Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017 Ran by admin (02-02-2017 19:57:18) Running from C:\Users\admin\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2015-08-18 14:44:38) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-3397271481-1196691400-1618317599-1000 - Administrator - Enabled) => C:\Users\admin HomeGroupUser$ (S-1-5-21-3397271481-1196691400-1618317599-1002 - Limited - Enabled) Администратор (S-1-5-21-3397271481-1196691400-1618317599-500 - Administrator - Disabled) Гость (S-1-5-21-3397271481-1196691400-1618317599-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3397271481-1196691400-1618317599-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) DevID Agent (HKLM-x32\...\DevID_Agent) (Version: 4,34 - DevID) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) jetAudio Plus VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.16 - COWON) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.51209 - Корпорация Майкрософт) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft) Microsoft Office профессиональный плюс 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.) PBot (HKU\S-1-5-21-3397271481-1196691400-1618317599-1000\...\PBot) (Version: - ) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden Sims 3: Мир Приключений (HKLM-x32\...\Sims 3: Мир Приключений_is1) (Version: - ) Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Sims 3 (HKLM\...\The Sims 3_is1) (Version: - ) The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts) Unity Web Player (HKU\S-1-5-21-3397271481-1196691400-1618317599-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS) USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: 6.5.0.0 - RePack by Andreyonohov) Viber (HKU\S-1-5-21-3397271481-1196691400-1618317599-1000\...\{31f7057b-ec8e-431b-a621-6351f771f4ed}) (Version: 6.1.0.1623 - Viber Media Inc.) Viber (x32 Version: 6.1.0.1623 - Viber Media Inc.) Hidden Video and Audio Plugin UBar (HKLM\...\UBar) (Version: 1.1.36.1 - UBar Plugin Soft) VKMusic 4 (HKLM-x32\...\VKMusic 4_is1) (Version: 4.65 - ) WebcamMax (HKLM-x32\...\WebcamMax) (Version: 7.9.7.8.MultiLanguage - COOLWAREMAX) WinRAR 5.30 бета 2 (64-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.30.2 - win.rar GmbH) Yandex (HKU\S-1-5-21-3397271481-1196691400-1618317599-1000\...\YandexBrowser) (Version: 16.11.1.673 - ООО «ЯНДЕКС») Диаграмма HS для воды и водяного пара v2.4 (HKLM-x32\...\Диаграмма HS для воды и водяного пара v2.4) (Version: - - www.neurothermal.ru) Пакет драйверов Windows - INTEL System (10/03/2016 10.1.1.38) (HKLM\...\81CCB74AA48AE01DE6D9D32E5143728EF02343C9) (Version: 10/03/2016 10.1.1.38 - INTEL) Пакет драйверов Windows - INTEL System (10/03/2016 10.1.1.38) (HKLM\...\F2D2DC629939FBB1317CA3491FD0EFAD05C3F443) (Version: 10/03/2016 10.1.1.38 - INTEL) Пакет драйверов Windows - INTEL USB (10/03/2016 10.1.1.38) (HKLM\...\E65C982C8EB9CEDC1CAD3078E70D87251F59BC79) (Version: 10/03/2016 10.1.1.38 - INTEL) Поддержка программ Apple (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Русский языковой пакет для jetAudio 8.0 (HKLM-x32\...\JA-ALEXEY-RUS-D1D1G1X1-80_is1) (Version: 1.33 - НСП "Романов-на-Мурмане") ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3397271481-1196691400-1618317599-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01EB6501-7FCD-424F-BEA5-22FD450EC5D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {115BF2DF-DDE0-4D37-9D9E-26E0ACD7CC0F} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION Task: {202BED15-D883-45B5-8796-EA55CD5772CA} - System32\Tasks\SafeZone scheduled Autoupdate 1485809610 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software) Task: {253B9E06-7996-4990-A3BD-B9F6FE1894E8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2017-01-30] (AVAST Software) Task: {32088385-5BEB-493A-BFE8-5E7A3714FFFD} - \PBot -> No File <==== ATTENTION Task: {34FFFE00-0839-4F04-B21A-3033BE42CA20} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION Task: {394C29B1-FE0E-42E3-A28F-057348BB6986} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14] (ASUSTek Computer Inc.) Task: {39F45640-1AD1-41E9-B47B-224FBBA628A7} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION Task: {3CD90855-B047-4411-8371-C174F9068948} - System32\Tasks\Обновление Браузера Яндекс => C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2017-01-17] (YANDEX LLC) Task: {4A449087-224A-4365-821E-7DD3292A2FBC} - System32\Tasks\{3322C573-3647-49E8-9097-F0939B2AD582} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.64.102/ru/go/help.faq.installer?LastError=1618 Task: {637C8F41-D165-41FB-807E-7187EE6282B4} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION Task: {74D90FB0-7F23-43D4-A953-D00D32FDF2EB} - System32\Tasks\GoogleUpdateTaskMachineUA1d248a1c51b13f4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {903A6E40-6569-4358-B5F1-7EE7FA588FB9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {9923E0D5-2E60-4779-A58A-DE82489E486F} - System32\Tasks\{6533ECA9-ADBE-4556-BD95-860098B615B7} => C:\Program Files (x86)\Steam\Steam.exe [2016-12-20] (Valve Corporation) Task: {A3E45631-2862-4908-B56A-37953D0D4D7F} - System32\Tasks\Системное обновление Браузера Яндекс => C:\Program Files (x86)\Yandex\YandexBrowser\17.1.0.2034\service_update.exe [2017-01-17] (YANDEX LLC) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.)) Task: {B2E5CD91-8A41-4BCF-85AD-D5D570A93F92} - \{A4124A12-72EF-4034-852F-C9C03F90E6D0} -> No File <==== ATTENTION Task: {CEFD9B21-D110-4F99-8814-79C5951C692F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-02] (AVAST Software) Task: {DB3CF40C-8B05-4CEC-BC35-F765B91D5CDA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) Task: {F5B92B13-C974-4FA5-9053-FD47774B8FA3} - System32\Tasks\GoogleUpdateTaskMachineCore1d248a1c42f7801 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Обновление Браузера Яндекс.job => C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe Task: C:\Windows\Tasks\Системное обновление Браузера Яндекс.job => C:\Program Files (x86)\Yandex\YandexBrowser\17.1.0.2034\service_update.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\admin\Desktop\Sims 3 - Мир Приключений.lnk -> D:\The Sims 3\Support\Sims 3 - World Adventures\World Adventures\Game\Bin\Sims3Launcher.exe (EA.com) <===== Cyrillic Shortcut: C:\Users\admin\Desktop\рр.lnk -> C:\Users\admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) <===== Cyrillic Shortcut: C:\Users\admin\Desktop\учёба\Диаграмма HS для воды и водяного пара v2.4.lnk -> D:\Программы\Sys\Диаграмма HS для воды и водяного пара v2.4\DiagramHS.v2.4.exe (www.neurothermal.ru) <===== Cyrillic Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Диаграмма HS для воды и водяного пара v2.4\Диаграмма HS для воды и водяного пара v2.4.lnk -> D:\Программы\Sys\Диаграмма HS для воды и водяного пара v2.4\DiagramHS.v2.4.exe (www.neurothermal.ru) <===== Cyrillic Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Диаграмма HS для воды и водяного пара v2.4\Удаление.lnk -> D:\Программы\Sys\Диаграмма HS для воды и водяного пара v2.4\Uninstall.exe () <===== Cyrillic Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Новости в последней версии.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () <===== Cyrillic Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Руководство по консольной версии RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () <===== Cyrillic Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Справка WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () <===== Cyrillic Shortcut: C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\Передача файлов через Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <===== Cyrillic ShortcutWithArgument: C:\Users\admin\Desktop\Войны престолов.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> " <===== Cyrillic ShortcutWithArgument: C:\Users\admin\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://rigneda.ru/?utm_source=startlink03&utm_content=adbf052057e305ed7ecce74202676864&utm_term=74F515E55772D5260256C05CEE5B1EDA&utm_d=20161120" ==================== Loaded Modules (Whitelisted) ============== 2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-08-18 19:19 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe 2017-01-30 23:51 - 2017-01-30 23:51 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-02-02 17:27 - 2017-02-02 17:27 - 04377600 _____ () C:\Program Files\AVAST Software\Avast\defs\17020200\algo.dll 2017-01-30 23:51 - 2017-01-30 23:51 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-08-18 19:19 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2017-01-30 23:50 - 2015-01-30 20:44 - 00035328 _____ () C:\Program Files (x86)\USB Disk Security\locales\russian.dll 2017-01-30 23:51 - 2017-01-30 23:51 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:34 - 2016-11-19 11:52 - 00000876 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3397271481-1196691400-1618317599-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Zaxar Games Browser.lnk => C:\Windows\pss\Zaxar Games Browser.lnk.CommonStartup MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe --run startup MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent MSCONFIG\startupreg: PBot => "C:\Users\admin\AppData\Roaming\PBot\python\pythonw.exe" "C:\Users\admin\AppData\Roaming\PBot\launchall.py" MSCONFIG\startupreg: uTorrent => "C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED MSCONFIG\startupreg: WebcamMaxAutoRun => "C:\Program Files (x86)\WebcamMax\wcmmon.exe" -a ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E1C6A938-20E3-4E5B-BF9B-6D02C23C2EF4}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{73E57047-1225-4DB0-A36D-1F8FD020F06E}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{0A87015F-5219-40C4-BFBF-B111AAF90FF6}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{3CECF803-30D7-42A3-BB3C-9E32C040ABA2}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{C262CD37-10E6-437B-A879-95B0F695D87A}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{19E1EEDB-2949-46CF-804C-F3A1E4D1E546}] => C:\Windows\system32\hasplms.exe FirewallRules: [{50C7ED99-0F96-4DBC-862D-5ECA74880639}] => C:\Users\admin\AppData\Local\Amigo\Application\amigo.exe FirewallRules: [{D84B0921-8EC9-4CBA-93D3-8B4211F30DFB}] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B8FE774A-BBAC-4E99-B2E8-94BA5C441F63}] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{16CB4488-811E-4E02-9088-B4694F7E8A7F}] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{03500144-DA2B-421B-90B0-5B666E227178}] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1AD3F697-4CD4-42B1-A9E7-47ECB3B5C718}] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F250D80C-A2C5-4ACC-B26B-C32D29F4F675}] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{2C318F6B-FAD8-4E79-ACCA-71A8BBDF0BC1}C:\program files (x86)\electronic arts\eadm\core.exe] => C:\program files (x86)\electronic arts\eadm\core.exe FirewallRules: [UDP Query User{9C73CF55-4B91-4DCD-992B-B61CBC4EDB9D}C:\program files (x86)\electronic arts\eadm\core.exe] => C:\program files (x86)\electronic arts\eadm\core.exe FirewallRules: [{27A75628-FEA1-423E-B535-CE90B1B5775C}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0870A88B-6361-442B-9B55-0895F16EF56D}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{F8E0A66E-F0F1-4287-9378-09F29FC26E7F}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B113D8F3-D09A-459A-9182-70629AF759FB}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{D0F7F3F8-C7EE-42F7-9829-D41CF74E845F}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{944E3310-5F5A-4BE3-B5B3-E2256796170D}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{893F8156-DD8C-4725-8EC4-5074055D00F5}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{129906E0-6AA9-4BB0-94E4-3C9212CE7895}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{904D022A-3220-43F0-AB0A-2B2658E6165B}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0713BB28-0EDC-4694-8C2C-F599419F3F99}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{57C412BD-9C29-4983-89D0-3128590DBDF5}C:\tcpu67\programm\winbox\winbox.exe] => C:\tcpu67\programm\winbox\winbox.exe FirewallRules: [UDP Query User{3AE96EA8-B6BD-45D9-9C77-223D0C3264EE}C:\tcpu67\programm\winbox\winbox.exe] => C:\tcpu67\programm\winbox\winbox.exe FirewallRules: [{CC513633-1F98-4DCF-ABA9-C9A483D596A0}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{5D0C3F9B-0798-4FCB-8342-E19274D3AAE4}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{8F55E1F3-D546-4BCD-9D64-DA83BC65B220}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{07AEB651-2DBA-4820-B974-28A7CD1BB29E}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{77BD5D46-00E5-4BF3-AC1A-CD4C23C54D79}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{82C00F2D-5EC4-4280-AFFA-B35D57A2C895}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{ED709DAA-C110-495A-9DE9-9699B7764340}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D9049413-7B2A-4BB9-B52D-559C9B965973}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{80E2D1E3-D9E2-4165-9C98-A989099913D9}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1779CA71-F232-47FD-84DF-D7B1BB673DEB}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B31FB5C1-E39C-4F75-8ADA-ED6319FD8E37}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0DC9F481-BF8C-4A47-8517-A04579989952}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{833BCD84-9B0B-43A5-8754-1C4CDEC5A90F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{35727E0A-3D71-4B21-A96B-4695D99552F2}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F2764490-D9B3-4B74-9F37-E62E8AB4F1C0}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F4EEB970-9877-4977-9791-6B3A19F4181F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{13A381E9-4FCF-4277-8CFD-D5BC2F33AF32}] => C:\Program Files\UBar\ubar.exe FirewallRules: [{3070A2F0-84A9-4087-B48D-4521DF6640E4}] => C:\Users\admin\AppData\Local\Orbitum\Application\orbitum.exe FirewallRules: [{C1843EAF-DD86-414A-87C2-A3DFC74F6E3F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DB4BA7E4-5445-4F66-AF2F-E24995E770D8}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{819D6889-BD9D-456D-85F4-333E049E2909}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{37164FF3-F410-42E4-8672-FC11524A9407}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{166F500D-7DC9-45CA-8EA8-78B286197290}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F8CDE5FD-4533-406B-A179-BC545DD1CF06}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E8D046E0-9094-4CC0-9663-032E4FEE05FF}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{2C92F775-8FBE-40CB-B6A9-01FF685FC40F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{17C83536-EAC8-4218-A72C-799BAA199B42}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D6D755D1-5FAE-4A88-95F6-41CD6315C5A9}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{37EAA809-7999-4FD5-839F-E51A7C29CA2A}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{FD39BDF1-CB97-4FF0-92A0-C2AFBACD70F1}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{BF2DF1BA-3088-4BC4-851C-52A73B8BFA2F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{BBBCDC3B-7523-44BE-A279-6B9A9DD45359}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{C0DC9D05-7B13-4316-A77D-19874A18CCB8}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{581328B0-EDEA-45C3-BB2C-F343479CD383}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1C6A052A-2E16-4A91-B405-53E7424EC349}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{111A7F6B-66CE-49E6-AA4B-3ED7704E5366}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{C5AB663F-D75E-4926-8DAD-496133992DAC}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CB9CB99D-47CA-4B15-BDAF-3E1F70AD9F73}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{C4EE4521-4786-4A64-9F52-FDF5BA6E8C51}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{2D5F1926-5479-4392-979A-8928987C0D40}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E3E2A78A-CE62-4EFB-9E9D-E73AD36BD33C}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe StandardProfile\AuthorizedApplications: [D:\The Sims 3\game\bin\TS3.exe] => :127.0.0.1/255.255.255.255:Enabled:TS3.exe StandardProfile\AuthorizedApplications: [D:\The Sims 3\game\bin\Sims3Launcher.exe] => :127.0.0.1/255.255.255.255:Enabled:Sims3Launcher.exe ==================== Restore Points ========================= 21-12-2016 03:00:20 Центр обновления Windows 06-01-2017 11:18:51 Removed ATK Package 06-01-2017 11:21:08 Удалено КОМПАС-3D V13. 06-01-2017 11:25:11 Удалено КОМПАС-3D Viewer V15.1. 06-01-2017 11:38:07 Windows Defender Checkpoint 28-01-2017 10:44:34 Removed iTunes 28-01-2017 17:02:34 Установлено: Подключение к удаленному рабочему столу 28-01-2017 18:14:48 Операция восстановления 28-01-2017 18:32:45 Центр обновления Windows 28-01-2017 18:55:30 Операция восстановления 30-01-2017 18:57:35 Центр обновления Windows 30-01-2017 23:24:34 Установщик модулей Windows 31-01-2017 00:26:29 Removed Bonjour ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/02/2017 07:53:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/02/2017 07:52:46 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Ошибка при создании контекста активации для "C:\Program Files (x86)\USB Disk Security\MFC80U.DLL". Не найдена зависимая сборка "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"". Используйте sxstrace.exe для подробной диагностики. Error: (02/02/2017 07:52:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Ошибка при создании контекста активации для "C:\Program Files (x86)\USB Disk Security\MFC80U.DLL". Не найдена зависимая сборка "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"". Используйте sxstrace.exe для подробной диагностики. Error: (02/02/2017 07:31:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/02/2017 07:29:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Ошибка при создании контекста активации для "C:\Program Files (x86)\USB Disk Security\MFC80U.DLL". Не найдена зависимая сборка "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"". Используйте sxstrace.exe для подробной диагностики. Error: (02/02/2017 07:29:49 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Ошибка при создании контекста активации для "C:\Program Files (x86)\USB Disk Security\MFC80U.DLL". Не найдена зависимая сборка "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"". Используйте sxstrace.exe для подробной диагностики. Error: (02/02/2017 07:28:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Имя сбойного приложения: mbamservice.exe, версия: 3.1.0.415, отметка времени: 0x5881b7a1 Имя сбойного модуля: CleanControllerImpl.dll_unloaded, версия: 0.0.0.0, отметка времени 0x5879f3bd Код исключения: 0xc0000005 Смещение ошибки: 0x000007fee919bf8e Идентификатор сбойного процесса: 0xeac Время запуска сбойного приложения: 0x01d27d714f2db70d Путь сбойного приложения: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Путь сбойного модуля: CleanControllerImpl.dll Код отчета: 96c2a392-e964-11e6-84ce-18cf5ef90fb6 Error: (02/02/2017 07:28:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Имя сбойного приложения: mbamtray.exe, версия: 3.0.0.912, отметка времени: 0x58811d74 Имя сбойного модуля: mbamtray.exe, версия: 3.0.0.912, отметка времени 0x58811d74 Код исключения: 0xc0000005 Смещение ошибки: 0x00054645 Идентификатор сбойного процесса: 0x127c Время запуска сбойного приложения: 0x01d27d714f3e60af Путь сбойного приложения: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Путь сбойного модуля: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Код отчета: 945ee1ec-e964-11e6-84ce-18cf5ef90fb6 Error: (02/02/2017 07:25:02 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/02/2017 07:24:10 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Ошибка при создании контекста активации для "C:\Program Files (x86)\USB Disk Security\MFC80U.DLL". Не найдена зависимая сборка "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"". Используйте sxstrace.exe для подробной диагностики. System errors: ============= Error: (02/02/2017 07:49:10 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Диспетчер управления службами пытался выполнить исправляющее действие (Перезапуск службы) после непредвиденного завершения службы Windows Search, но при этом произошла следующая ошибка: Одна копия службы уже запущена. Error: (02/02/2017 07:48:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Служба Служба общих сетевых ресурсов проигрывателя Windows Media была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 30000 мсек: Перезапуск службы. Error: (02/02/2017 07:48:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Служба Windows Search была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 30000 мсек: Перезапуск службы. Error: (02/02/2017 07:48:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Служба Кэш шрифтов Windows Presentation Foundation 3.0.0.0 была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 0 мсек: Перезапуск службы. Error: (02/02/2017 07:48:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "Yandex.Browser Update Service" неожиданно прервана. Это произошло (раз): 1. Error: (02/02/2017 07:48:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Служба Apple Mobile Device была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 60000 мсек: Перезапуск службы. Error: (02/02/2017 07:48:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Служба Диспетчер печати была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 60000 мсек: Перезапуск службы. Error: (02/02/2017 07:48:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "ATKGFNEX Service" неожиданно прервана. Это произошло (раз): 1. Error: (02/02/2017 07:48:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "ASLDR Service" неожиданно прервана. Это произошло (раз): 1. Error: (02/02/2017 07:48:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Служба "Intel(R) HD Graphics Control Panel Service" неожиданно прервана. Это произошло (раз): 1. CodeIntegrity: =================================== Date: 2016-07-26 20:13:54.078 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-26 20:13:54.000 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-25 14:02:39.466 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-25 14:02:39.373 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-25 13:46:09.343 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-25 13:46:09.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-25 13:34:38.282 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-25 13:34:38.204 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-24 21:27:09.236 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-07-24 21:27:09.126 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz Percentage of memory in use: 28% Total physical RAM: 3983.93 MB Available physical RAM: 2849.43 MB Total Virtual: 7966.04 MB Available Virtual: 6756.29 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:537.11 GB) (Free:434.91 GB) NTFS Drive d: (Data) (Fixed) (Total:394.3 GB) (Free:362.64 GB) NTFS Drive f: () (Removable) (Total:14.74 GB) (Free:14.63 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1BC6BC88) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=537.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=394.3 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 14.7 GB) (Disk ID: 00BD401F) Partition 1: (Active) - (Size=14.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================