Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016 Ran by user (2016-04-19 09:32:51) Running from C:\Users\user\Desktop\av\FRST64 Windows 7 Home Basic Service Pack 1 (X64) (2011-12-15 04:48:24) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= user (S-1-5-21-3102738836-3127478194-571303593-1001 - Administrator - Enabled) => C:\Users\user Администратор (S-1-5-21-3102738836-3127478194-571303593-500 - Administrator - Disabled) Гость (S-1-5-21-3102738836-3127478194-571303593-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden 1C:Предприятие 8.2 (8.2.15.301) (HKLM-x32\...\{BC89E40C-CCE7-4B86-9586-8338F5B48EC1}) (Version: 8.2.15.301 - 1C) 2ГИС 3.16.3.0 (HKLM-x32\...\{7A4DAA49-F574-4186-8085-BFC8CF0BAA2F}) (Version: 3.16.3.0 - ООО "ДубльГИС") 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Reader XI (11.0.15) - Russian (HKLM-x32\...\{AC76BA86-7AD7-1049-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden AlterGeo Magic Scanner (HKLM-x32\...\{2338890B-4BE4-47FD-AD51-577465FA6ADA}) (Version: 3.3.2.779 - AlterGeo) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4301 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.) Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.) Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.1.16.13 - Samsung Electronics Co., Ltd.) Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung) ETDWare PS/2-X64 10.0.7.2_WHQL (HKLM\...\Elantech) (Version: 10.0.7.2 - ELAN Microelectronic Corp.) Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}) (Version: 1.1.0.0157 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation) iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle) John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Mega Codec Pack 8.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - ) Mail.Ru Агент 5.9 (сборка 4953, для всех пользователей) (HKLM-x32\...\MRA) (Version: - Mail.Ru) <==== ATTENTION Malwarebytes Anti-Malware, версия 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.51209 - Корпорация Майкрософт) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2F750C77-1FEC-44F9-88CC-2CE322EBD61E}) (Version: 1.1.0324 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - русский (HKLM-x32\...\{90140011-0066-0419-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office нажми и работай 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Графический драйвер 331.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.58 - NVIDIA Corporation) NVIDIA Системное программное обеспечение PhysX 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice.org 3.3 (HKLM-x32\...\{4218E1CD-CDB6-448C-8036-2871403BDE57}) (Version: 3.3.9567 - OpenOffice.org) Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.) Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung) Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.) Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version: - Samsung Electronics Co., Ltd.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.) Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer) Unity Web Player (HKU\S-1-5-21-3102738836-3127478194-571303593-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.2 - ) Warface (HKU\S-1-5-21-3102738836-3127478194-571303593-1001\...\Warface) (Version: 1.144 - Mail.Ru) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent) WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Данные 2ГИС г.Красноярск 01.04.2016 (HKLM-x32\...\{C6DC534D-81E8-4908-B2B1-ED31E4D3F60D}) (Version: 128.0.0 - ООО "ДубльГИС") Декларация 2012 (HKLM-x32\...\Декларация 2012) (Version: - ) Декларация 2013 (HKLM-x32\...\Декларация 2013) (Version: - ) Декларация 2014 (HKLM-x32\...\Декларация 2014) (Version: - ) Игровой центр@Mail.Ru (HKU\S-1-5-21-3102738836-3127478194-571303593-1001\...\GameCenterMailRu) (Version: 2.282 - LLC Mail.Ru) Именем Короля. Выборы (HKU\S-1-5-21-3102738836-3127478194-571303593-1001\...\Именем Короля. Выборы) (Version: 1.0.0.0 - Alawar Entertainment Inc.) Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Панель управления NVIDIA 331.58 (Version: 331.58 - NVIDIA Corporation) Hidden Печать НД с PDF417 3.0.32 (пакет) (HKLM-x32\...\{3C5B0140-8405-46ED-8329-B666815AD193}) (Version: 3.0.32 - ФГУП ГНИВЦ ФНС РФ в ПФО) ПО Intel(R) PROSet/Wireless WiFi (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Корпорация Intel) Поддержка программ Apple (x64) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.) Поддержка программ Apple (x86) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.) Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0CE9C605-DFD3-4649-9385-7879F2D499CD} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-30] (SAMSUNG Electronics) Task: {17B16F39-6887-4B9D-876F-53D187FCAE7C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated) Task: {20715389-5EC2-45B4-A3CD-569C66004EED} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-08-08] (Samsung Electronics Co., Ltd.) Task: {295679B4-C071-4A5E-A1B4-E8E1B9927C4F} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-08-07] (Samsung Electronics) Task: {53983A94-73DD-4C6A-98A5-7B08E4BC885A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-23] (Google Inc.) Task: {58FD5461-FB39-443B-BB8C-3F7ED672EF5F} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-05] (SAMSUNG Electronics co., LTD.) Task: {5A0DDED3-46ED-40ED-81AC-9DD53F41C0D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {5C8D2757-5216-435F-A488-E6BA60556AA5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {5E2198B7-B2F9-4DDB-8A79-34956B8B9171} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-01] (CyberLink) Task: {6C640192-521F-45B3-9BEC-100F004C7F96} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-08-08] (Samsung Electronics Co., Ltd.) Task: {730465E0-98AC-4529-B224-01AAF355E164} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2011-07-29] (Samsung) Task: {7CFDF8A6-FB04-4C8A-A173-AB41741A069F} - \Microsoft\KRBUUS\KRB Updater Utility Service -> No File <==== ATTENTION Task: {8B08A988-C353-46FF-BF8A-CB0C32C1C00A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3102738836-3127478194-571303593-1001 Task: {9739C3CA-3105-479B-8444-922FA354C383} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {A2A2021C-22A3-49C3-86FE-4147BDF4C1C6} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC) Task: {ABAF96D0-85C9-4FB5-AB87-01774954ADF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-23] (Google Inc.) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.)) Task: {C7967FE3-4CF9-49B2-A0D3-59E224B21B73} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {DF8D4191-F389-4808-878F-E02F33FB6976} - System32\Tasks\MailRuUpdater => C:\Users\user\AppData\Local\Mail.Ru\MailRuUpdater.exe Task: {E13294AA-4271-47C5-A6B9-4F27C5F29650} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-07] (Samsung Electronics Co., Ltd.) Task: {E5188696-C7EB-4D6C-9E25-871FBCFBA6AB} - \Microsoft\Windows Defender\MP Scheduled Scan -> No File <==== ATTENTION Task: {EBFA53B5-5ABE-4D87-A0F4-F7FC69EEF7A5} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-08] (Samsung Electronics Co., Ltd.) Task: {F993CCA8-6259-4C1A-82C9-E0CD1A0DCE85} - \Microsoft\KRBUUS\KRBLNKRUN -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2012-05-11 08:18 - 2011-04-14 09:41 - 00034304 _____ () C:\windows\System32\ssb3ml6.dll 2011-08-23 19:49 - 2006-08-12 10:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll 2011-08-23 19:49 - 2011-02-16 23:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll 2011-08-23 20:02 - 2010-05-07 21:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-07-08 15:16 - 2014-07-08 15:16 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3102738836-3127478194-571303593-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: 2GISUpdateService => 3 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AMPPALR3 => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Bluetooth Device Monitor => 2 MSCONFIG\Services: Bluetooth Media Service => 3 MSCONFIG\Services: Bluetooth OBEX Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BTHSSecurityMgr => 2 MSCONFIG\Services: GameConsoleService => 3 MSCONFIG\Services: Guard.Mail.ru => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: RichVideo => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: TeamViewer9 => 2 MSCONFIG\Services: UNS => 2 MSCONFIG\startupreg: 2Gis Update Notifier => "C:\Program Files (x86)\2gis\3.0\2GISTrayNotifier.exe" -delayed_start MSCONFIG\startupreg: 3200 Scan2PC => "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe MSCONFIG\startupreg: GameCenterMailRu => "C:\Users\user\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe" -autostart MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: lywdlqakyf => MSCONFIG\startupreg: MAgent => C:\Program Files (x86)\Mail.Ru\Agent\magent.exe -LM MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun MSCONFIG\startupreg: SCX3200_Scan2Pc => C:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9369DE27-864B-4CEC-94AB-AA82E37C388E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{2E810312-ECAE-43A6-803C-45298F42F631}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{EE1C457C-7B12-481B-85D6-22BFDBD3EBA1}] => (Allow) LPort=2869 FirewallRules: [{26D28942-5BAC-4501-91B2-4355E6CAF41F}] => (Allow) LPort=1900 FirewallRules: [{B4129F5C-25FC-4CAA-BBFE-80D7CBD3851D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{D3BADEFE-E7E0-4CDA-9E97-56796AB232B9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{0AFD3CB7-61F0-4136-881E-ABC8DBB84793}] => (Allow) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10.exe FirewallRules: [{8BBE753E-91E1-4E44-96EF-EA2FF9FF0585}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE FirewallRules: [{19FBDE45-5906-4DEE-AC93-DB65609CB262}] => (Allow) C:\Program Files (x86)\Mail.Ru\sputnik\SputnikHelper.exe FirewallRules: [{723F6AE7-34B6-4CCD-A054-5FA5C9EC64D0}] => (Allow) C:\Program Files (x86)\Mail.Ru\sputnik\SputnikHelper.exe FirewallRules: [{4456DBB2-44D1-42B9-969E-9D039654999F}] => (Allow) C:\Program Files (x86)\Mail.Ru\sputnik\SputnikFlashPlayer.exe FirewallRules: [{F44FF01B-C5A7-4971-A742-40D6E62D0A9F}] => (Allow) C:\Program Files (x86)\Mail.Ru\sputnik\SputnikFlashPlayer.exe FirewallRules: [{256F48B9-CF99-4FDF-80C0-B3CBD28FC798}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe FirewallRules: [{9185AB36-54F9-47D3-B758-04562116CA2D}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe FirewallRules: [{DD73AA53-17DD-4D5F-97DD-899898B9CE07}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe FirewallRules: [{A38EE8E4-3E26-42DE-B2FC-D2CC63509218}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe FirewallRules: [{0E69017F-7C5A-4BAB-9B18-26F9656F768B}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe FirewallRules: [{90B9771F-38B3-4AB2-8D6D-FB612E98A62F}] => (Allow) C:\Windows\twain_32\Samsung\SCX3200\Sscan2io.exe FirewallRules: [{E030FA62-A84A-4C18-A98E-DEF307A41651}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe FirewallRules: [{388D0FE6-4338-423D-A0B1-B45499BCF417}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe FirewallRules: [{7951B789-86C7-4A0A-AB05-79E1BEF0CC55}] => (Allow) C:\Users\user\AppData\Local\Temp\F0722_s_30803.exe FirewallRules: [{76F7BD41-4FB6-447F-9ED0-EAFFE0046DBA}] => (Allow) C:\Users\user\AppData\Local\Temp\F0722_s_30803.exe FirewallRules: [{3B8138EF-78B7-4B14-B876-0C0EEE820DBE}] => (Allow) C:\Users\user\AppData\Local\Temp\F0722_s_30803.exe FirewallRules: [{A87B025B-FEB9-46FC-8162-3C093B685F19}] => (Allow) C:\Users\user\AppData\Local\Temp\F0722_s_30803.exe FirewallRules: [{E675EED3-9D5A-4E3B-AB94-BF7F799C9BE5}] => (Allow) C:\Users\user\AppData\Local\Temp\G0722_s_70904.exe FirewallRules: [{4FDCBC57-C998-4F3C-B921-D3D561FA5B51}] => (Allow) C:\Users\user\AppData\Local\Temp\G0722_s_70904.exe FirewallRules: [{F115D377-041E-4421-A471-8EB75A60D63A}] => (Allow) C:\Users\user\AppData\Local\Temp\G0722_s_70904.exe FirewallRules: [{2E862454-C7E8-4AB8-8D27-40248F51EE91}] => (Allow) C:\Users\user\AppData\Local\Temp\G0722_s_70904.exe FirewallRules: [{14EF0AA0-48C7-4CB9-AAB3-766ADFE9EB05}] => (Allow) C:\Users\user\AppData\Local\MediaGet2\mediaget.exe FirewallRules: [{76FC8D0C-FF83-4453-9C41-D13901307B42}] => (Allow) C:\Users\user\AppData\Local\MediaGet2\mediaget.exe FirewallRules: [{C4D689E3-4E68-4496-A183-386F45EFFFF1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{46AAD1D8-67AC-424A-89F2-90C56FC6B51C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{00D793A0-5E59-4606-87BF-E76B4E2F7D60}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{3D233873-6C00-492B-BA48-20032B9C3699}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{C4F058BE-1A81-4F36-A980-248856BBA470}] => (Allow) C:\Program Files\UBar\ubar.exe FirewallRules: [{EEAE0C81-5482-4B95-BF76-B5F2C16FCED0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{50C5E26B-0B31-4A34-83FA-00285DD3C5E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2B2D03CE-BB3B-40F1-810A-A050B56E1F95}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7632F0AB-2C60-4416-9B66-99573C95415C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6C99A973-F6B3-40F5-ADE5-C86FF376E488}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{E4182250-91C1-460B-9781-91209EEBB1F1}C:\users\user\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Block) C:\users\user\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe FirewallRules: [UDP Query User{D3B0BEB8-7366-4F4C-94B3-B5371F18999C}C:\users\user\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Block) C:\users\user\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe FirewallRules: [TCP Query User{E68586A7-07FB-4648-B22A-291DBD94F7BC}C:\users\user\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Block) C:\users\user\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe FirewallRules: [UDP Query User{CF9C8DA2-0726-46DF-ADA8-80DDE8CD2DCA}C:\users\user\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Block) C:\users\user\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe FirewallRules: [{74548F80-02BE-49DD-B868-0CDCFD0D9062}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 05-04-2016 18:08:22 Центр обновления Windows ==================== Faulty Device Manager Devices ============= Name: Туннельный адаптер Microsoft Teredo Description: Туннельный адаптер Microsoft Teredo Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/19/2016 09:30:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Имя сбойного приложения: SWMAgent.exe, версия: 1.1.16.13, отметка времени: 0x4e31fcdb Имя сбойного модуля: SWMAgent.exe, версия: 1.1.16.13, отметка времени 0x4e31fcdb Код исключения: 0xc0000005 Смещение ошибки: 0x0001fbe8 Идентификатор сбойного процесса: 0x7f8 Время запуска сбойного приложения: 0xSWMAgent.exe0 Путь сбойного приложения: SWMAgent.exe1 Путь сбойного модуля: SWMAgent.exe2 Код отчета: SWMAgent.exe3 Error: (04/19/2016 09:26:58 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2016 09:20:26 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Только для сведения. (Patch task for {90140011-0066-0419-0000-0000000FF1CE}): DownloadLatest Failed: Не удается разрешить имя или адрес сервера Error: (04/19/2016 09:15:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Имя сбойного приложения: SWMAgent.exe, версия: 1.1.16.13, отметка времени: 0x4e31fcdb Имя сбойного модуля: SWMAgent.exe, версия: 1.1.16.13, отметка времени 0x4e31fcdb Код исключения: 0xc0000005 Смещение ошибки: 0x0001fbe8 Идентификатор сбойного процесса: 0xa70 Время запуска сбойного приложения: 0xSWMAgent.exe0 Путь сбойного приложения: SWMAgent.exe1 Путь сбойного модуля: SWMAgent.exe2 Код отчета: SWMAgent.exe3 Error: (04/19/2016 09:11:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2016 09:05:11 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Не удалось создать точку восстановления (Процесс = C:\windows\system32\msiexec.exe /V; Описание = Установлено: 2GIS 3.16.3.0; HR = 0x81000101). Error: (04/18/2016 08:19:59 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Не удалось создать точку восстановления (Процесс = C:\windows\system32\msiexec.exe /V; Описание = Установлено: 2GIS 3.16.3.0; HR = 0x81000101). Error: (04/18/2016 05:21:07 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Не удалось создать точку восстановления (Процесс = C:\windows\system32\msiexec.exe /V; Описание = Installed 2GIS 3.16.3.0; HR = 0x81000101). Error: (04/18/2016 05:07:54 PM) (Source: MsiInstaller) (EventID: 11925) (User: user-ПК) Description: Продукт: 2ГИС 3.16.3.0 — Ошибка 1925. У вас недостаточно привилегий для завершения этой установки для всех пользователей компьютера. Войдите в систему как администратор и повторите попытку. Error: (04/18/2016 05:07:51 PM) (Source: MsiInstaller) (EventID: 11704) (User: user-ПК) Description: Продукт: 2ГИС 3.16.3.0 — Ошибка 1704. В данный момент установка ESET Smart Security приостановлена. Перед продолжением установки требуется отменить выполненные изменения. Отменить изменения? System errors: ============= Error: (04/19/2016 09:27:43 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY) Description: Ошибка инициализации клиента CBS. Последняя ошибка: 0x80080005 Error: (04/19/2016 09:27:43 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (04/19/2016 09:25:44 AM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: 10.0.0.12192.168.137.0255.255.255.0 Error: (04/19/2016 09:25:44 AM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (04/19/2016 09:25:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "GNUNetTooltip.exe" из-за ошибки %%2 Error: (04/19/2016 09:25:16 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Предыдущее завершение работы системы в 9:23:37 на ‎19.‎04.‎2016 было неожиданным. Error: (04/19/2016 09:18:48 AM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: 169.254.142.240192.168.137.0255.255.255.0 Error: (04/19/2016 09:12:27 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY) Description: Ошибка инициализации клиента CBS. Последняя ошибка: 0x80080005 Error: (04/19/2016 09:12:27 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (04/19/2016 09:10:27 AM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: 10.0.0.12192.168.137.0255.255.255.0 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz Percentage of memory in use: 32% Total physical RAM: 4009.55 MB Available physical RAM: 2717.07 MB Total Virtual: 8017.3 MB Available Virtual: 6721.22 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:179 GB) (Free:99.91 GB) NTFS Drive d: () (Fixed) (Total:266.81 GB) (Free:206.13 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 86FE2119) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=179 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=266.8 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=19.9 GB) - (Type=27) ==================== End of Addition.txt ============================