Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2020 Ran by Администратор (04-09-2020 12:27:19) Running from D:\Загрузки Windows 10 Pro Version 1909 18363.1016 (X64) (2019-06-15 15:30:13) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= DefaultAccount (S-1-5-21-807865433-4095668257-2292591684-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-807865433-4095668257-2292591684-504 - Limited - Disabled) Администратор (S-1-5-21-807865433-4095668257-2292591684-500 - Administrator - Enabled) => C:\Users\Администратор Гость (S-1-5-21-807865433-4095668257-2292591684-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_1_1) (Version: 17.1.1 - Adobe Inc.) Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0_8) (Version: 13.0.8 - Adobe Inc.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.2.1.441 - Adobe Systems Incorporated) Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_2_1) (Version: 24.2.1 - Adobe Inc.) Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_2) (Version: 14.2 - Adobe Inc.) Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_2_1) (Version: 21.2.1.265 - Adobe Inc.) Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_2) (Version: 14.2 - Adobe Inc.) bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.70 - Piriform) Chroma Sync (HKLM-x32\...\{BC8D681E-1F5D-4C68-8E3E-A9A614D66C14}) (Version: 1.1.1 - Ultrabox Entertainment Limited) Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC) Discord (HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\Discord) (Version: 0.0.307 - Discord Inc.) Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Epic Games Launcher (HKLM-x32\...\{8468D0B4-D45C-400A-96BA-7D420BE4F628}) (Version: 1.1.267.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Format Factory 4.4.0 (HKLM-x32\...\Format Factory_is1) (Version: 4.4.0 - Free Time, 2008-2016) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 85.0.4183.83 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Hotline Miami (HKLM-x32\...\1207659118_is1) (Version: 2.2.0.8 - GOG.com) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Computing Improvement Program (HKLM\...\{44C40B2E-7285-4A9F-A9BC-DF433772AAEE}) (Version: 2.4.05929 - Intel Corporation) Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32 (HKLM-x32\...\{38F48AED-66D8-464C-993E-C7296C7A199B}) (Version: 5.2.0.2 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1805.12.0.1097 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.5018 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1007 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0210-1049-84C8-B8D95FA3C8C3}) (Version: 21.20.0.4 - Intel Corporation) Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{4B3C56AB-963E-4F48-9747-05297683DB3B}) (Version: 16.8.3.1003 - Intel Corporation) Java 8 Update 251 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180251F0}) (Version: 8.0.2510.8 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.) Malwarebytes, версия 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Microsoft Office профессиональный плюс 2016 - ru-ru (HKLM\...\ProPlusRetail - ru-ru) (Version: 16.0.13029.20344 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) MPC-HC 1.9.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.9.7 - MPC-HC Team) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.8.7 - Notepad++ Team) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation) NVIDIA Аудиодрайвер HD 1.3.38.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 - NVIDIA Corporation) NVIDIA Графический драйвер 452.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 452.06 - NVIDIA Corporation) NVIDIA Системное программное обеспечение PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13029.20344 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0419-0000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) Hidden ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.5.0831.082315 - Razer Inc.) Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.8.100.5 - Red Giant, LLC) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.27.272 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.6.5 - Rockstar Games) TeamSpeak 3 Client (HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\TeamSpeak 3 Client) (Version: 3.1.10 - TeamSpeak Systems GmbH) Telegram Desktop version 2.3.1 (HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.3.1 - Telegram FZ-LLC) The Witcher 3 Wild Hunt v.1.31 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version: - ) VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) WinRAR 5.90 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH) WinRAR 5.91 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH) Обновления NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-08-04] (Adobe Systems Incorporated) Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.4.255.0_x64__rz1tebttyb220 [2020-08-28] (Dolby Laboratories) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-25] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-23] (NVIDIA Corp.) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-807865433-4095668257-2292591684-500_Classes\CLSID\{05EEE316-3AD4-4459-922B-B1CA88962F14}\InprocServer32 -> C:/Users/Администратор/AppData/Local/Mail.Ru/Disk-O/CloudShell64.dll => No File CustomCLSID: HKU\S-1-5-21-807865433-4095668257-2292591684-500_Classes\CLSID\{4299B2BA-5F79-4F6E-ACF8-11DAB8B7E79D}\InprocServer32 -> C:/Users/Администратор/AppData/Local/Mail.Ru/Disk-O/CloudShell64.dll => No File CustomCLSID: HKU\S-1-5-21-807865433-4095668257-2292591684-500_Classes\CLSID\{55FED18D-FC3D-6019-A8B3-41E44F6DCA1A}\InprocServer32 -> C:/Users/Администратор/AppData/Local/Mail.Ru/Disk-O/CloudShell64.dll => No File CustomCLSID: HKU\S-1-5-21-807865433-4095668257-2292591684-500_Classes\CLSID\{66FED18D-FC3D-4012-A8B3-41E77F6DCA5A}\InprocServer32 -> C:/Users/Администратор/AppData/Local/Mail.Ru/Disk-O/CloudShell64.dll => No File CustomCLSID: HKU\S-1-5-21-807865433-4095668257-2292591684-500_Classes\CLSID\{B5E0E0D5-A185-4D82-BFEE-3C51052EEA82}\InprocServer32 -> C:/Users/Администратор/AppData/Local/Mail.Ru/Disk-O/CloudShell64.dll => No File CustomCLSID: HKU\S-1-5-21-807865433-4095668257-2292591684-500_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) CustomCLSID: HKU\S-1-5-21-807865433-4095668257-2292591684-500_Classes\CLSID\{EF706AB3-1E0E-4C5B-A40F-023F0FA36E12}\localserver32 -> C:\WINDOWS\System32\RunDll32.exe "C:\Program Files\Soft Organizer\Notifications.dll",Activate -ToastActivated => No File ShellIconOverlayIdentifiers: [ MailRuDiskoIconOverlay0] -> {05EEE316-3AD4-4459-922B-B1CA88962F14} => C:\Users\Администратор\AppData\Local\Mail.Ru\Disk-O\CloudShell64.dll -> No File ShellIconOverlayIdentifiers: [ MailRuDiskoIconOverlay1] -> {B5E0E0D5-A185-4D82-BFEE-3C51052EEA82} => C:\Users\Администратор\AppData\Local\Mail.Ru\Disk-O\CloudShell64.dll -> No File ShellIconOverlayIdentifiers: [ MailRuDiskoIconOverlay2] -> {66FED18D-FC3D-4012-A8B3-41E77F6DCA5A} => C:\Users\Администратор\AppData\Local\Mail.Ru\Disk-O\CloudShell64.dll -> No File ShellIconOverlayIdentifiers: [ MailRuDiskoIconOverlay3] -> {55FED18D-FC3D-6019-A8B3-41E44F6DCA1A} => C:\Users\Администратор\AppData\Local\Mail.Ru\Disk-O\CloudShell64.dll -> No File ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use] ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File ContextMenuHandlers1: [ FileSyncEx] -> [CC]{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-10-28] (Notepad++ -> ) ContextMenuHandlers1: [IObitUnstaler] -> [CC]{836AB26C-2DE4-41D3-AC24-4C6C2699B960} => -> No File ContextMenuHandlers1: [UAContextMenu] -> [CC]{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use] ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b5d4c82c67b39358\igfxDTCM.dll [2018-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_23611a14acdc0e84\nvshext.dll [2020-08-14] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ContextMenuHandlers6: [UAContextMenu] -> [CC]{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3_S-1-5-21-807865433-4095668257-2292591684-500: [MailRuCloudContextMenu] -> [CC]{4299B2BA-5F79-4F6E-ACF8-11DAB8B7E79D} => -> No File ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop\Деинсталлировать Telegram.lnk -> C:\Users\Администратор\AppData\Roaming\Telegram Desktop\unins000.exe () <==== Cyrillic Shortcut: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\SendTo\Передача файлов через Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <==== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype для бизнеса.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation) <==== Cyrillic ShortcutWithArgument: C:\Users\Администратор\Desktop\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> -restore-last-session ShortcutWithArgument: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения Chrome\Telegram.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fkpkommdlpgiaihigllagaghoeaeoomh ShortcutWithArgument: C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\SendTo\Получатель факса.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo <==== Cyrillic ShortcutWithArgument: C:\Users\Администратор\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============= 2019-07-15 10:20 - 2019-07-15 10:20 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [466] AlternateDataStreams: C:\Users\Администратор\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] AlternateDataStreams: C:\Users\Администратор\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2020-08-06 15:44 - 2020-09-04 01:25 - 000051968 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 serius.mwbsys.com 0.0.0.0 keystone.mwbsys.com 2020-09-02 13:02 - 2020-09-04 12:02 - 000000506 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 192.168.137.111 iPhone-Admin.mshome.net # 2020 9 5 11 7 2 52 555 192.168.137.1 LAPTOP-856N0VNE.mshome.net # 2025 9 3 3 7 2 52 555 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR HKU\S-1-5-21-807865433-4095668257-2292591684-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Администратор\Pictures\Wallpapers\paul-gilmore-b3O1kFcWLHw-unsplash.jpg DNS Servers: 109.195.144.3 - 109.195.145.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: cplspcon => 3 MSCONFIG\Services: Dolby DAX2 API Service => 2 MSCONFIG\Services: ESRV_SVC_QUEENCREEK => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: Hamachi2Svc => 2 MSCONFIG\Services: iaStorAfsService => 3 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: ibtsiva => 2 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) SUR QC SAM => 3 MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: lfsvc => 3 MSCONFIG\Services: LMIGuardianSvc => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MBAMInstallerService => 2 MSCONFIG\Services: NvContainerLocalSystem => 2 MSCONFIG\Services: PhoneSvc => 3 MSCONFIG\Services: PSSvc => 3 MSCONFIG\Services: Razer Chroma SDK Server => 2 MSCONFIG\Services: Razer Chroma SDK Service => 2 MSCONFIG\Services: Razer Game Manager Service => 2 MSCONFIG\Services: Razer Synapse Service => 2 MSCONFIG\Services: RetailDemo => 3 MSCONFIG\Services: RmSvc => 3 MSCONFIG\Services: Rockstar Service => 3 MSCONFIG\Services: RstMwService => 2 MSCONFIG\Services: RzActionSvc => 2 MSCONFIG\Services: ScDeviceEnum => 3 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: Spooler => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: SystemUsageReportSvc_QUEENCREEK => 2 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: uncheater_bgl => 3 MSCONFIG\Services: USER_ESRV_SVC_QUEENCREEK => 3 MSCONFIG\Services: WalletService => 3 MSCONFIG\Services: XblGameSave => 3 MSCONFIG\Services: XboxNetApiSvc => 3 HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "DAX2_APP" HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run: => "RtHDVBg_ASC" HKLM\...\StartupApproved\Run: => "Riot Vanguard" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" HKLM\...\StartupApproved\Run: => "BdVpnApp" HKLM\...\StartupApproved\Run: => "CL-25-756CBDD6-1472-4919-BFC7-C4BD1C83D007" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\StartupFolder: => "Disk-O.lnk" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\Run: => "Synapse3" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\Run: => "Firework" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\Run: => "CCXProcess" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\Run: => "Lync" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\Run: => "MySQL Notifier" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\Run: => "Advanced SystemCare 10" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B8BE3948-B23D-4124-8512-5780A76C5B7B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1309F231-066B-41F3-ABC4-1337AB9580A0}] => (Allow) D:\Programs\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> ) FirewallRules: [{F0CF49D0-AE8F-449C-BD4F-9CC5DF595E20}] => (Allow) D:\Programs\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> ) FirewallRules: [{05C69FB0-26F9-4BBB-A8F6-1C53107A8DDD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9E871375-FB48-4585-87C5-3844EC43A252}] => (Allow) D:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{1EBE7B63-22E4-4DDE-BFD8-D04BFB40DBE0}] => (Allow) D:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{FE8924ED-4AD4-41A7-BF0F-7518CE8762CE}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{C558CD59-B273-4A59-9EED-FCCBFE3B39EF}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{1C4198EA-4AEE-434C-933A-7E74C505CC60}] => (Allow) D:\Programs\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{84BA67B8-5624-4F12-B393-2C5BE253100E}] => (Allow) D:\Programs\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{B43F5507-19BA-4E0A-AA22-23354A0ED2E6}D:\games\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\bin\javaw.exe FirewallRules: [UDP Query User{5BA1EA1E-D2E4-4559-A85F-AF85259050FD}D:\games\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\bin\javaw.exe FirewallRules: [TCP Query User{60B5A593-A238-4116-B87C-3D074A82DA86}C:\users\администратор\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\администратор\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) FirewallRules: [UDP Query User{59B1D2DB-8198-4C3C-8510-C9622DBF6A92}C:\users\администратор\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\администратор\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) FirewallRules: [TCP Query User{4C8686EE-C21A-4295-A950-EEE925B74BD0}D:\games\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\bin\javaw.exe FirewallRules: [UDP Query User{310C143F-4616-4A7E-AC7F-F7172F2737A0}D:\games\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\bin\javaw.exe FirewallRules: [{52F1EB9B-AA12-40E5-A88F-9E747C6F6CF5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E32A3567-1766-4E7D-9EC9-EE276750F0C8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7E429904-180E-49EF-BA53-F2D446767C3A}] => (Allow) D:\Games\GTA 5\GTAV\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{653E2A34-0863-4A58-B48F-2DF63A2C74E8}] => (Allow) D:\Games\GTA 5\GTAV\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{EAF4C34F-68F3-4E50-AFA9-BE66FFBAECE2}] => (Allow) D:\Games\GTA 5\GTAV\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{F6D707EE-F0FC-46D4-911C-6CDBBFDC63A1}] => (Allow) D:\Games\GTA 5\GTAV\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{A3AD9DC2-2120-4A79-B17A-351F2624CBFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{680F36C8-C760-4113-B290-8047D3CCC3C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{E1473C29-30F8-411E-9436-4E3714E789F0}] => (Allow) LPort=3306 FirewallRules: [{560079BE-BEBD-4544-B8C0-07152887447D}] => (Allow) LPort=33060 FirewallRules: [{B01113DC-C592-4804-9231-F1AFC76ECB70}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{336E4D58-8F8C-4EF4-9D5C-C682BD2F40D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{352B8F50-DA63-4B19-8462-10A03828D191}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7D040410-72C6-4DC2-B03D-28B3BDBFE60E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{FE278579-10EC-4547-AA66-621A3B1AD85D}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{60DA202C-76B5-4ED1-B951-72EB48A4E5EF}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{1EEA50F3-7473-46ED-B9FE-F638D9C328DD}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{5C35758C-42AC-4C5B-BD9C-155F6ECD5553}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> ) FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation) FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => (Block) C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{CC84E8F1-AC8A-4FDE-90D1-228BB32A1483}] => (Block) C:\Windows\explorer.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DF429243-C9F2-4620-B97F-E11DCD3B82ED}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E045891B-F71A-42C6-B497-555CC9AF2771}] => (Block) LPort=445 FirewallRules: [{92738F67-07E8-4D61-A6B2-51275E30EE7B}] => (Block) LPort=445 FirewallRules: [{A713DA2B-22CC-4817-BC06-2EFB18655B3D}] => (Block) LPort=139 FirewallRules: [{7F6BDFCD-32BC-4FBB-8C17-226B85B2E540}] => (Block) LPort=139 FirewallRules: [{CA1826D3-A9E4-40C7-8DD4-D1EADCDBF7E0}] => (Allow) LPort=3389 FirewallRules: [{64ADCBFC-B41A-4B7A-B5C7-4965D438F3A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{C4D0476C-415F-494C-B988-7CF9A35B51D0}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{DC3DE243-0D1D-4593-8A0A-14D75FD6DFC2}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{03826677-BD26-44ED-860F-EFA5DBD11CE0}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ Name: LogMeIn Hamachi Virtual Ethernet Adapter Description: LogMeIn Hamachi Virtual Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn Inc. Service: Hamachi Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Высокоточный таймер событий Description: Высокоточный таймер событий Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Стандартные системные устройства) Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (09/04/2020 12:27:48 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Ошибка теневого копирования тома: Ошибка при создании класса поставщика теневого копирования COM с CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, Указанная служба не установлена. ]. Операция: Получение интерфейса с возможностью вызова для данного поставщика Перечисление интерфейсов всех поставщиков, поддерживающих данный контекст Запрос теневых копий Контекст: Код поставщика: {b5946137-7b9f-4925-af80-51abd60b20d5} Код класса: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Контекст моментального снимка: 13 Контекст моментального снимка: 13 Контекст выполнения: Coordinator Error: (09/04/2020 12:27:48 PM) (Source: VSS) (EventID: 13) (User: ) Description: Информация теневого копирования тома: не удается запустить COM-сервер с CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} под именем SW_PROV. [0x80070424, Указанная служба не установлена. ] Операция: Получение интерфейса с возможностью вызова для данного поставщика Перечисление интерфейсов всех поставщиков, поддерживающих данный контекст Запрос теневых копий Контекст: Код поставщика: {b5946137-7b9f-4925-af80-51abd60b20d5} Код класса: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Контекст моментального снимка: 13 Контекст моментального снимка: 13 Контекст выполнения: Coordinator Error: (09/04/2020 12:26:49 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Ошибка теневого копирования тома: Ошибка при создании класса поставщика теневого копирования COM с CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, Указанная служба не установлена. ]. Операция: Получение интерфейса с возможностью вызова для данного поставщика Перечисление интерфейсов всех поставщиков, поддерживающих данный контекст Запрос теневых копий Контекст: Код поставщика: {b5946137-7b9f-4925-af80-51abd60b20d5} Код класса: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Контекст моментального снимка: -1 Контекст моментального снимка: -1 Контекст выполнения: Coordinator Error: (09/04/2020 12:26:49 PM) (Source: VSS) (EventID: 13) (User: ) Description: Информация теневого копирования тома: не удается запустить COM-сервер с CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} под именем SW_PROV. [0x80070424, Указанная служба не установлена. ] Операция: Получение интерфейса с возможностью вызова для данного поставщика Перечисление интерфейсов всех поставщиков, поддерживающих данный контекст Запрос теневых копий Контекст: Код поставщика: {b5946137-7b9f-4925-af80-51abd60b20d5} Код класса: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Контекст моментального снимка: -1 Контекст моментального снимка: -1 Контекст выполнения: Coordinator Error: (09/04/2020 12:26:49 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Ошибка теневого копирования тома: Ошибка при создании класса поставщика теневого копирования COM с CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, Указанная служба не установлена. ]. Операция: Получение интерфейса с возможностью вызова для данного поставщика Перечисление интерфейсов всех поставщиков, поддерживающих данный контекст Проверьте, поддерживается ли том поставщиком Добавление тома в набор теневых копий Контекст: Код поставщика: {b5946137-7b9f-4925-af80-51abd60b20d5} Код класса: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Контекст моментального снимка: 29 Контекст моментального снимка: 29 Контекст выполнения: Coordinator Код поставщика: {00000000-0000-0000-0000-000000000000} Имя тома: \\?\Volume{351239b6-040c-4bba-8be5-2e0694c6bbd4}\ Контекст выполнения: Coordinator Error: (09/04/2020 12:26:49 PM) (Source: VSS) (EventID: 13) (User: ) Description: Информация теневого копирования тома: не удается запустить COM-сервер с CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} под именем SW_PROV. [0x80070424, Указанная служба не установлена. ] Операция: Получение интерфейса с возможностью вызова для данного поставщика Перечисление интерфейсов всех поставщиков, поддерживающих данный контекст Проверьте, поддерживается ли том поставщиком Добавление тома в набор теневых копий Контекст: Код поставщика: {b5946137-7b9f-4925-af80-51abd60b20d5} Код класса: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Контекст моментального снимка: 29 Контекст моментального снимка: 29 Контекст выполнения: Coordinator Код поставщика: {00000000-0000-0000-0000-000000000000} Имя тома: \\?\Volume{351239b6-040c-4bba-8be5-2e0694c6bbd4}\ Контекст выполнения: Coordinator Error: (09/04/2020 12:26:49 PM) (Source: VSS) (EventID: 12292) (User: ) Description: Ошибка теневого копирования тома: Ошибка при создании класса поставщика теневого копирования COM с CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070424, Указанная служба не установлена. ]. Операция: Получение интерфейса с возможностью вызова для данного поставщика Перечисление интерфейсов всех поставщиков, поддерживающих данный контекст Запрос теневых копий Контекст: Код поставщика: {b5946137-7b9f-4925-af80-51abd60b20d5} Код класса: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Контекст моментального снимка: -1 Контекст моментального снимка: -1 Контекст выполнения: Coordinator Error: (09/04/2020 12:26:49 PM) (Source: VSS) (EventID: 13) (User: ) Description: Информация теневого копирования тома: не удается запустить COM-сервер с CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} под именем SW_PROV. [0x80070424, Указанная служба не установлена. ] Операция: Получение интерфейса с возможностью вызова для данного поставщика Перечисление интерфейсов всех поставщиков, поддерживающих данный контекст Запрос теневых копий Контекст: Код поставщика: {b5946137-7b9f-4925-af80-51abd60b20d5} Код класса: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} Контекст моментального снимка: -1 Контекст моментального снимка: -1 Контекст выполнения: Coordinator System errors: ============= Error: (09/04/2020 12:21:04 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-856N0VNE) Description: Регистрация сервера {3EB3C877-1F16-487C-9050-104DBCD66683} DCOM не выполнена за отведенное время ожидания. Error: (09/04/2020 12:21:04 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-856N0VNE) Description: Произошла ошибка DCOM "1084" при попытке запуска службы ShellHWDetection с аргументами "Недоступно" для запуска сервера: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (09/04/2020 12:20:52 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-856N0VNE) Description: Произошла ошибка DCOM "1084" при попытке запуска службы camsvc с аргументами "Недоступно" для запуска сервера: Windows.Internal.CapabilityAccess.CapabilityAccess Error: (09/04/2020 12:20:51 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-856N0VNE) Description: Произошла ошибка DCOM "1084" при попытке запуска службы ShellHWDetection с аргументами "Недоступно" для запуска сервера: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (09/04/2020 12:20:33 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: Произошла ошибка DCOM "1084" при попытке запуска службы netprofm с аргументами "Недоступно" для запуска сервера: {A47979D2-C419-11D9-A5B4-001185AD2B89} Error: (09/04/2020 12:19:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: Произошла ошибка DCOM "1084" при попытке запуска службы wuauserv с аргументами "Недоступно" для запуска сервера: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (09/04/2020 12:19:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: Произошла ошибка DCOM "1084" при попытке запуска службы wuauserv с аргументами "Недоступно" для запуска сервера: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (09/04/2020 12:19:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: Произошла ошибка DCOM "1084" при попытке запуска службы netprofm с аргументами "Недоступно" для запуска сервера: {A47979D2-C419-11D9-A5B4-001185AD2B89} Windows Defender: =================================== Date: 2020-09-02 22:57:26.350 Description: Проверка, выполняемая Антивирусная программа "Защитник Windows", была остановлена до полного завершения. ИД проверки: {8911B746-2D5E-48D6-9FB5-C4526DEB8356} Тип проверки: Антивредоносная программа Параметры проверки: Полная проверка Пользователь: LAPTOP-856N0VNE\Администратор Date: 2020-09-02 22:41:16.946 Description: Проверка, выполняемая Антивирусная программа "Защитник Windows", была остановлена до полного завершения. ИД проверки: {F68E7486-3CCD-4953-AF3B-3CA580D7F88D} Тип проверки: Антивредоносная программа Параметры проверки: Быстрая проверка Пользователь: LAPTOP-856N0VNE\Администратор Date: 2020-09-02 22:39:55.820 Description: Проверка, выполняемая Антивирусная программа "Защитник Windows", была остановлена до полного завершения. ИД проверки: {940234E3-2479-4D55-9E18-AC60811BB733} Тип проверки: Антивредоносная программа Параметры проверки: Быстрая проверка Пользователь: LAPTOP-856N0VNE\Администратор Date: 2020-09-04 12:19:56.629 Description: При обновлении службы анализа безопасности в программе Антивирусная программа "Защитник Windows" возникла ошибка. Новая версия службы анализа безопасности: Предыдущая версия службы анализа безопасности: 1.323.475.0 Источник обновления: Сервер Центра обновления Майкрософт Тип службы анализа безопасности: Антивирусная программа Тип обновления: Полное Пользователь: NT AUTHORITY\СИСТЕМА Текущая версия подсистемы: Предыдущая версия подсистемы: 1.1.17400.5 Код ошибки: 0x8007043c Описание ошибки: Эта служба не запускается в безопасном режиме (Safe Mode) Date: 2020-09-04 12:09:54.942 Description: В ходе выполнения функции защиты в режиме реального времени Антивирусная программа "Защитник Windows" произошла ошибка, и функция завершила свою работу. Функция: При доступе Код ошибки: 0x8007043c Описание ошибки: Эта служба не запускается в безопасном режиме (Safe Mode) Причина: Служба анализа защиты от вредоносных программ перестала работать по неизвестной причине. В некоторых случаях проблема может быть устранена путем перезапуска службы. CodeIntegrity: =================================== Date: 2020-09-04 01:48:02.685 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Programs\Новая папка\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-04 01:48:00.123 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Programs\Новая папка\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-04 01:47:59.975 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Programs\Новая папка\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-04 01:47:56.096 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Programs\Новая папка\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-04 01:44:27.358 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Programs\Новая папка\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-04 01:44:27.327 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Programs\Новая папка\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-04 01:44:27.299 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Programs\Новая папка\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-09-04 01:44:27.268 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Programs\Новая папка\aswAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Insyde Corp. V1.28 08/05/2019 Motherboard: CFL Freed_CFS Processor: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz Percentage of memory in use: 54% Total physical RAM: 5986.3 MB Available physical RAM: 2724.72 MB Total Virtual: 15202.3 MB Available Virtual: 10668.32 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:118.12 GB) (Free:52.15 GB) NTFS Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:498.91 GB) NTFS \\?\Volume{6747fab3-59a8-4047-b9de-31abcdc184fa}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.49 GB) NTFS \\?\Volume{d743faf7-f231-4f07-a17c-02f8416468a1}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: C1B036B2) Partition: GPT. ========================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: C1B036D4) Partition: GPT. ==================== End of Addition.txt =======================