Ответ в теме: Вулкан Вирус

[fateev]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Sergey (27-01-2017 23:26:57)
Running from C:\Users\Sergey\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-30 18:09:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

DefaultAccount (S-1-5-21-3440310028-543357209-3823105786-503 — Limited — Disabled)
HomeGroupUser$ (S-1-5-21-3440310028-543357209-3823105786-1005 — Limited — Enabled)
Sergey (S-1-5-21-3440310028-543357209-3823105786-1001 — Administrator — Enabled) => C:\Users\Sergey
Администратор (S-1-5-21-3440310028-543357209-3823105786-500 — Administrator — Disabled)
Гость (S-1-5-21-3440310028-543357209-3823105786-501 — Limited — Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled — Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled — Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled — Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled — Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with «Hidden» flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\…\WUCCCApp) (Version: 1.00.0000 — AMD)
Apple Mobile Device Support (HKLM\…\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 — Apple Inc.)
Apple Software Update (HKLM-x32\…\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 — Apple Inc.)
BlackVueHD (HKLM-x32\…\BlackVueHD) (Version: — PittaSoft, Inc.)
Bonjour (HKLM\…\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 — Apple Inc.)
eLicenser Control (HKLM-x32\…\eLicenser Control) (Version: 6.10.5.1203 — Steinberg Media Technologies GmbH)
Google Chrome (HKLM-x32\…\Google Chrome) (Version: 55.0.2883.87 — Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 — Google Inc.) Hidden
HP Photo Creations (HKLM-x32\…\HP Photo Creations) (Version: 1.0.0.7702 — HP)
HP Photosmart 5510 series Справка (HKLM-x32\…\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 — Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\…\{20F72141-7B74-4084-9340-7DC1819C9C94}) (Version: 12.5.32.203 — HP Inc.)
HP Update (HKLM-x32\…\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 — Hewlett-Packard)
iTunes (HKLM\…\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 — Apple Inc.)
Microsoft OneDrive (HKU\S-1-5-21-3440310028-543357209-3823105786-1001\…\OneDriveSetup.exe) (Version: 17.3.6743.1212 — Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\…\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) — 11.0.50727 (HKLM-x32\…\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 — Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) — 11.0.50727 (HKLM-x32\…\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 — Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) — 14.0.23506 (HKLM-x32\…\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 — Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) — 14.0.23506 (HKLM-x32\…\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 — Microsoft Corporation)
Norton Security (HKLM-x32\…\NS) (Version: 22.8.1.14 — Symantec Corporation)
Punto Switcher 4.3.4 (HKLM-x32\…\{6BD5E3CC-89D2-4EF6-9233-8ACA533D6849}) (Version: 4.3.4.1753 — Яндекс)
Steinberg Cubase 6 64bit (HKLM\…\{C6651CD0-4892-4465-96AC-C9864A695FF9}) (Version: 6.5.5 — Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\…\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 — Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\…\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 — Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\…\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 — Steinberg Media Technologies GmbH)
Steinberg HALion Sonic Content (HKLM-x32\…\{1AA20A3E-B833-4309-9155-8A15D479D46F}) (Version: 1.5.0.000 — Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\…\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 1.5.2.000 — Steinberg Media Technologies GmbH)
Steinberg HALion Symphonic Orchestra VST Sound Instrument Set (HKLM-x32\…\{1312306D-F0A5-4B64-BA34-AC6169A3A098}) (Version: 1.0.0.000 — Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\…\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 — Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (HKLM-x32\…\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 — Steinberg Media Technologies GmbH)
Steinberg Padshop 64bit (HKLM\…\{75F15019-C0C2-4047-AA45-97B4BD313719}) (Version: 1.0.0 — Steinberg Media Technologies GmbH)
Steinberg Retrologue 64bit (HKLM\…\{4D65ECE6-131D-4B5F-8470-2750D3161619}) (Version: 1.0.0 — Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\…\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 — Steinberg Media Technologies GmbH)
Steinberg The Grand SE 3 64bit (HKLM\…\{CDC3D488-96DB-4CB1-94EF-FB1EDFAABFF6}) (Version: 3.1.0 — Steinberg Media Technologies GmbH)
Steinberg The Grand SE 3 Content (HKLM-x32\…\{3CFC6783-43C3-4A41-9D79-7BA4A3605CBC}) (Version: 1.0.0.000 — Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\…\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 — Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\…\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 — Steinberg Media Technologies GmbH)
Unity Web Player (HKU\S-1-5-21-3440310028-543357209-3823105786-1001\…\UnityWebPlayer) (Version: 5.3.5f1 — Unity Technologies ApS)
Основное программное обеспечение устройства HP Photosmart 5510 series (HKLM\…\{F6BBFDAA-5C39-4D1F-B3E9-B8F5ACD4B6EA}) (Version: 28.0.1315.0 — Hewlett-Packard Co.)
Поддержка программ Apple (x64) (HKLM\…\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 — Apple Inc.)
Поддержка программ Apple (x86) (HKLM-x32\…\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 — Apple Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3909ADB7-5C3E-4DC3-A76E-3DBADE017083} — System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {3AFB4504-1205-40E6-9B68-6A5E084149CA} — System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\WSCStub.exe [2016-11-12] (Symantec Corporation)
Task: {590036DC-319C-4762-AE10-99561EFA7739} — System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {683D8719-BC40-4FA1-ACD2-AD05EA6057EC} — System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {96BCA918-3899-4D55-95EA-FADC2739E27A} — System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {9D70D91B-A966-4877-9517-B8277066E90E} — System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {9F88ED46-F719-47AE-B7FB-0FBFBE31C09C} — System32\Tasks\Norton Security\Norton Autofix => C:\Program Files (x86)\Norton Security\Engine\22.8.1.14\SymErr.exe [2016-11-12] (Symantec Corporation)
Task: {B6777E94-997A-426E-9CA3-95D047E16CC7} — System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-11-12] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Sergey\Links\Google Диск.lnk -> C:\Users\Sergey\Google Диск () <===== Cyrillic
Shortcut: C:\Users\Sergey\Links\Яндекс.Диск.lnk -> C:\Users\Sergey\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe (No File) <===== Cyrillic
Shortcut: C:\Users\Sergey\Google Диск\Документы — Ярлык.lnk -> C:\Users\Sergey\Documents () <===== Cyrillic
Shortcut: C:\Users\Sergey\Desktop\Nikon\D750FM_DL(Ru)01 — ярлык.lnk -> C:\Users\Sergey\Documents\D750FM_DL(Ru)01.pdf () <===== Cyrillic
Shortcut: C:\Users\Sergey\Desktop\Nikon\HXR-MC2500_rus — ярлык.lnk -> C:\Users\Sergey\OneDrive\Документы\HXR-MC2500_rus.pdf () <===== Cyrillic
Shortcut: C:\Users\Sergey\Desktop\Nikon\P900RM_(Ru) — ярлык.lnk -> 䰀 ĔȀ 쀀 F鬀ࠀ  ⦲턁탶턁ㄐ爬턁Ꙍ䌁 Ā ꠀ㨀ὂ➧ợɇ舌䭤䗲踚☀Ā─ᄀ 髋〣䯩츁箟ﲝ뵕턁箟ﲝ뵕턁᐀氀㈀Ꙍ䌁腇즞 倹〰前縱⹐䑆 倀ऀЀ㙈㙈⸀ ꠰Ā 䬀 倀㤀　　刀䴀开⠀刀甀⤀⸀瀀搀昀 ᰀ 笀 ᰀ ̀ ᰀ ⴀ 㠀 尀 ᄀ ̀ 붠頎က C㩜啳敲獜 ␀ Ȁ ᐀ Ȁ屜䡏䵅ⵐ䍜啳敲猀卥牧敹屄牯灢潸屐㤰げ䵟⡒甩⹰摦..\Dropbox\P900RM_(Ru).pdf C:\Users\Sergey\Dropbox` ꁘ h潭攭灣 æ੯著鶞䚛ڷ⛬旱⓿‾徙뿥ᆿ瞼껅ῦ੯著鶞䚛ڷ⛬旱⓿‾徙뿥ᆿ瞼껅῔Ā ꂵ 1卐匰럯䜚Ⴅ悌黫갱
ἀ က 倀㤀　　刀䴀开⠀刀甀⤀⸀瀀搀昀 ᔀ ༀ @ ꚑ닷哑ĕ ᔀ Ꙍ䌁 ⤀ Ѐ $айлР»PDF» 䀀 ㄐ爬턁 紀 ㅓ偓Ꙫ挨㶕툑뗖À俙ᣐ愀 Ḁ ( C:\Users\Sergey\Dropbox\P900RM_(Ru).pdf 9 1卐厱᙭䒭走䢧䡀⺤㵸谝 h 䠀 窘뺱署빥聮潮楣 崀 ㅓ偓䱘袷婊묠罚䓉곝䄀 ؀ C:\Users\Sergey\Dropbox (No File) <===== Cyrillic
Shortcut: C:\Users\Sergey\AppData\Roaming\Microsoft\Windows\SendTo\Передача файлов через Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) <===== Cyrillic

ShortcutWithArgument: C:\Users\Sergey\AppData\Roaming\Microsoft\Windows\SendTo\Получатель факса.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 14:42 — 2016-07-16 14:42 — 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 21:58 — 2016-12-09 13:29 — 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-04 16:43 — 2015-11-04 16:43 — 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-11-17 01:28 — 2016-11-17 01:28 — 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 — 2016-11-17 01:28 — 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-13 21:58 — 2016-12-09 13:29 — 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-30 20:32 — 2016-09-30 20:32 — 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 23:39 — 2016-12-21 10:09 — 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 23:39 — 2016-12-21 09:54 — 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 23:39 — 2016-12-21 09:48 — 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 23:39 — 2016-12-21 09:48 — 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 23:39 — 2016-12-21 09:48 — 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 23:39 — 2016-12-21 09:53 — 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-04 16:43 — 2015-11-04 16:43 — 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-12-14 22:13 — 2016-12-08 11:03 — 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 22:13 — 2016-12-08 11:03 — 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-23 21:42 — 2017-01-23 21:42 — 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 21:42 — 2017-01-23 21:42 — 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 21:42 — 2017-01-23 21:42 — 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 20:13 — 2016-12-14 20:14 — 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The «AlternateShell» will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => «»=»Service»
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => «»=»Service»

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-06-21 00:19 — 2016-06-21 00:16 — 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3440310028-543357209-3823105786-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sergey\AppData\Local\Microsoft\Windows\Themes\Девочка и (4)\DesktopBackground\internet explorer wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\…\StartupApproved\Run32: => «CTHelper»
HKLM\…\StartupApproved\Run32: => «CTxfiHlp»
HKLM\…\StartupApproved\Run32: => «HP Software Update»
HKU\S-1-5-21-3440310028-543357209-3823105786-1001\…\StartupApproved\Run: => «HP Photosmart 5510 series (NET)»
HKU\S-1-5-21-3440310028-543357209-3823105786-1001\…\StartupApproved\Run: => «Zaxar»

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{148AFE15-2569-49E2-B7EE-EDC01A265281}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{EEE9BEFE-CC1F-4D67-A59C-7F0DA8E97737}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{748320EE-64D9-4997-A4F6-33A6DC01B6A9}] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{45F69678-B753-4E7E-9CAD-8358F58CEE00}] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{CE6939DE-B9A1-4A5E-9D8C-5EA801C8F6C2}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{29EC0AA0-B6C4-4A3E-BB4F-1C5288ECBCE6}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D50ECEE0-6044-47C1-B3FB-481E38CB0CA8}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C0812239-DBE8-40D3-8859-716D4FBF2CCC}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BD9E260F-669A-4479-834E-D3E2A88D2BA8}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{77C66EA8-E5FD-4324-ADFE-C1D19B380EE0}C:\program files\steinberg\cubase 6\cubase6.exe] => C:\program files\steinberg\cubase 6\cubase6.exe
FirewallRules: [UDP Query User{AB8CBDD3-8FFB-4F8C-9E78-FED18BB76997}C:\program files\steinberg\cubase 6\cubase6.exe] => C:\program files\steinberg\cubase 6\cubase6.exe
FirewallRules: [TCP Query User{E53420AD-F407-4BED-B518-C1D78CF4F1AA}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe] => C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{17D4AE5F-CEE0-44BF-899D-779D461AA0C5}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe] => C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe
FirewallRules: [{CF91EBEB-95C9-4EDE-AB78-BF2E202EBECB}] => C:\Users\Sergey\AppData\Local\Amigo\Application\amigo.exe

==================== Restore Points =========================

11-01-2017 12:53:45 Installed iTunes
13-01-2017 23:51:02 Installed Steinberg Cubase 6 64bit
15-01-2017 01:11:11 Installed Steinberg Upload Manager
23-01-2017 00:58:13 Removed Steinberg HALion Sonic SE 64bit
23-01-2017 10:07:59 Операция восстановления
25-01-2017 13:26:48 Removed Kaspersky Cleaner

==================== Faulty Device Manager Devices =============

Name: PCI устройство ввода
Description: PCI устройство ввода
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click «Update Driver», which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2017 11:05:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1407

Error: (01/27/2017 11:05:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1407

Error: (01/27/2017 11:05:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/26/2017 01:54:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Ошибка теневого копирования тома: Непредвиденная ошибка при вызове подпрограммы QueryFullProcessImageNameW.. hr = 0x80070006, Неверный дескриптор.
.

Операция:
Выполнение асинхронной операции

Контекст:
Текущее состояние: DoSnapshotSet

Error: (01/26/2017 01:54:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Сбой служб шифрования в ходе обработки вызова OnIdentity() в объекте «Системный модуль записи».

Details:
AddLegacyDriverFiles: Unable to back up image of binary Протокол Microsoft LLDP.

System Error:
Отказано в доступе.
.

Error: (01/25/2017 05:57:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HOME-PC)
Description: Работа пакета Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe+App завершена, так как его приостановка заняла слишком много времени.

Error: (01/25/2017 01:41:56 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Ошибка при изменении состояния на SECURITY_PRODUCT_STATE_EXPIRED (ошибка %3).

Error: (01/25/2017 01:41:40 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Ошибка при изменении состояния на SECURITY_PRODUCT_STATE_EXPIRED (ошибка %3).

Error: (01/25/2017 01:27:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Сбой служб шифрования в ходе обработки вызова OnIdentity() в объекте «Системный модуль записи».

Details:
AddLegacyDriverFiles: Unable to back up image of binary Протокол Microsoft LLDP.

System Error:
Отказано в доступе.
.

Error: (01/25/2017 01:39:58 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Ошибка при изменении состояния на SECURITY_PRODUCT_STATE_OFF (ошибка %3).

System errors:
=============
Error: (01/27/2017 10:09:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
и APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
пользователю NT AUTHORITY\СИСТЕМА с ИД безопасности (S-1-5-18) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.

Error: (01/27/2017 10:05:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Параметры разрешений для конкретного приложения не дают разрешения Локально Активация для приложения COM-сервера с CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
и APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
пользователю NT AUTHORITY\СИСТЕМА с ИД безопасности (S-1-5-18) и адресом LocalHost (с использованием LRPC), выполняемого в контейнере приложения Недоступно с ИД безопасности (Недоступно). Это разрешение безопасности можно изменить с помощью средства администрирования служб компонентов.

Error: (01/27/2017 10:03:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба «HP Support Solutions Framework Service» неожиданно прервана. Это произошло (раз): 1.

Error: (01/27/2017 10:03:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба «Сервис iPod» неожиданно прервана. Это произошло (раз): 1.

Error: (01/27/2017 10:03:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба Windows Search была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 30000 мсек: Перезапуск службы.

Error: (01/27/2017 10:03:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба «VIA Karaoke digital mixer Service» неожиданно прервана. Это произошло (раз): 1.

Error: (01/27/2017 10:03:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба «AMD FUEL Service» неожиданно прервана. Это произошло (раз): 1.

Error: (01/27/2017 10:03:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба Apple Mobile Device Service была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 60000 мсек: Перезапуск службы.

Error: (01/27/2017 10:03:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба «Служба Bonjour» неожиданно прервана. Это произошло (раз): 1.

Error: (01/27/2017 10:03:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба Диспетчер печати была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 5000 мсек: Перезапуск службы.

CodeIntegrity:
===================================
Date: 2017-01-23 22:33:02.826
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 22:33:02.823
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 22:04:37.544
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 22:04:37.542
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 09:50:32.733
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 09:50:32.727
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 09:37:34.516
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 09:37:34.511
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 00:48:56.364
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-23 00:48:56.362
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

= = = = = = = = = = = = = = = = = = = = M e m o r y i n f o = = = = = = = = = = = = = = = = = = = = = = = = = = =

P r o c e s s o r : A M D P h e n o m ( t m ) I I X 6 1 0 5 5 T P r o c e s s o r

P e r c e n t a g e o f m e m o r y i n u s e : 2 9 %

T o t a l p h y s i c a l R A M : 8 1 9 0 . 1 7 M B

A v a i l a b l e p h y s i c a l R A M : 5 8 0 5 . 2 4 M B

T o t a l V i r t u a l : 9 4 7 0 . 1 7 M B

A v a i l a b l e V i r t u a l : 6 8 9 6 . 7 4 M B

= = = = = = = = = = = = = = = = = = = = D r i v e s = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

D r i v e c : ( ) ( F i x e d ) ( T o t a l : 2 9 7 . 6 5 G B ) ( F r e e : 2 1 8 . 1 3 G B ) N T F S = = > [ d r i v e w i t h b o o t c o m p o n e n t s ( o b t a i n e d f r o m B C D ) ]

D r i v e e : ( M y P a s s p o r t ) ( F i x e d ) ( T o t a l : 4 6 5 . 7 6 G B ) ( F r e e : 4 6 4 . 4 8 G B ) N T F S

= = = = = = = = = = = = = = = = = = = = M B R & P a r t i t i o n T a b l e = = = = = = = = = = = = = = = = = =

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

D i s k : 0 ( M B R C o d e : W i n d o w s 7 o r 8 ) ( S i z e : 2 9 8 . 1 G B ) ( D i s k I D : C 5 4 D C 5 4 D )

P a r t i t i o n 1 : ( A c t i v e ) — ( S i z e = 2 9 7 . 7 G B ) — ( T y p e = 0 7 N T F S )

P a r t i t i o n 2 : ( N o t A c t i v e ) — ( S i z e = 4 4 9 M B ) — ( T y p e = 2 7 )

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

D i s k : 1 ( M B R C o d e : W i n d o w s X P ) ( S i z e : 4 6 5 . 8 G B ) ( D i s k I D : F A 3 A 2 5 5 3 )

P a r t i t i o n 1 : ( N o t A c t i v e ) — ( S i z e = 4 6 5 . 8 G B ) — ( T y p e = 0 7 N T F S )

= = = = = = = = = = = = = = = = = = = = E n d o f A d d i t i o n . t x t = = = = = = = = = = = = = = = = = = = = = = = = = = = =