit) (HKLM\...\{F9C1C892-4908-41F4-900C-7B0DAAF2387B}) (Version: 3.6.150.0 - Python Software Foundation) Hidden Python 3.6.0 Standard Library (64-bit) (HKLM\...\{F3CB2257-C4C7-4C84-AF63-BADCED1E3273}) (Version: 3.6.150.0 - Python Software Foundation) Hidden Python 3.6.0 Tcl/Tk Support (64-bit) (HKLM\...\{E24AA157-AD52-42ED-B484-CA5979D4A728}) (Version: 3.6.150.0 - Python Software Foundation) Hidden Python 3.6.0 Test Suite (64-bit) (HKLM\...\{631C7E77-5832-40D1-9D6D-7B3766D79BDF}) (Version: 3.6.150.0 - Python Software Foundation) Hidden Python 3.6.0 Utility Scripts (64-bit) (HKLM\...\{FE905DA4-0F23-4F99-9284-50BB4913CEB4}) (Version: 3.6.150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{A674B2CB-13CA-437B-A215-9DD257959A49}) (Version: 3.6.5835.0 - Python Software Foundation) Revo Uninstaller Pro 4.3.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.3 - VS Revo Group, Ltd.) Skype, версия 8.60 (HKLM-x32\...\Skype_is1) (Version: 8.60 - Skype Technologies S.A.) Smart File Advisor 1.1.8 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.8 - Filefacts.net) <==== ATTENTION SoftMaker FreeOffice 2018 (HKLM-x32\...\{02B0F09C-4855-4F32-BB8A-F22606E9E320}) (Version: 1.0.4855 - SoftMaker Software GmbH) Spotify (HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\Spotify) (Version: 1.1.40.508.gd5bc2931 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk) The Escapists 1.0877 (HKLM-x32\...\The Escapists 1.0877) (Version: 1.0877 - Mouldy Toof Studios) Total Uninstall 6.18.0 (HKLM\...\Total Uninstall 6_is1) (Version: 6.18.0 - Gavrila Martau) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Wondershare FilmoraPro (HKLM\...\{B5D991BB-9498-4625-B26B-0D19D5555FCC}) (Version: 2.2.10317.42361 - Wondershare) Zoom (HKU\S-1-5-21-2789528202-2806050775-268277386-1000\...\ZoomUMX) (Version: 5.2.2 (45108.0831) - Zoom Video Communications, Inc.) Засоби перевірки правопису Microsoft Office 2013 – українська мова (HKLM-x32\...\{90150000-001F-0422-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-03-04] (Notepad++ -> ) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => D:\Alcohol 120\AxShlex.dll -> No File ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => D:\Alcohol 120\AxShlEx64.dll -> No File ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => D:\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> ) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] Shortcut: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Браузер Opera.lnk -> C:\Users\Samsung\AppData\Local\Programs\Opera\launcher.exe (Opera Software) <==== Cyrillic Shortcut: C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Браузер Opera.lnk -> C:\Users\Samsung\AppData\Local\Programs\Opera\launcher.exe (Opera Software) <==== Cyrillic ShortcutWithArgument: C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b8da4a38624bbb1e\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 07:34 - 2009-06-11 02:00 - 000000824 ___SH C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ HKU\S-1-5-21-2789528202-2806050775-268277386-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" MSCONFIG\startupreg: AlcoholAutomount => "D:\Alcohol 120\AxAutoMntSrv.exe" -automount MSCONFIG\startupreg: Discord => C:\Users\Samsung\AppData\Local\Discord\app-0.0.305\Discord.exe MSCONFIG\startupreg: GoogleChromeAutoLaunch_B3BDC43574908AB0A82819190CEF4746 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: Opera Browser Assistant => C:\Users\Samsung\AppData\Local\Programs\Opera\assistant\browser_assistant.exe MSCONFIG\startupreg: SFAUpdater => "C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe" MSCONFIG\startupreg: Smart File Advisor => "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc MSCONFIG\startupreg: Spotify => C:\Users\Samsung\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized MSCONFIG\startupreg: Steam => "D:\steam\steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{E3569CB4-40BA-4182-A0AC-3908C14DE055}C:\users\samsung\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\samsung\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{CD389E2B-8234-4CBC-B7D9-05D8AB3C14E4}C:\users\samsung\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\samsung\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{2B99186C-7DD0-400A-B570-AF124854B071}] => (Allow) D:\steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{CA950303-D772-4B0D-A147-9ABB89A1B92F}] => (Allow) D:\steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{75ACE041-DB0D-463F-98BF-8CAA4CF167BA}C:\users\samsung\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\samsung\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{1D618729-4446-4F2D-8B47-8DC49D8C5695}C:\users\samsung\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\samsung\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [TCP Query User{38F07F44-B485-46D9-92E8-1634E61BB476}D:\call of duty - black ops\blackops.exe] => (Block) D:\call of duty - black ops\blackops.exe => No File FirewallRules: [UDP Query User{78B701E7-FA86-4E97-B6A0-5C344F3C4ECF}D:\call of duty - black ops\blackops.exe] => (Block) D:\call of duty - black ops\blackops.exe => No File FirewallRules: [{22938983-2C3E-4CFF-848C-5FBD22D1183B}] => (Allow) C:\Users\Samsung\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{42946272-2FAC-4551-A9D0-B20E3063D2AE}] => (Allow) C:\Users\Samsung\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{C064D3BE-816E-4E6E-B329-E64FF7DF2159}] => (Allow) D:\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{E5BCADED-19B1-42FA-91C4-BDB931C158C4}] => (Allow) D:\steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{73FF1DCE-AECA-4AEE-B18D-BA72E5A91F32}] => (Allow) D:\steam\steamapps\common\World of Tanks Blitz\wotblitz.exe (Wargaming.net) [File not signed] FirewallRules: [{D58962AC-D600-47E3-A3D6-5930A5FBE54F}] => (Allow) D:\steam\steamapps\common\World of Tanks Blitz\wotblitz.exe (Wargaming.net) [File not signed] FirewallRules: [{9E98B0E3-51F4-4947-89A2-EAA2B3ED6C85}] => (Allow) D:\steam\steamapps\common\BLOCKADE Classic\BlockadeClassic.exe () [File not signed] FirewallRules: [{F5BA4141-0A7B-4413-B27C-81801B99A35C}] => (Allow) D:\steam\steamapps\common\BLOCKADE Classic\BlockadeClassic.exe () [File not signed] FirewallRules: [TCP Query User{D6492CF7-CC53-48CF-BE14-60237A377A82}D:\корни программ\samp server\samp-server.exe] => (Allow) D:\корни программ\samp server\samp-server.exe => No File FirewallRules: [UDP Query User{B34865E8-0FF9-45E3-81A4-4C1BB209047B}D:\корни программ\samp server\samp-server.exe] => (Allow) D:\корни программ\samp server\samp-server.exe => No File FirewallRules: [TCP Query User{79980B27-1B04-4056-9437-BA57C18E00CD}C:\users\samsung\desktop\samp server\samp-server.exe] => (Allow) C:\users\samsung\desktop\samp server\samp-server.exe => No File FirewallRules: [UDP Query User{F91BC567-0B23-4EAC-8329-5823F4BCD86A}C:\users\samsung\desktop\samp server\samp-server.exe] => (Allow) C:\users\samsung\desktop\samp server\samp-server.exe => No File FirewallRules: [{0DC1D56B-E558-4803-96D6-1AAF0A7F638C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) [File not signed] FirewallRules: [{E3DF3999-3C13-4C1D-BAFB-6B487428ECD9}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) [File not signed] FirewallRules: [TCP Query User{0339A348-FBB6-4018-BD50-2EDCA56135D1}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.) [File not signed] FirewallRules: [UDP Query User{A24F5528-A6C4-4F38-A161-E83596E97156}C:\program files (x86)\microsoft\skype for desktop\skype.exe] => (Block) C:\program files (x86)\microsoft\skype for desktop\skype.exe (Skype Software Sarl -> Skype Technologies S.A.) [File not signed] FirewallRules: [TCP Query User{25F56436-3788-4113-9C1C-9E167AA8A738}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe => No File FirewallRules: [UDP Query User{6615651B-F6E9-426D-AF9F-B7D02842AE7F}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe => No File FirewallRules: [TCP Query User{3590DFCF-1776-41AE-B25A-2678B226AAE6}C:\users\samsung\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samsung\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{A1F82A3F-CDB1-454D-A539-0CE2E1FC076C}C:\users\samsung\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samsung\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7DC5F5A7-0391-4635-BA49-991F9BD99FE0}] => (Allow) C:\Users\Samsung\AppData\Local\Programs\Opera\70.0.3728.119\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [TCP Query User{6D2D8FDB-4F2C-4655-A0A8-2A926E4BA4F3}C:\users\samsung\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\samsung\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{EF9E68DC-8C0D-41B8-95D0-561F22A91815}C:\users\samsung\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\samsung\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{348DFD70-2506-4603-83C2-75CFF8E1A42E}] => (Allow) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{2DCC79A6-2C3B-4A2A-ACDB-41852DC9FE57}] => (Allow) D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{BF7E8E14-DEF6-463A-8373-8F0394A8F8A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{C8BAA926-7B17-4834-8083-BD848577500C}] => (Allow) C:\Users\Samsung\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{1A25C95F-1CE2-4BC1-857E-9AB98990A4D3}] => (Allow) C:\Users\Samsung\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{1F6700D5-6CBF-4EDD-9A64-4E5A585334A8}] => (Allow) C:\Users\Samsung\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{41D2C62F-AB34-45D4-8107-19232C77FF2C}] => (Allow) D:\steam\steamapps\common\CT Special Forces\CT Special Forces.exe (Asobo Studio SARL.) [File not signed] FirewallRules: [{38EE3833-545B-44E7-87BE-33189CC3B8CC}] => (Allow) D:\steam\steamapps\common\CT Special Forces\CT Special Forces.exe (Asobo Studio SARL.) [File not signed] FirewallRules: [{0585FD1A-D55E-48A3-AED7-B4D2E07856C7}] => (Allow) C:\Users\Samsung\AppData\Local\Programs\Opera\70.0.3728.154\opera.exe (Opera Software AS -> Opera Software) FirewallRules: [{3C4A4879-39A6-4177-8BCD-3D3CA1804C94}] => (Block) C:\Program Files (x86)\Bandicam\bdcam.exe (Bandicam Company -> Bandicam Company) FirewallRules: [{512D656D-7EC4-4095-8FAA-28F855634AE0}] => (Block) LPort=139 FirewallRules: [{4378EA10-4469-40EB-97B1-B8BE88E9C382}] => (Block) LPort=445 FirewallRules: [{A499BC8E-3EE0-42CC-BA7F-4CA51E1D95F6}] => (Block) LPort=445 FirewallRules: [{8C5F3729-0CC6-4D15-AF0B-5F7CB81E8148}] => (Block) LPort=139 FirewallRules: [{60EE6366-9558-4CFC-8FC3-93DD0727C2B3}] => (Allow) LPort=3389 FirewallRules: [{805B6AE7-2A18-4CB6-95AA-A59AC6CCF9F8}] => (Allow) C:\ProgramData\Windows\rutserv.exe => No File ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ Name: WebCam SCB-1100N Description: USB-видеоустройство Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: usbvideo Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: AQS5018U IDE Controller Description: AQS5018U IDE Controller Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard mass storage controllers) Service: acknvhng Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ======================== Application errors: ================== Error: (09/11/2020 12:50:25 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Ошибка теневого копирования тома: Ошибка при создании класса поставщика теневого копирования COM с CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, Указанная служба не установлена. ]. Операция: Получение интерфейса с возможностью вызова для данного поставщика Перечисление интерфейсов всех поставщиков, поддерживающих данный контекст Запрос теневых копий Контекст: Код поставщика: {b5946137-7b9f-4925-af80-51abd60b20d5} Код класса: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Контекст моментального снимка: 13 Контекст моментального снимка: 13 Контекст выполнения: Coordinator Error: (09/11/2020 12:50:25 PM) (Source: VSS) (EventID: 13) (User: ) Description: Информация теневого копирования тома: не удается запустить COM-сервер с CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} под именем SW_PROV. [0x80070424, Указанная служба не установлена. ] Операция: Получение интерфейса с возможностью вызова для данного поставщика Перечисление интерфейсов всех поставщиков, поддерживающих данный контекст Запрос теневых копий Контекст: Код поставщика: {b5946137-7b9f-4925-af80-51abd60b20d5} Код класса: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Контекст моментального снимка: 13 Контекст моментального снимка: 13 Контекст выполнения: Coordinator Error: (09/11/2020 12:49:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на с ошибкой Цепочка сертификатов обработана, но обработка прервана на корневом сертификате, у которого отсутствует отношение доверия с поставщиком доверия. . Error: (09/11/2020 12:49:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на с ошибкой Цепочка сертификатов обработана, но обработка прервана на корневом сертификате, у которого отсутствует отношение доверия с поставщиком доверия. . Error: (09/11/2020 12:49:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на с ошибкой Цепочка сертификатов обработана, но обработка прервана на корневом сертификате, у которого отсутствует отношение доверия с поставщиком доверия. . Error: (09/11/2020 12:48:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на с ошибкой Цепочка сертификатов обработана, но обработка прервана на корневом сертификате, у которого отсутствует отношение доверия с поставщиком доверия. . Error: (09/11/2020 12:48:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на с ошибкой Цепочка сертификатов обработана, но обработка прервана на корневом сертификате, у которого отсутствует отношение доверия с поставщиком доверия. . Error: (09/11/2020 12:48:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Ошибка извлечения стороннего корневого списка из CAB-файла автоматического обновления на с ошибкой Цепочка сертификатов обработана, но обработка прервана на корневом сертификате, у которого отсутствует отношение доверия с поставщиком доверия. . System errors: ============= Error: (09/11/2020 12:30:40 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: Регистрация сервера {F9A874B6-F8A8-4D73-B5A8-AB610816828B} DCOM не прошла за отведенное время ожидания. Error: (09/11/2020 12:30:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Служба "Службы удаленных рабочих столов" завершена из-за ошибки Не удается найти указанный файл. Error: (09/11/2020 12:30:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Служба "Службы удаленных рабочих столов" завершена из-за ошибки Не удается найти указанный файл. Error: (09/11/2020 12:30:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "StarWind AE Service" из-за ошибки Не удается найти указанный файл. Error: (09/11/2020 12:30:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "Luminati Net Updater" из-за ошибки Не удается найти указанный файл. Error: (09/11/2020 12:30:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "Alcohol Virtual Drive Auto-mount Service" из-за ошибки Не удается найти указанный файл. Error: (09/11/2020 12:30:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "AdobeUpdateService" из-за ошибки Не удается найти указанный файл. Error: (09/11/2020 12:28:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Служба Microsoft Framework была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 1000 мсек: Перезапуск службы. ==================== Memory info =========================== BIOS: American Megatrends Inc. 02PW.ME75.20110628.SKK 06/28/2011 Motherboard: SAMSUNG ELECTRONICS CO., LTD. 305V4A/305V4A Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics Percentage of memory in use: 88% Total physical RAM: 3563.86 MB Available physical RAM: 399.06 MB Total Virtual: 7125.92 MB Available Virtual: 2868.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:150.29 GB) (Free:109.69 GB) NTFS Drive d: () (Fixed) (Total:147.7 GB) (Free:115.51 GB) NTFS \\?\Volume{87be7362-226b-11ea-a290-806e6f6e6963}\ (Зарезервировано системой) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 5A8F2869) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=150.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=147.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================