Результаты дополнительного сканирования Farbar Recovery Scan Tool (x64) Версия: 16-09-2023 Запущено с помощью PC (18-09-2023 17:25:23) Запущено из C:\Users\PC\Desktop Майкрософт Windows 10 Pro Версия 22H2 19045.3448 (X64) (2021-06-16 05:07:06) Режим загрузки: Normal ========================================================== ==================== Учетные записи: ============================= (Если запись включена в fixlist, она будет удалена) DefaultAccount (S-1-5-21-2519805770-743617746-3109695811-503 - Limited - Disabled) PC (S-1-5-21-2519805770-743617746-3109695811-1003 - Administrator - Enabled) => C:\Users\PC WDAGUtilityAccount (S-1-5-21-2519805770-743617746-3109695811-504 - Limited - Disabled) Администратор (S-1-5-21-2519805770-743617746-3109695811-500 - Administrator - Disabled) Гость (S-1-5-21-2519805770-743617746-3109695811-501 - Limited - Disabled) ==================== Центр безопасности ======================== (Если запись включена в fixlist, она будет удалена) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Установленные программы ====================== (В fixlist можно добавлять только рекламные программы с флагом «Скрытый», чтобы отобразить их.) µTorrent (HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\uTorrent) (Version: 3.5.5.46206 - BitTorrent Inc.) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601052}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden BEAGLE (HKLM\...\{050B9F09-8A78-483B-B14A-80457FF52850}) (Version: 3.1.0 - BEAGLE Likelihood Working Group) Bloody7 (HKLM-x32\...\Bloody3) (Version: 21.03.0001 - Bloody) Brother MFL-Pro Suite DCP-L2560DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.) Children of Morta (HKLM-x32\...\1774901766_is1) (Version: 1.2.55 - GOG.com) Children of Morta: Paws and Claws (HKLM-x32\...\1845837947_is1) (Version: 1.2.55 - GOG.com) Cooler Master Portal Settings software (HKLM-x32\...\{1A3E3EA7-5A7C-4292-8A13-B0DE1BF49E13}_COOLER_MASTER_PORTAL) (Version: 1.01 - Cooler Master) DB Browser for SQLite (HKLM\...\{5211034D-495B-4A5E-9B8D-8961BBB2B9E2}) (Version: 3.12.2 - DB Browser for SQLite Team) Discord (HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\Discord) (Version: 1.0.9001 - Discord Inc.) ELAN_6.6 (HKLM\...\{ACB466F0-1A04-3915-826C-C927C0CE158A}) (Version: 6.6 - Max Planck Institute for Psycholinguistics) Far Manager 3 x64 (HKLM\...\{96FFAA31-593C-4226-BA1A-7659F3B831A7}) (Version: 3.0.5757 - Eugene Roshal & Far Group) Java 8 Update 381 (64-bit) (HKLM\...\{77924AE4-039E-4CA4-87B4-2F64180381F0}) (Version: 8.0.3810.9 - Oracle Corporation) Kaspersky (HKLM-x32\...\{3CC8CD12-5F5C-38C0-9557-8D379777C4AF}) (Version: 21.14.5.462 - Лаборатория Касперского) Hidden Kaspersky (HKLM-x32\...\InstallWIX_{3CC8CD12-5F5C-38C0-9557-8D379777C4AF}) (Version: 21.14.5.462 - Лаборатория Касперского) LogMeIn Hamachi (HKLM-x32\...\{B49685C9-32FA-4194-A43F-DAF6BD60F2EC}) (Version: 2.3.0.78 - LogMeIn, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.3.0.78 - LogMeIn, Inc.) Microsoft .NET Host - 6.0.11 (x64) (HKLM\...\{B92B890A-04F2-4880-BA20-20D4364FB263}) (Version: 48.47.50420 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.11 (x64) (HKLM\...\{5E63E49B-C88C-46C5-855C-A7B07C11CDC8}) (Version: 48.47.50420 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.11 (x64) (HKLM\...\{C3DD1448-513A-4DB8-978D-6991562EA63D}) (Version: 48.47.50420 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.31 - Корпорация Майкрософт) Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM\...\{A39D4115-3A27-4245-AE92-3214B8B21932}) (Version: 48.47.50419 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM-x32\...\{c4846f79-a633-4ae4-92a3-92fdbeb33da2}) (Version: 6.0.11.31823 - Microsoft Corporation) Minecraft Launcher (HKLM-x32\...\{733C3ACB-432D-4880-B0E1-660000D7974D}) (Version: 1.0.0.0 - Mojang) Mozilla Firefox (x64 ru) (HKLM\...\Mozilla Firefox 117.0.1 (x64 ru)) (Version: 117.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0 - Mozilla) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.5.3 - Notepad++ Team) NVIDIA Аудиодрайвер HD 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation) OpenSesame 3.3.14-py37-win64-1 (HKLM-x32\...\OpenSesame) (Version: 3.3.14-py37-win64-1 - Sebastiaan Mathot) PyCharm Community Edition 2020.3.3 (HKLM-x32\...\PyCharm Community Edition 2020.3.3) (Version: 203.7148.72 - JetBrains s.r.o.) Python 2.7.18 (64-bit) (HKLM\...\{A5F504DF-2ED9-4A2D-A2F3-9D2750DD42D6}) (Version: 2.7.18150 - Python Software Foundation) Python 3.8.6 (64-bit) (HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\{251b0fda-9d23-4e75-9076-3c6eeabd8f72}) (Version: 3.8.6150.0 - Python Software Foundation) Python 3.8.6 Add to Path (64-bit) (HKLM\...\{0CD35A78-6567-46C1-BC82-E258D6C3D66C}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden Python 3.8.6 Core Interpreter (64-bit) (HKLM\...\{DE282FFC-F4AD-416A-8479-F3C72F94C967}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden Python 3.8.6 Development Libraries (64-bit) (HKLM\...\{59704C10-77A1-4D72-A97B-8FB2A933985B}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden Python 3.8.6 Documentation (64-bit) (HKLM\...\{558E2EFE-87D5-4E3F-B050-D4DEC548EA02}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden Python 3.8.6 Executables (64-bit) (HKLM\...\{7F55BD37-4437-47EE-8C82-3103E19DB114}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden Python 3.8.6 pip Bootstrap (64-bit) (HKLM\...\{28B1EC39-1C9F-482C-BFF7-4D347CE5ADED}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden Python 3.8.6 Standard Library (64-bit) (HKLM\...\{04BA74DE-13BE-477C-8FE5-19F247C0D555}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden Python 3.8.6 Tcl/Tk Support (64-bit) (HKLM\...\{79C40B8F-BC99-4FFF-8E1E-F05D246E772C}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden Python 3.8.6 Test Suite (64-bit) (HKLM\...\{3968C4C7-904D-4571-BC22-1CD8B87549D7}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden Python 3.8.6 Utility Scripts (64-bit) (HKLM\...\{0A041F8F-4124-46CC-B021-AB8E70A873EC}) (Version: 3.8.6150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{3B82A91D-DB48-4160-94D2-0B8C6D2B1710}) (Version: 3.8.7205.0 - Python Software Foundation) Qt Designer (HKLM-x32\...\Qt Designer) (Version: - Michael Herrmann) R for Windows 4.2.1 (HKLM\...\R for Windows 4.2.1_is1) (Version: 4.2.1 - R Core Team) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8988.1 - Realtek Semiconductor Corp.) RStudio (HKLM-x32\...\RStudio) (Version: 2022.07.1+554 - RStudio) SK650 Settings software (HKLM-x32\...\{1A3E3EA7-5A7C-4292-8A13-B0DE1BF49E13}_SK650) (Version: 2.20 - Cooler Master) SkyFactory 4, версия 4.0.3 (HKLM-x32\...\{70069911-DEEA-4A68-9740-77B1E13E500C}_is1) (Version: 4.0.3 - MineModPacks.ru) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Telegram Desktop (HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.9.8 - Telegram FZ-LLC) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C270D21B-2327-49B8-85F7-395133A93C75}) (Version: 8.92.0.0 - Microsoft Corporation) ViGEm Bus Driver (HKLM\...\{9C581C76-2D68-40F8-AA6F-94D3C5215C05}) (Version: 1.21.442 - Nefarius Software Solutions e.U.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) WifiAutoInstall version 2.0.0.8 (HKLM\...\{BBADB2D6-0408-42D0-AAF8-B79D3E8B994C}_is1) (Version: 2.0.0.8 - Realtek, Inc.) WinRAR 5.50 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\ZoomUMX) (Version: 5.14.11 (17466) - Zoom Video Communications, Inc.) Zotero (HKLM-x32\...\Zotero 5.0.96.2 (x86 en-US)) (Version: 5.0.96.2 - Corporation for Digital Scholarship) Проверка работоспособности ПК Windows (HKLM\...\{16A15A77-242A-412C-86EF-C4D58BD80ED0}) (Version: 3.6.2204.08001 - Microsoft Corporation) Среда выполнения Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.31 - Корпорация Майкрософт) Packages: ========= Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Corporation) Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.20.1501.0_x64__8wekyb3d8bbwe [2023-08-22] (Microsoft Studios) Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.3.7.0_x64__8wekyb3d8bbwe [2023-09-13] (Microsoft Studios) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-09-10] (NVIDIA Corp.) Photos Opener For Win10 -> C:\Program Files\WindowsApps\38526MediaLife.PhotosOpenerForWin10_0.0.14.0_x64__1crh1k73ty8mg [2022-07-11] (Media Life) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2022-10-06] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-08-22] (Microsoft Studios) [MS Ad] Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.917.1037.907_neutral__8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation) Надстройка модуля мультимедиа для приложения "Фотографии" -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-13] (Microsoft Corporation) ==================== Пользовательские CLSID (В белом списке): ============== (Если запись включена в fixlist, она будет удалена из реестра. Файл не будет удалён, если он не указан отдельно.) CustomCLSID: HKU\S-1-5-21-2519805770-743617746-3109695811-1003_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\PC\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => Нет файла ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\contextMenu\NppShell.dll [2023-05-15] (Notepad++ -> Bjarke I. Pedersen gurli@gurlinet.dk) ContextMenuHandlers1: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-09-09] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-09-09] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers4: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-09-09] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-09-09] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (В белом списке) ==================== ==================== Ярлыки & WMI ======================== (Записи могут быть перечислены для восстановления или удаления.) Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Запустить SkyFactory 4.lnk -> C:\Games\MineModPacks\StartMineModPacks.exe (TL) <==== Cyrillic Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приватный просмотр Firefox.lnk -> C:\Program Files\Mozilla Firefox\private_browsing.exe (Mozilla Corporation) <==== Cyrillic Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <==== Cyrillic Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <==== Cyrillic Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <==== Cyrillic Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Отправка в OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Нет файла) <==== Cyrillic Shortcut: C:\Users\PC\AppData\Roaming\Microsoft\Windows\SendTo\Передача файлов через Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\SendTo\Получатель факса.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo <==== Cyrillic ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1" ==================== Загруженные модули (В белом списке) ============= 2021-09-08 15:24 - 2005-04-22 07:36 - 000143360 _____ () [Файл не подписан] C:\Windows\system32\BrSNMP64.dll 2021-09-08 15:24 - 2013-03-08 09:44 - 000087040 _____ (Brother Industries, Ltd.) [Файл не подписан] C:\Windows\system32\BrNetSti.dll ==================== Alternate Data Streams (В белом списке) ======== ==================== Безопасный режим (В белом списке) ================== (Если запись включена в fixlist, она будет удалена из реестра. Значение "AlternateShell" будет восстановлено.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Ассоциация (В белом списке) ================= ==================== Internet Explorer (В белом списке) ========== HKU\S-1-5-21-2519805770-743617746-3109695811-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-21-2519805770-743617746-3109695811-1003 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627 SearchScopes: HKU\S-1-5-21-2519805770-743617746-3109695811-1003 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation) (Если запись включена в fixlist, она будет удалена из реестра.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost ==================== Hosts содержимое: ========================= (При необходимости, директива Hosts: может быть включена в fixlist для сброса файла Hosts) 2018-09-15 10:31 - 2023-09-17 18:41 - 000001842 _____ C:\Windows\system32\drivers\etc\hosts ==================== Другие области =========================== (В настоящее время нет автоматического исправления для этого раздела.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Python27\;C:\Python27\Scripts;C:\Program Files\Common Files\libhmsbeagle\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\dotnet\ HKU\S-1-5-21-2519805770-743617746-3109695811-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 77.37.251.33 - 77.37.255.30 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Брандмауэр Windows включён ==================== MSCONFIG/TASK MANAGER отключённые элементы == (Если запись включена в fixlist, она будет удалена) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service " HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKLM\...\StartupApproved\Run32: => "SK650" HKLM\...\StartupApproved\Run32: => "ControlCenter4" HKLM\...\StartupApproved\Run32: => "BrStsMon00" HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData" HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "Отправка в OneNote.lnk" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "PUSH Wallpaper.lnk" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0a7bec08-dccc-4548-a1db-3e4ba32e1f6e.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0a61e67a-b527-4d14-9988-f175fcf96d25.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0a95fef0-6241-4d52-84f8-fabeaa8874cc.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0ababec8-afea-4f5b-bdc6-c0d62cdf61ad.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0b6c58b0-3062-4a01-9a73-569a0bbf1b01.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0b0627ed-d5a9-42eb-8684-4aac90aef7ee.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0b9877c4-4f2a-4022-aac2-e500d763ed28.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0b13964d-083c-4cda-a2b5-014bf6dbfcde.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0bf544e7-f4fe-4f60-a2e0-c8bb05f1e47e.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0c90c81d-ba8c-4db5-9a47-c0b59dcfe340.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0cabba42-d3a0-4662-b271-2baee6a803bd.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0cbd3e08-6e55-4ca2-ba19-d73bba311b94.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0ce7443c-04b5-453c-b63a-6bc038092b20.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0cf2f006-bf4b-4f21-b0d8-5ea429db2c99.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0d8f844d-c5bb-40a9-96b0-74a1dcb9102f.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0daac2aa-3a02-448e-aa0e-002fb63625ce.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0dfeb379-90e3-4cbf-8bba-c59cd7d097f2.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0e2ef2ec-3639-4607-89d5-1fbdb2cc0577.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0e7a68dc-130a-4545-929a-ef1e74b7865c.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0e64ed9c-b754-4b59-a8e3-efaf3db6f239.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0edaa42a-1cf6-4003-b57a-56d3cba0c1f2.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0eeac873-bf28-4880-96b9-75c3626efc37.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0f2a202a-215c-4743-bdd7-695afff8abb0.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0f7f68b8-08e2-473e-9d15-f8ad7fee6bd1.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0f9df1c7-9ace-4465-93c7-0919e8e90468.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0f100dde-13e0-4dd4-90fe-4628eb36dc48.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0fa30f57-a8a5-4ed5-b49f-fe679e9c9aa2.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "01b0e5e9-6321-4050-a4b5-63cb0109c9e7.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "01b690a4-123a-47e0-b56e-7538e797e5f3.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1a123ad0-cad9-407b-811e-748957604b7a.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1a0570e7-b669-4eb7-8996-2e0d1da4c345.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1b91ad4d-7959-4546-a9bb-d7378a9f1d8c.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1b7264b0-e741-4988-9b52-0943521e5174.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1b94542c-f941-4fa1-9d18-96ad36208edf.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1c0cdad6-47b4-45d9-859d-42f51f1e0eb1.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1c172d45-955a-4fb7-aae7-a4ebb19ff5ab.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1c389cdd-ec33-48c2-983a-0d533eb750a0.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1cb39056-77b9-4665-b62e-bef765f6cc4f.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1cc881d2-c776-4776-823c-2a31944d9180.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1d4cb542-f9aa-4eec-a0b2-35707ca6fc81.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1d729e1c-3c02-4fe1-967c-4752e9d6f4d2.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1d9561e1-6354-4b31-8494-501b6bcb567e.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1db5935f-b2fc-4856-9e31-cccbb1b50b24.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1dfa636a-3504-41db-94ac-0a05dc863c4e.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1e7c57ab-dacc-49fa-9b70-65eb6b35ec51.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1e92c165-c5b5-4678-92d5-0dc1c4747171.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1e356bde-4a8c-4985-9496-cc3917240300.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "02d0172b-0b08-4ade-b915-ff77ee89b34d.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "03c5c878-4b5f-4ff4-aba8-05c1a4179102.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "03d047ff-0ed9-40cd-adb6-c52df772b7a2.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "05adcf92-a6d8-4d2e-8a0e-429334f7d9df.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "07d8ddbd-c090-4e2c-abdf-daa2a788188e.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "07de189f-1893-4054-90f5-6abb7f3e7dae.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "08e54e7a-6e0b-44c3-be23-8098980ef38e.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "08ecd6a8-ea22-408b-bc50-79f6b7a5cd84.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "09d93a91-f4b3-4ecb-9c6d-227db0af69d3.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "10b79ce4-5642-42c7-a0bb-b0ea295cfddd.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "018f4df1-1821-405e-b4c1-f3ae44bbdfb4.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "029c6b4e-b701-46a1-85f3-6f69c73ff434.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "038ca96a-df05-4913-8cb5-af8712c70ec2.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0052ff69-54f0-456b-8670-50a033f8fd75.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "056a78d0-9fcc-41a7-8e64-292cd61f2b39.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "058b1ec2-517b-4d5f-abf4-9e289bf912a9.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "059b3ed7-02f4-4474-b71f-20e9dbef910e.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "065f60c5-539d-48bc-ae02-573346d538cb.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "083e6c8f-8f8a-4bdf-a83b-be0f11ee12ec.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "085a9249-93e8-4b54-8f1a-af5caa68157d.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "087d57b4-b5af-41b3-a4da-bfc23eaaac7d.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "115cdf64-364a-4ade-a1c3-669b9e86b92d.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "118ebc28-ac1a-4c67-a670-681344d9d4cc.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "00193bd1-bc9d-4b5e-8620-44179cfb0dbd.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0315b990-f4b4-4b18-bde9-cd0ca19b242a.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0319feef-f97c-4b76-91e6-354ba241fb29.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0385f189-eea0-49ee-9fdd-d0a64ad61187.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0547d3f5-b3f0-4b98-ae3c-c0b0c3d1524b.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0585cfcb-67a3-4463-b544-ad1659f9e31c.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "00635b33-f295-4524-92ec-cb0bdc99c99f.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0758a4f6-f733-418c-aa25-3105a411623c.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0856e8c0-6e82-4ffb-8f9c-fd1c4ad15b68.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "0999b08d-1dc0-4894-a1fb-923674bd680a.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1014ac86-21c9-4790-bfcd-506f11d716c8.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1049d1d9-8e6e-4f9d-8a3f-b0ae02137540.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1148d7de-ebcf-4bd1-af88-21af01798990.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "01710eb5-da24-4c82-bf98-a76534fca8f1.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "05792e9f-c0aa-4ed3-9442-27a700dd5b2c.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "009142f4-9b45-4d38-a70d-fdff7ec372b2.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "10896aaf-4059-4207-ab52-ed2b441db34c.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "031890e5-ce29-4d76-9763-b519f64abe02.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "119175a7-74b4-458b-b6a3-7c58c50b30de.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "00191978-52c0-457e-9439-206c967bec6e.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "02661354-c645-45d1-883a-4c29206725ac.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "04201796-7a91-4ff0-9622-abe5c63d3ff1.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "08122942-739b-4ec2-b903-62336d26d3ef.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "AdobeIPCBroker.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "amt3.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "au-descriptor-1.8.0_381-b09.xml" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "de70db254b5fc4cd97af6a8c2c733d5c-{87A94AB0-E370-4cde-98D3-ACC110C5967D}" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ea7d58b6-b680-4547-b0b6-f97cf9d32d38.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "eb0b4826-f13e-41d0-a467-deeba24ead43.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "eb4c7295-852b-42b0-92fe-9ddb4ddceeb4.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "eb9b7bf7-e0ca-424b-bd8a-63d5cd6712c7.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "eb41c6b6-416c-464e-adc0-7a98d22740c0.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "eb834571-6eed-4493-ab59-60b3a7b96efe.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "eba4add7-92dd-470a-bdc7-93ca8e6425e5.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ec3db7f8-6b1a-4bc5-8681-969999584c94.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ec7ae7e8-cc8b-46c7-8f86-f851a4835c6f.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ec7f1fe0-2881-4ffa-9554-4aabe72010ec.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ec038bef-7e04-4522-b9c1-d371032b16c7.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ec036500-875b-4bb9-89d2-9a3faeaa3d90.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ecc8fce5-50f8-43ce-b2f8-9a3e09c938d0.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ecd9e69d-f741-49dd-8e8d-ac11d03947ee.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ecd30df4-bc05-4a13-8cf8-522b1ec0d502.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ed0bba4a-69b8-44e9-86d5-550634726f77.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ed4f38b8-f3bd-4826-bfde-0d0a081c15c4.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ed6d9d7b-88dd-4656-8583-a157547ad3c6.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ed9f207c-1023-4332-a341-2f802ecc646b.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ed9f5288-805d-47a3-9c80-30fe959ccaf0.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ed60d3b0-42c7-41ce-a621-73200406ee85.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "edcc4384-855a-4af5-a854-7bbb38812a1f.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "edcd6c06-2956-47d5-887e-797f8c820fb5.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "edd39cfd-4713-4915-89ae-af7bdfa08480.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ee8e378e-c3c8-4c32-918e-686192e19c12.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ee49fc61-cbec-45c9-98eb-799b44f5c7f2.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "eef1cd90-97b7-4581-a047-d66e6b73f649.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "eef03bce-3007-4a9b-aec3-eeb281c0f1a5.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ef2c4d0b-a1d5-4cd4-82c2-95cfbe05981c.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ef1794cb-ccdc-4f10-b434-1752dc360b6e.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ef610257-1999-4939-9ae3-d5782113ab66.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "efc03f6f-7d4d-426b-a3db-75000dcccea4.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "efd77b25-9f2b-48bc-b837-7f8eca5b4d63.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f0bc0bad-561a-42ce-8343-686186515a01.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f0fd5ec8-10da-4da7-9499-85a52d54a846.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f1d7fc48-f30b-4074-a884-e20923b17aa3.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f1e92148-e9dc-41eb-aeee-efdaaceb3f37.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f1fb9f47-f7f9-421c-99ea-12f3e12057ac.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f2a6184d-9905-462e-a1bc-89f01a89f290.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f2d8f480-ce59-46b9-b027-b4cbfeb579c1.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f3c41e3b-128b-4515-aef4-84e06b3e127d.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f3e87691-6d68-4cb4-80cc-8e2c0f292d3b.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f4f2a7eb-e38a-4136-aa8c-b8d2bae0c45a.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f4f5bee5-7103-46ba-9741-bb33f61fe40f.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f6cc945e-b8c8-4623-9ca7-72c4c179cb84.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f6fb4c29-86fc-4c4c-b995-178a280a82dd.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f7a498f6-0795-4dbd-b366-392ec5e2f78c.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f08b59b1-d04c-497e-bc50-61dfbaa3e6c8.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f8d7fb10-0f4e-4c75-98a0-254e1c5e714e.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f8d480d6-acd6-4ea0-8a59-e815ec29969b.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f9e6bce7-b9e2-4eba-882a-cca7509d33b6.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f22b4f4b-7feb-458d-b8a9-ab76fb22929f.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f23f6a0b-decf-4e05-bddc-f33caaf3a159.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f53d2eb9-9ac9-48e9-9851-fc6c75b528f3.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f84cc072-471d-4cbf-8438-4453d149ade8.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f85e670b-b618-4272-bd15-a09f0d8f8860.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f166ae38-ab65-43dc-bc1f-1940ccca534d.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f283b31c-01e2-44c8-92e8-f9d4917bd1b4.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f450cc7c-1bb7-4f6d-90f5-67a188eaa6d0.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f516cb4d-cca7-4eef-b71b-bdec0eba4c34.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f567f932-3b1b-4b87-bccb-30568861e961.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f603ea03-3a83-43af-9790-97d8e32c8d0d.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f650fb8e-174f-4775-92fe-4fa6c9d9ae48.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f781fb18-77a3-415b-9f77-4c5f7888b440.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f0929fc7-d5ec-48b7-ae75-db2657a9cc89.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f931d251-8913-45de-bfac-4ea5fe10dc14.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f7206de4-495d-4956-a0b5-af7381b489d7.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f08547fb-ab61-4e37-8f19-944e431039a5.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f9176b0b-8725-4892-a940-24ffaa345df0.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f13996b0-bc3f-463b-937e-586221039fd8.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f22940a0-be0c-43ec-adf2-f58bbc31ec15.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f29598d0-d33e-4474-b2d6-d3e5829ec211.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f49785ee-e46e-4be5-8a82-aa55058238c8.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f279217f-adcd-468d-8d98-6624d24d18c2.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f757914b-aba4-481f-b2d6-a5e593288df5.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "f1441014-dc8f-43b5-9b50-323901c40b18.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fa3a7a21-82d6-42c9-a483-519d95b11f1d.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fa9839c9-7816-43a8-bbd0-e29e5a90b856.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "faf1a659-046c-41b9-b4de-1f4037de562f.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fba1c0ea-a9e0-4352-9437-179c2a8870e5.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fbe76785-21a5-45f1-a4d9-e35702b032ea.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fc66837d-f026-437c-95f6-67b9042cb7b7.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fce35d5b-713f-492b-b72a-356acdd0ee21.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fd5b5a55-302a-4dcb-ab9c-6e18540ed30d.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fd62beba-e6b9-49bd-b22f-6f8c1168c5c6.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fdb400a3-239d-4509-af62-7b7984ac547d.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fdd559fe-d96d-4a6e-8894-85b68b6d6206.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fe11da7d-c85b-4ed8-a047-cce11836f56e.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fef14630-b805-4035-83de-01f1d3cf8044.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ff87c68d-ecbf-4488-af54-0aef01c91526.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ff88a9dc-4d6c-4855-85d5-9617ea43950a.tmp.json" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "jusched.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "NGLClient_default.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "oobelib.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "PDApp.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "prep_59f896e1b3c33a57b997e212ff3a_PackageResources_index_win32_bundle_V8_perf.cache" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "prep_foundation_win32_bundle_V8_perf.cache" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "prep_ui_win32_bundle_V8_perf.cache" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "s9sg.0.bat" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "sf4k.0.bat" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "StructuredQuery.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "swtag.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wct2C3.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wct7EA2.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wct85F.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wct110E.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wct843C.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wct939.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wct2837.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wctA476.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wctAD3A.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wctE6CC.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wctE6F1.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wctEDAE.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wctF32B.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "wctF91C.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "semw.0.bat" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "kl-setup-2023-09-09-22-26-39_KFA.21.14.5.462.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "PC.bmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "tmp-ni8.xpi" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "JavaDeployReg.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "prep___Program Files_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "prep_soft Office_root_Office16_sdxs_FA000000027_comments_win32_bundle_V8_perf.cache" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "prep_index_win32_bundle_V8_perf.cache" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "prep_Form_JSI_API_not_a_real_file_V8_perf.cache" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "3E1A.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ROYAL-PEKA-20230913-2053.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ROYAL-PEKA-20230913-2052.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ROYAL-PEKA-20230913-2050.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ROYAL-PEKA-20230913-2049.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ROYAL-PEKA-20230913-2048.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ROYAL-PEKA-20230913-2047.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ROYAL-PEKA-20230913-2044.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "AdobeIPCBrokerCustomHook.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DFFE8FAA14D7F30CCF.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DFF57CC25014AB83B6.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DFDA587E0E92BC15BD.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DF88A0057A2623F867.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DF71317C2C85A00137.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DF139A37EA1D0B056A.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "SFCECF6.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "SFCCEF1.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "SFCA02E.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "SFC850E.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "sfareca00002.dll" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "sfareca00001.dll" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "sfamcc00002.dll" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "sfamcc00001.dll" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "SFC51B9.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "sfamcc00003.dll" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "sfareca00003.dll" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DF990687B3E2C2B5AB.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DF946AD0504D07DCCE.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DF24E8D6CC377993D4.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DF408D4180627FEC59.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DFBA99949CE9B3A55F.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "~DFC2203ABE51C698CF.TMP" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "{CE5BCB74-65D7-491C-8D1D-C4970577B6F7}.png" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "{3AC0D17A-92F8-4174-8298-A9957926046B}.png" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ROYAL-PEKA-20230914-1848b.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ROYAL-PEKA-20230914-1848a.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "ROYAL-PEKA-20230914-1848.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "AdobePDFPrinterInstall.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "AdobeARM.log" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "1187.tmp" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fshc-8296-8308-21453f75.tmp.db.0000000001.txlog" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fshc-8296-8308-21453f75.tmp.db" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "fshc-10596-7312-258306d15dc.tmp.db.0000000001.txlog" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\StartupFolder: => "dwt-8296-8308-1f522a91.sys" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\Run: => "Web Companion" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\Run: => "Bloody2" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B47356396DDD0FAAE76D0ED141F5CEA2" HKU\S-1-5-21-2519805770-743617746-3109695811-1003\...\StartupApproved\Run: => "LEAJ" ==================== Правила Брандмауэра (В белом списке) ================ (Если запись включена в fixlist, она будет удалена из реестра. Файл не будет удалён, если он не указан отдельно.) FirewallRules: [UDP Query User{C4AB11F4-D808-4DD5-BDFB-E55B30A83B96}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{B87D8496-81AE-4892-A26E-D859DC88BA75}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{AC67B2E0-2ED5-40F3-BD58-BCF5320A5FAC}C:\program files\jetbrains\pycharm community edition 2020.3.3\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2020.3.3\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [TCP Query User{44AACD23-D95E-4691-A097-9046FB0BA85E}C:\program files\jetbrains\pycharm community edition 2020.3.3\bin\pycharm64.exe] => (Block) C:\program files\jetbrains\pycharm community edition 2020.3.3\bin\pycharm64.exe (JetBrains s.r.o. -> JetBrains s.r.o.) FirewallRules: [{B285EA36-A3EF-4058-8E7D-7EF4838A795C}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{5933A0B0-16C3-4B6A-9D6E-42527D10B01B}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{3F6FB1D2-3729-4587-B6CD-6A603E51F6F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe (Crate Entertainment, LLC) [Файл не подписан] FirewallRules: [{8B829530-E9BD-4694-972D-E4CE14E2BF76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe (Crate Entertainment, LLC) [Файл не подписан] FirewallRules: [{A6BF8238-B624-4BBF-92D4-004C0CDFAE69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [Файл не подписан] FirewallRules: [{5C8248BA-2077-481E-8CBC-DFE220E95731}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [Файл не подписан] FirewallRules: [{760A7BB7-27FB-46AB-BFAD-C16F23B1660B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{9CA3DC33-4A2B-41A8-A0AB-3976B9D742F0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{A0EA9458-206F-4A93-9BBE-E5D98DB9E548}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{D036284C-F8BA-4C90-AF69-38A46B13893D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{A297831B-AC2B-4B49-877F-F8CBF1EE19A8}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe => Нет файла FirewallRules: [{4A50807B-F4A0-455D-96E4-FF342F9D7653}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe => Нет файла FirewallRules: [{2C636EF0-4A88-489B-AE56-2191DDC2964C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D6E5B87D-140E-4915-B353-000F818A75C2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{8B056F43-4824-4E6E-9902-C4C706A5B110}D:\sdi_rus\sdi_x64_r2009.exe] => (Block) D:\sdi_rus\sdi_x64_r2009.exe => Нет файла FirewallRules: [TCP Query User{0F9B6867-CA72-49D3-9B4E-F5BAB97AB9DB}D:\sdi_rus\sdi_x64_r2009.exe] => (Block) D:\sdi_rus\sdi_x64_r2009.exe => Нет файла FirewallRules: [TCP Query User{6BB824DC-70AB-4C44-B10A-43911632F3EA}C:\users\pc\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\pc\appdata\local\microsoft\teams\current\teams.exe => Нет файла FirewallRules: [UDP Query User{5EB5DC36-EE98-4CDF-B2E7-E043AE5A6230}C:\users\pc\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\pc\appdata\local\microsoft\teams\current\teams.exe => Нет файла FirewallRules: [{8CF7DD75-E04E-4A68-A9B4-5B42C1B91731}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => Нет файла FirewallRules: [{F2E7A6CA-3E86-4CB7-8788-C7E2E51F6DC5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => Нет файла FirewallRules: [{A67A5A36-B62E-4AAD-B64E-5BC37E8D8219}] => (Allow) LPort=54925 FirewallRules: [{83950260-5B11-46F6-A5A7-8BABC3AF9C0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => Нет файла FirewallRules: [{69BB2145-ECAD-42B1-A4B9-F8D0BE10E096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => Нет файла FirewallRules: [TCP Query User{18752778-3A07-4565-823F-095E9FBF24E8}C:\program files\ridi\ridibooks\ridibooks.exe] => (Allow) C:\program files\ridi\ridibooks\ridibooks.exe => Нет файла FirewallRules: [UDP Query User{689DEF17-41FC-4BB0-A0E7-E8FE42F12F27}C:\program files\ridi\ridibooks\ridibooks.exe] => (Allow) C:\program files\ridi\ridibooks\ridibooks.exe => Нет файла FirewallRules: [{22870CD8-4635-437B-A87D-59C303F3111B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [Файл не подписан] FirewallRules: [{E219EBD5-C2EB-4C2E-B4DA-72F8176B6234}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [Файл не подписан] FirewallRules: [TCP Query User{798F87BD-EF98-420E-AC85-EED935BEC99A}C:\users\pc\downloads\hidden\hidden.exe] => (Allow) C:\users\pc\downloads\hidden\hidden.exe => Нет файла FirewallRules: [UDP Query User{D84D7619-6CBD-4D8D-87B1-E27EA67CC54B}C:\users\pc\downloads\hidden\hidden.exe] => (Allow) C:\users\pc\downloads\hidden\hidden.exe => Нет файла FirewallRules: [{88D975D3-1619-4886-87DB-31693A43979D}] => (Block) C:\users\pc\downloads\hidden\hidden.exe => Нет файла FirewallRules: [{EAAC5402-650F-4588-8DEB-71AC1A8110C4}] => (Block) C:\users\pc\downloads\hidden\hidden.exe => Нет файла FirewallRules: [{C013C800-F257-4E68-A72B-EC973055CB35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\x64\Grim Dawn.exe (Crate Entertainment, LLC) [Файл не подписан] FirewallRules: [{C745E207-1297-43E0-92AE-05C1C48512B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\x64\Grim Dawn.exe (Crate Entertainment, LLC) [Файл не подписан] FirewallRules: [TCP Query User{35E5837E-D9DC-4BEE-8A24-B3D4F5696659}C:\users\pc\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\pc\appdata\local\discord\app-1.0.9006\discord.exe => Нет файла FirewallRules: [UDP Query User{036C95D7-5D90-4A39-A0DF-E3A193CBA750}C:\users\pc\appdata\local\discord\app-1.0.9006\discord.exe] => (Allow) C:\users\pc\appdata\local\discord\app-1.0.9006\discord.exe => Нет файла FirewallRules: [{4FE04A02-617D-416D-A9C9-1EF246035F70}] => (Block) C:\users\pc\appdata\local\discord\app-1.0.9006\discord.exe => Нет файла FirewallRules: [{137A579E-9817-48C8-9A48-A3359D45F04A}] => (Block) C:\users\pc\appdata\local\discord\app-1.0.9006\discord.exe => Нет файла FirewallRules: [TCP Query User{E48459DA-BB52-416C-9A70-52D8577667C3}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [UDP Query User{BDC78B0C-332D-40BE-8C95-F2B11ED46849}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [{67D6196C-7DCA-484C-86B8-635C40837C93}] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [{BFDD3A43-A69C-47C5-803F-E86068576D31}] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [TCP Query User{727DDE4D-2919-4595-9A32-4EF557355184}C:\users\pc\appdata\local\programs\@wbnrwebinar-electron\webinar.exe] => (Allow) C:\users\pc\appdata\local\programs\@wbnrwebinar-electron\webinar.exe => Нет файла FirewallRules: [UDP Query User{740F3302-A269-457E-B5E7-2F2DF08BA921}C:\users\pc\appdata\local\programs\@wbnrwebinar-electron\webinar.exe] => (Allow) C:\users\pc\appdata\local\programs\@wbnrwebinar-electron\webinar.exe => Нет файла FirewallRules: [TCP Query User{5F0C2BC3-F44F-4BFE-BCC2-E8777EC0FB31}F:\wash simulator\powerwash simulator\powerwashsimulator.exe] => (Allow) F:\wash simulator\powerwash simulator\powerwashsimulator.exe () [Файл не подписан] FirewallRules: [UDP Query User{EC59A7FA-ABD6-4212-9BDD-8289C5663A59}F:\wash simulator\powerwash simulator\powerwashsimulator.exe] => (Allow) F:\wash simulator\powerwash simulator\powerwashsimulator.exe () [Файл не подписан] FirewallRules: [{2A7D7FB7-CDFF-439A-80E6-1774C6E985D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Virgo vs The Zodiac\vvtz.exe (Moonana Inc.) [Файл не подписан] FirewallRules: [{1BD1032F-1106-4E2A-837D-F8EA201D7AA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Virgo vs The Zodiac\vvtz.exe (Moonana Inc.) [Файл не подписан] FirewallRules: [TCP Query User{0B66ACE2-0FD8-460F-A7D1-1B097CF31775}C:\program files\rstudio\bin\rsession-utf8.exe] => (Block) C:\program files\rstudio\bin\rsession-utf8.exe (RStudio, PBC) [Файл не подписан] FirewallRules: [UDP Query User{A216EEEB-11ED-490E-9BA4-EDBCF427507C}C:\program files\rstudio\bin\rsession-utf8.exe] => (Block) C:\program files\rstudio\bin\rsession-utf8.exe (RStudio, PBC) [Файл не подписан] FirewallRules: [TCP Query User{C90F2A4C-922B-4772-86D1-F6096C6ED30F}C:\users\pc\appdata\local\programs\python\python38\python.exe] => (Allow) C:\users\pc\appdata\local\programs\python\python38\python.exe (Python Software Foundation -> Python Software Foundation) FirewallRules: [UDP Query User{D1B9C7D1-9070-483A-A8D0-865CED1D8EF4}C:\users\pc\appdata\local\programs\python\python38\python.exe] => (Allow) C:\users\pc\appdata\local\programs\python\python38\python.exe (Python Software Foundation -> Python Software Foundation) FirewallRules: [{CCF21B87-0AE8-4C3A-84AB-787F3AC48A90}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => Нет файла FirewallRules: [{D31E406C-8745-4A40-8D28-3AFFCDC22279}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => Нет файла FirewallRules: [{B40310CC-FB37-4E4B-93AC-2CF1891EB176}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => Нет файла FirewallRules: [{445D8AF4-5E16-46BA-A048-D4C96D72576B}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => Нет файла FirewallRules: [TCP Query User{14E2BECB-66DA-44DB-B6B0-2228B9BAE891}C:\games\minemodpacks\java\win64\bin\javaw.exe] => (Allow) C:\games\minemodpacks\java\win64\bin\javaw.exe FirewallRules: [UDP Query User{48D12AA9-6D72-425C-9C8B-62A3172F3063}C:\games\minemodpacks\java\win64\bin\javaw.exe] => (Allow) C:\games\minemodpacks\java\win64\bin\javaw.exe FirewallRules: [{79CB08CA-03A7-4CDF-BC96-C96A5FA1A1B0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9AB2AF20-8A8B-4B26-8BA1-0F813CDEB24D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{036EBECC-6C95-4AC6-BE20-4350122DA55A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D844F974-376B-41CF-B976-D6C68E9995BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.103.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{79DC2B39-3E6B-4A0A-9870-7AFA70F02EFB}] => (Allow) F:\SteamLibrary\steamapps\common\Eternium\MageAndMinions.exe (Marmalade Technologies Ltd) [Файл не подписан] FirewallRules: [{FD7F57B1-B370-4DF0-9FB3-67F194243252}] => (Allow) F:\SteamLibrary\steamapps\common\Eternium\MageAndMinions.exe (Marmalade Technologies Ltd) [Файл не подписан] FirewallRules: [{0641ED00-C1C5-48C0-B8F9-0DF4A4F4A45C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.31\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Точки восстановления ========================= ВНИМАНИЕ: Восстановление системы отключено (Total:476.74 GB) (Free:374.5 GB) (79%) ==================== Неисправное Устройство в Менеджере Устройств ============ ==================== Ошибки журнала событий: ======================== Ошибки приложения: ================== Error: (09/18/2023 05:20:26 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: Сбой инициализации регистрации сертификата SCEP WORKGROUP\ROYAL-PEKA$ через https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps Метод: GET(15ms) Стадия: GetCACaps Не удается разрешить имя или адрес сервера 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Error: (09/18/2023 04:30:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Имя сбойного приложения: CompatTelRunner.exe, версия: 10.0.19645.1085, метка времени: 0x79929fe6 Имя сбойного модуля: msvcrt.dll, версия: 7.0.19041.546, метка времени: 0x564f9f39 Код исключения: 0x40000015 Смещение ошибки: 0x000000000000ae22 Идентификатор сбойного процесса: 0x37d4 Время запуска сбойного приложения: 0x01d9ea343decb4c4 Путь сбойного приложения: C:\Windows\system32\CompatTelRunner.exe Путь сбойного модуля: C:\Windows\System32\msvcrt.dll Идентификатор отчета: c4589e53-f9af-4e60-900b-ed22c72d8195 Полное имя сбойного пакета: Код приложения, связанного со сбойным пакетом: Error: (09/18/2023 04:29:13 PM) (Source: Firefox Default Browser Agent) (EventID: 1155) (User: ) Description: Event-ID 1155 Error: (09/17/2023 08:47:50 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: Сбой инициализации регистрации сертификата SCEP WORKGROUP\ROYAL-PEKA$ через https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sun, 17 Sep 2023 17:47:50 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 8c975dc4-db1a-4c65-89c3-1924d0793777 Метод: GET(297ms) Стадия: GetCACaps Не найдено (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (09/17/2023 08:16:09 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: Сбой инициализации регистрации сертификата SCEP WORKGROUP\ROYAL-PEKA$ через https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sun, 17 Sep 2023 17:16:10 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 469baa3f-5c54-4c1d-9743-921c107edbb0 Метод: GET(421ms) Стадия: GetCACaps Не найдено (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (09/17/2023 07:47:50 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: Сбой инициализации регистрации сертификата SCEP WORKGROUP\ROYAL-PEKA$ через https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps Метод: GET(15ms) Стадия: GetCACaps Не удается разрешить имя или адрес сервера 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Error: (09/17/2023 07:29:14 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: Сбой инициализации регистрации сертификата SCEP WORKGROUP\ROYAL-PEKA$ через https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sun, 17 Sep 2023 16:29:14 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 865ed328-13ea-4ba7-99cc-a82d3838e478 Метод: GET(390ms) Стадия: GetCACaps Не найдено (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) Error: (09/17/2023 06:53:00 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY) Description: Сбой инициализации регистрации сертификата SCEP WORKGROUP\ROYAL-PEKA$ через https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep: GetCACaps Метод: GET(15ms) Стадия: GetCACaps Не удается разрешить имя или адрес сервера 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED) Системные ошибки: ============= Error: (09/18/2023 05:20:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "AdskLicensingService" из-за ошибки Не удается найти указанный файл. Error: (09/17/2023 08:16:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "AdskLicensingService" из-за ошибки Не удается найти указанный файл. Error: (09/17/2023 08:02:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Служба Autodesk Desktop Licensing Service была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 1000 мсек: Перезапуск службы. Error: (09/17/2023 06:40:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании ответа транзакции от службы "WCAssistantService". Error: (09/16/2023 02:14:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "Steam Client Service" из-за ошибки Служба не ответила на запрос своевременно. Error: (09/16/2023 02:14:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Превышение времени ожидания (30000 мс) при ожидании подключения службы "Steam Client Service". Error: (09/14/2023 05:09:19 PM) (Source: DCOM) (EventID: 10005) (User: ROYAL-PEKA) Description: Произошла ошибка DCOM "87" при попытке запуска службы GamingServices с аргументами "Недоступно" для запуска сервера: {3E8C9ABE-9226-4609-BF5B-60288A391DEE} Error: (09/14/2023 03:07:35 AM) (Source: DCOM) (EventID: 10010) (User: ROYAL-PEKA) Description: Регистрация сервера {C53A4F16-787E-42A4-B304-29EFFB4BF597} DCOM не выполнена за отведенное время ожидания. Windows Defender: ================ Date: 2023-09-09 22:26:26 Description: Проверка, выполняемая Антивирусная программа Microsoft Defender, была остановлена до полного завершения. ИД проверки: {E1804906-1E95-4B77-9892-57E3C57530BE} Тип проверки: Антивредоносная программа Параметры проверки: Настраиваемая проверка Пользователь: ROYAL-PEKA\PC Date: 2023-09-09 22:12:01 Description: Программа Антивирусная программа Microsoft Defender обнаружила вредоносные или другие потенциально нежелательные программы. Чтобы узнать больше, см. приведенные далее сведения. https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Amadey.AY!MTB&threatid=2147846638&enterprise=0 Имя: Trojan:Win32/Amadey.AY!MTB ИД: 2147846638 Серьезность: Критический Категория: Троян Путь: process:_pid:11856,ProcessStart:133387603213396178 Начало обнаружения: Неизвестно Тип обнаружения: Конкретный Источник обнаружения: Система Пользователь: NT AUTHORITY\СИСТЕМА Название процесса: C:\Users\PC\AppData\Local\Temp\gljoggwesbudd.exe Версия службы анализа безопасности: AV: 1.397.644.0, AS: 1.397.644.0, NIS: 1.397.644.0 Версия подсистемы: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Date: 2023-09-09 22:11:01 Description: Программа Антивирусная программа Microsoft Defender обнаружила вредоносные или другие потенциально нежелательные программы. Чтобы узнать больше, см. приведенные далее сведения. https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Amadey.AY!MTB&threatid=2147846638&enterprise=0 Имя: Trojan:Win32/Amadey.AY!MTB ИД: 2147846638 Серьезность: Критический Категория: Троян Путь: process:_pid:2844,ProcessStart:133387602610590768 Начало обнаружения: Неизвестно Тип обнаружения: Конкретный Источник обнаружения: Система Пользователь: NT AUTHORITY\СИСТЕМА Название процесса: C:\Users\PC\AppData\Local\Temp\gljoggwesbudd.exe Версия службы анализа безопасности: AV: 1.397.644.0, AS: 1.397.644.0, NIS: 1.397.644.0 Версия подсистемы: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Date: 2023-09-09 22:10:02 Description: Программа Антивирусная программа Microsoft Defender обнаружила вредоносные или другие потенциально нежелательные программы. Чтобы узнать больше, см. приведенные далее сведения. https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Amadey.AY!MTB&threatid=2147846638&enterprise=0 Имя: Trojan:Win32/Amadey.AY!MTB ИД: 2147846638 Серьезность: Критический Категория: Троян Путь: process:_pid:17564,ProcessStart:133387602018028481 Начало обнаружения: Неизвестно Тип обнаружения: Конкретный Источник обнаружения: Система Пользователь: NT AUTHORITY\СИСТЕМА Название процесса: C:\Users\PC\AppData\Local\Temp\gljoggwesbudd.exe Версия службы анализа безопасности: AV: 1.397.644.0, AS: 1.397.644.0, NIS: 1.397.644.0 Версия подсистемы: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Date: 2023-09-09 22:09:02 Description: Программа Антивирусная программа Microsoft Defender обнаружила вредоносные или другие потенциально нежелательные программы. Чтобы узнать больше, см. приведенные далее сведения. https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Amadey.AY!MTB&threatid=2147846638&enterprise=0 Имя: Trojan:Win32/Amadey.AY!MTB ИД: 2147846638 Серьезность: Критический Категория: Троян Путь: process:_pid:19752,ProcessStart:133387601415447925 Начало обнаружения: Неизвестно Тип обнаружения: Конкретный Источник обнаружения: Система Пользователь: NT AUTHORITY\СИСТЕМА Название процесса: C:\Users\PC\AppData\Local\Temp\gljoggwesbudd.exe Версия службы анализа безопасности: AV: 1.397.644.0, AS: 1.397.644.0, NIS: 1.397.644.0 Версия подсистемы: AM: 1.1.23080.2005, NIS: 1.1.23080.2005 Event[0]: Date: 2023-09-09 22:19:10 Description: При обновлении службы анализа безопасности в программе Антивирусная программа Microsoft Defender возникла ошибка. Новая версия службы анализа безопасности: Предыдущая версия службы анализа безопасности: 1.397.644.0 Источник обновления: Сервер Центра обновления Майкрософт Тип службы анализа безопасности: Антивирусная программа Тип обновления: Полное Пользователь: NT AUTHORITY\СИСТЕМА Текущая версия подсистемы: Предыдущая версия подсистемы: 1.1.23080.2005 Код ошибки: 0x80240438 Описание ошибки: Произошла неожиданная ошибка при проверке наличия обновлений. Дополнительные сведения об установке и диагностике обновлений можно найти в центре справки и поддержки. Date: 2023-04-14 11:36:23 Description: При обновлении службы анализа безопасности в программе Антивирусная программа Microsoft Defender возникла ошибка. Новая версия службы анализа безопасности: Предыдущая версия службы анализа безопасности: 1.387.740.0 Источник обновления: Сервер Центра обновления Майкрософт Тип службы анализа безопасности: Антивирусная программа Тип обновления: Полное Пользователь: NT AUTHORITY\СИСТЕМА Текущая версия подсистемы: Предыдущая версия подсистемы: 1.1.20200.4 Код ошибки: 0x80072f8f Описание ошибки: Произошла ошибка безопасности Date: 2023-03-08 01:13:42 Description: При обновлении службы анализа безопасности в программе Антивирусная программа Microsoft Defender возникла ошибка. Новая версия службы анализа безопасности: Предыдущая версия службы анализа безопасности: 1.383.1133.0 Источник обновления: Сервер Центра обновления Майкрософт Тип службы анализа безопасности: Антивирусная программа Тип обновления: Полное Пользователь: NT AUTHORITY\СИСТЕМА Текущая версия подсистемы: Предыдущая версия подсистемы: 1.1.20000.2 Код ошибки: 0x8024402c Описание ошибки: Произошла неожиданная ошибка при проверке наличия обновлений. Дополнительные сведения об установке и диагностике обновлений можно найти в центре справки и поддержки. CodeIntegrity: =============== Date: 2023-09-18 17:22:21 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\com_antivirus.dll that did not meet the Windows signing level requirements. ==================== Информация о памяти =========================== BIOS: American Megatrends International, LLC. F14 01/04/2022 Материнская плата: Gigabyte Technology Co., Ltd. B550M DS3H Процессор: AMD Ryzen 7 3700X 8-Core Processor Процент используемой памяти: 15% Общий объём физической RAM: 32672.04 MB Доступно физической RAM: 27729.46 MB Всего Виртуальной: 37536.04 MB Доступно Виртуальной: 31825.59 MB ==================== Диски ================================ Drive c: () (Fixed) (Total:476.74 GB) (Free:374.5 GB) (Model: TS512GMTE110S) NTFS Drive e: () (Fixed) (Total:196.48 GB) (Free:158.05 GB) (Model: WDC WD5000AZRX-00L4HB0) NTFS Drive f: (Новый том) (Fixed) (Total:268.49 GB) (Free:251.83 GB) (Model: WDC WD5000AZRX-00L4HB0) NTFS Drive g: () (Removable) (Total:7.46 GB) (Free:4.94 GB) FAT32 \\?\Volume{d13a6b68-0000-0000-0000-100000000000}\ (Зарезервировано системой) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS \\?\Volume{d13a6b68-0000-0000-0000-e03431000000}\ () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS \\?\Volume{f7959de9-5ed0-477b-a29a-4a5924b3fb6d}\ (EFI) (Fixed) (Total:0.19 GB) (Free:0.17 GB) FAT32 ==================== MBR & Таблица Разделов ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D13A6B68) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=196.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=268.5 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== Конец от Addition.txt =======================