Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-04-2016 Ran by МИХАИЛ 1 (2016-04-14 21:17:52) Running from D:\против вирусов Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2011-11-24 17:15:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= HomeGroupUser$ (S-1-5-21-3032902621-1377843980-1404468434-1002 - Limited - Enabled) Администратор (S-1-5-21-3032902621-1377843980-1404468434-500 - Administrator - Disabled) Гость (S-1-5-21-3032902621-1377843980-1404468434-501 - Limited - Disabled) МИХАИЛ 1 (S-1-5-21-3032902621-1377843980-1404468434-1000 - Administrator - Enabled) => C:\Users\МИХАИЛ 1 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 4.2 (Disabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1} AS: ESET NOD32 Antivirus 4.2 (Disabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) «BioShock Infinite» (HKLM\...\{D081C29C-1DDC-4C55-BCBF-DF8519636331}_is1) (Version: 1.1.25.5165 - ) «Halo: Combat Evolved» 01.00.09.0620 (HKLM\...\Halo - Combat Evolved_is1) (Version: 01.00.09.0620 - R.G. Catalyst) 2ГИС 3.13.12.0 (HKLM\...\{97BD3454-27DF-4955-AFE5-4D8DC798A981}) (Version: 3.13.12.0 - ООО "ДубльГИС") 7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) 7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - ) ACDSee Pro 4 (HKLM\...\{B73807FD-C95C-4265-8AB5-3151823437B4}) (Version: 4.0.237 - ACD Systems International Inc.) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) - Russian (HKLM\...\{AC76BA86-7AD7-1049-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.) AIMP v3.00 Beta 4 Build 916 (HKLM\...\AIMP3_is1) (Version: v3.00 Beta 4 Build 916 - © Habetdin) Alien Breed Trilogy v1.1 Multi6 (HKLM\...\Alien Breed Trilogy_is1) (Version: - ) Aliens vs Predator Gold (HKLM\...\Aliens vs Predator Gold_is1) (Version: - ) Angry Birds Rio (HKLM\...\{D7B3493D-766C-40AA-9AA9-053B896D76DE}) (Version: 1.1.0 - Rovio) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) ATI Catalyst Install Manager (HKLM\...\{4D22AC48-5C25-BBB1-F3E7-877F42627C4D}) (Version: 3.0.808.0 - ATI Technologies, Inc.) ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.813.3-110217a-113983C-Lenovo - ATI Technologies, Inc.) Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) AutoCAD 2007 - Русский (HKLM\...\{5783F2D7-5001-0419-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk) Autodesk 3ds Max 2009 32-bit (HKLM\...\{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}) (Version: 11.0 - Autodesk) Autodesk Backburner 2008.1 (HKLM\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2008.1 - Autodesk, Inc.) Autodesk DWF Viewer (HKLM\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.) BioShock 2 (HKLM\...\{7D45D33C-FAC1-4880-A174-D14FA3B48557}_is1) (Version: - ) BioShock 2 v1.0 Eng (HKLM\...\BioShock 2_is1) (Version: - ) Call of Cthulhu DCoTE (HKLM\...\{16C5DB56-8DE5-4F09-B82C-AB501C764FC5}) (Version: - ) Call of Duty 2 (HKLM\...\Call of Duty 2_is1) (Version: - Repack by Canek77) Call of Duty 4 - Modern Warfare (HKLM\...\Call of Duty 4 - Modern Warfare_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) ccc-core-static (Version: 2011.0217.929.16927 - Название организации) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) ChessBase (HKLM\...\{AC130137-FA25-4D96-87FE-5C1E0A460D08}) (Version: 9 - ChessBase GmBH, immortal223) Civilization V: Game of the Year Edition (HKLM\...\{3D519EAC-AF50-4E98-BF6F-119BEF2134E8}_is1) (Version: - IgroMir) Classic Shell (HKLM\...\Classic Shell) (Version: 3.1.0 - IvoSoft) Classic Shell (Version: 3.1.0 - IvoSoft) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant) Cortona3D Viewer (HKLM\...\{65A37670-71CD-48B7-95D8-D543E087AF37}) (Version: 7.0.188 - ParallelGraphics) Cross Fire (HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Cross Fire) (Version: 1.112 - Mail.Ru) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd) Defcon 1.51 ru rtl (HKLM\...\Defcon_is1) (Version: - Introversion Software Ltd) Deus Ex Human Revolution The Missing Link, версия 1.0.62.9 (HKLM\...\Deus Ex Human Revolution The Missing Link_is1) (Version: 1.0.62.9 - GameCube) Download Master version 6.3.1.1457 (HKLM\...\Download Master_is1) (Version: 6.3.1.1457 - WestByte) ESET NOD32 Antivirus (HKLM\...\{FCB6793C-E0BC-46F1-B624-4B141A36DA0B}) (Version: 4.2.71.3 - ESET, spol. s r.o.) etranslator (HKLM\...\etranslator) (Version: - etranslator) F.E.A.R. Dead Phantom, версия [Repacked] (HKLM\...\{05973735-95C3-4D8A-BA7D-2B2D0DE7C3E0}_is1) (Version: [Repacked] - ) Fahrenheit (HKLM\...\{8C1CE68A-F073-4FC6-B4EF-2FC23779AED4}) (Version: - ) FarCry Collateral Damage (HKLM\...\FarCry Collateral Damage) (Version: - ) FIFA 08 (HKLM\...\FIFA 08_is1) (Version: - ) FIFA 2009 - Russian Premier League (HKLM\...\FIFA 2009 - Russian Premier League_is1) (Version: - ) F-Recovery for MemoryStick (HKLM\...\F-Recovery for MemoryStick) (Version: - ) Fritz 11 (HKLM\...\Fritz 11_is1) (Version: - ) Fritz11 (Version: 11 - ChessBase) Hidden GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - ) Google SketchUp 8 (HKLM\...\{B53C8FBF-EDC8-4BF0-903D-B9BB558CAAAA}) (Version: 3.0.14371 - Компания Google) Guard@Mail.Ru (HKLM\...\Guard.Mail.ru) (Version: 1.0.0.548 - Mail.ru) <==== ATTENTION Guitar Hero 3 (HKLM\...\{66DC33C3-553C-45B3-B683-05A8FEFD0F05}_is1) (Version: - Salat Production) Indiana Jones - Emperors Tomb (HKLM\...\Indiana Jones - Emperors Tomb) (Version: - ) Intel(R) Display Audio Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) istartpageing uninstall (HKLM\...\istartpageing uninstall) (Version: - istartpageing) <==== ATTENTION KISS Цирк сумаcшедших (HKLM\...\KISS Psycho Circus) (Version: - ) K-Lite Mega Codec Pack 7.6.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.6.0 - ) Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.10.1201.1 - Vimicro Corporation) Lenovo_Wireless_Driver (HKLM\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo) LG USB Modem Drivers (HKLM\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.) Medal Of Honour Allied Assault (HKLM\...\Medal Of Honour Allied Assault) (Version: - ) Memory Stick Formatter (HKLM\...\{27337663-2619-11D4-99DC-0000F49094C7}) (Version: - ) Metro Last Light (HKLM\...\Metro Last Light_is1) (Version: - R.G. Origami) Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office профессиональный плюс 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version: - ) Mozilla Firefox 45.0.2 (x86 ru) (HKLM\...\Mozilla Firefox 45.0.2 (x86 ru)) (Version: 45.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero Burning ROM (HKLM\...\Nero Burning ROM) (Version: - ) NetAnimate 1.4 (HKLM\...\{3E963A89-58C1-4E13-BD51-D3C53A5DDF89}_is1) (Version: 1.4 - INF) Nosferatu (HKLM\...\Nosferatu_is1) (Version: - ) NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) ObjectRescue Pro 4.5.1 (HKLM\...\ObjectRescue Pro) (Version: 4.5.1 - Regall, LLC.) OpenAL (HKLM\...\OpenAL) (Version: - ) Painkiller Black Edition (HKLM\...\Painkiller Black Edition) (Version: - ) Painkiller Recurring Evil, версия 1.02.16.4261 (HKLM\...\Painkiller Recurring Evil_is1) (Version: 1.02.16.4261 - ) Painkiller Крещеный кровью и Битва за пределами Ада (HKLM\...\{60A1B4E6-9482-4922-9ABD-5B019862EE8F}_is1) (Version: 1.64 by Donald Dark - by Donald Dark) PAYDAY The Heist (HKLM\...\PAYDAY The Heist_is1) (Version: - [~ISPANEC~]) Prince of Persia - Warrior Within (HKLM\...\Prince of Persia - Warrior Within_is1) (Version: - ) PSP ISO Compressor (HKLM\...\{D47087E7-AA15-4D1D-8C0A-60F7E446D597}) (Version: 1.4.0 - danny_kay1710) Psychotoxic (HKLM\...\Psychotoxic_is1) (Version: - ) PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.987 - Even Balance, Inc.) PX Profile Update (Version: 1.00.1. - AMD) Hidden Quake 4 (HKLM\...\Quake 4_is1) (Version: 1.4.2 - 1С) Renegade Ops, версия 1.0r6 (HKLM\...\Renegade Ops_is1) (Version: 1.0r6 - GameCube) Scarface (HKLM\...\Scarface) (Version: - ) Scarface: The World is Yours (Version: 1.00.0000 - Sierra Entertainment) Hidden Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION Shadowgrounds Survivor, версия 1.07 (HKLM\...\Shadowgrounds Survivor_is1) (Version: 1.07 - GameCube) Shadowgrounds Твари из космоса, версия 1.5 (HKLM\...\Shadowgrounds Твари из космоса_is1) (Version: 1.5 - GameCube) Silent Hill 3 (HKLM\...\Silent Hill 3_is1) (Version: - ) Silent Hill Homecoming (HKLM\...\{AE7D5AF6-E561-4711-BC5A-E2CE7AFD8CA7}_is1) (Version: - Konami) Silent Hill: Homecoming Beta №2 (HKLM\...\{6CCE69FD-D9B1-4DBF-9F07-054E5CCAA966}_is1) (Version: - DK Team/ZoG team) Skype™ 5.5 (HKLM\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.113 - Skype Technologies S.A.) SpeedBit Video Downloader (HKLM\...\SpeedBit Video Downloader) (Version: 1153(build_438) - SpeedBit Ltd.) storegid (HKLM\...\storegid) (Version: - ) Stormrise (HKLM\...\Stormrise_is1) (Version: - ) StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - ) Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks) TeamViewer 6 (HKLM\...\{7D5CBFE2-F1BC-450D-84E7-BC19A310B46A}) (Version: 6.0.10722 - TeamViewer) Terrorist Takedown - Covert Ops v1.0 / RePack by CtrlAlt (HKLM\...\Terrorist Takedown - Covert Ops_is1) (Version: - ) The Bat! v5.0.20.1 Русская Версия (HKLM\...\{EBF2B1C5-7589-41A6-8D96-D327F0ADA739}) (Version: 5.0.20.1 - Ritlabs) The Haunted Hell's Reach, версия 1.0r10 (HKLM\...\The Haunted Hell's Reach_is1) (Version: 1.0r10 - GameCube) The Kreed, версия 1.05 (HKLM\...\The Kreed_is1) (Version: 1.05 - GameCube) Total Commander 7.56 PowerPack (HKLM\...\Total Commander) (Version: - ) Ulisess Seguridad 9.9 (HKLM\...\Ulisess Seguridad 9.9) (Version: - ) UltraISO (HKLM\...\UltraISO_is1) (Version: v9.3.6 Build 2766 - oszone.net) Universal Extractor (HKLM\...\Universal Extractor_addon) (Version: v1.6.1 - oszone.net) uTorrent 3.0.0.25516 final (HKLM\...\uTorrent) (Version: 3.0.0.25516 final - BitTorrent, Inc) VP3 Codec Version 3.2.6.1 (HKLM\...\VP3 Codec Version 3.2.6.1) (Version: - ) Warface (HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Warface) (Version: - Mail.Ru) Winamp (HKLM\...\{FA64A75A-923C-4397-8774-FC9AC07DDFBB}) (Version: 5.62.3159 - Nullsoft, Inc) Winamp (HKLM\...\Winamp) (Version: 5.61 - Nullsoft, Inc) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR 4.0.0 (32-разрядная) (HKLM\...\WinRAR archiver) (Version: 4.0.0 - win.rar GmbH) WinZip Driver Updater (HKLM\...\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1) (Version: 1.0.648.15384 - WinZip Computing, S.L. (WinZip Computing)) WMV9/VC-1 Video Playback (Version: 1.0.60217.0927 - ATI Technologies Inc.) Hidden World In Conflict - Soviet Assault (HKLM\...\World In Conflict - Soviet Assault_is1) (Version: - ) Аллоды Онлайн (HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Аллоды Онлайн) (Version: - Mail.Ru) Астрон (HKLM\...\Astron) (Version: - ) Базис Мебельщик 70 (ru-board edition beta) (HKLM\...\Базис Мебельщик 70_is1) (Version: - ) Данные 2ГИС г.Омск 01.02.2014 (HKLM\...\{414C8E6D-63B8-4AFD-9C3F-3BD34994F3D3}) (Version: 114.0.0 - ООО "ДубльГИС") Драйверы Guardant (HKLM\...\{B897A08A-6CB6-4014-B172-FF2FB41484D1}) (Version: 5.20.65 - Guardant) Игровой центр (HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\GameCenterMailRu) (Version: 3.1162 - ООО "Мэйл.Ру Геймз") Интернет (HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\Xpom) (Version: 28.1.1500.75 - Mail.Ru) Крещенный кровью (HKLM\...\{5DE2EC07-E8BF-425B-8BE8-14CB428B28AA}) (Version: - ) Крещенный Кровью (HKLM\...\{60A1B4E6-9482-4922-9ABD-5B019862EE8F}) (Version: - ) Озвучка для Silent Hill Homecoming 1.3.1 (final) (HKLM\...\Озвучка для Silent Hill Homecoming 1.3.1 (final)) (Version: - ) Растения против Зомби (HKLM\...\Растения против Зомби) (Version: 2.0 - Games-Full.info) Служба автоматического обновления программ (HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\...\MailRuUpdater) (Version: - Mail.Ru) Спутник@Mail.Ru (HKLM\...\MailRuSputnik) (Version: 2.4.1.209 - Mail.Ru) Яндекс.Бар 6.7 для Internet Explorer (HKLM\...\{11EA1C75-DB0D-410B-B63B-20916EECD568}) (Version: 6.7.0.1919 - Яндекс) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000_Classes\CLSID\{2614C37E-2C78-4bfb-B7A6-E49B62B9CD9B}\localserver32 -> C:\Users\МИХАИЛ 1\AppData\Local\Yandex\Updater\yupdate-executor.exe (Yandex LLC) CustomCLSID: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2007\acad.exe /Automation => No File CustomCLSID: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000_Classes\CLSID\{5A8FF410-F3CE-4844-B31B-F18D911239E8}\InprocServer32 -> C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\GameCenter\npdetector.dll (LLC Mail.Ru) CustomCLSID: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2007\acad.exe => No File CustomCLSID: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000_Classes\CLSID\{949CDFC6-2A52-4C27-A0A2-F87EF62D5536}\localserver32 -> C:\Users\МИХАИЛ 1\AppData\Local\Yandex\Updater\praetorian.exe (Yandex LLC) CustomCLSID: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}\localserver32 -> C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\44.4.2403.3\delegate_execute.exe (Mail.Ru) CustomCLSID: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000_Classes\CLSID\{D236C998-BECE-472D-B939-541727B72AEF}\localserver32 -> C:\Users\МИХАИЛ 1\AppData\Local\Yandex\Updater\yupdate-executor.exe (Yandex LLC) CustomCLSID: HKU\S-1-5-21-3032902621-1377843980-1404468434-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2007\acadficn.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0434113F-792A-4349-A716-75B1AE449768} - System32\Tasks\{0E26E1C0-2F9E-4912-BB8D-35E08ABC57BA} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.124/ru/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled Task: {0A4773A4-8300-4D95-A030-3A4E9712BEA2} - System32\Tasks\MailRuUpdateTask => C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\MailRuUpdater.exe [2016-04-11] (Mail.Ru) Task: {197A04F5-3DAE-4F9E-A3C7-7655B12C8576} - System32\Tasks\{C999146E-2A83-46DD-8C59-60FEAB1BB29A} => pcalua.exe -a "F:\кино\You Are Empty\YAE_setup.exe" -d "F:\кино\You Are Empty" Task: {260E3B70-F7FC-4321-B428-EBD092687296} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {262234CB-F2E9-4BCB-B404-0216B38B901F} - System32\Tasks\{54DEACB8-8542-477F-84DF-41CCEC5965C0} => pcalua.exe -a G:\setup.exe -d G:\ Task: {273B74F1-1791-4678-9AD3-C060EA2A72E4} - System32\Tasks\{6F2BB746-DA3C-4538-B6C5-F0BC2E50FC05} => F:\Games\OmD\Build\release\OrcsMustDie.exe Task: {2F93268C-BF97-4702-A281-60890AE447C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {3360A0FD-149E-4B1E-AD82-2CF33B843978} - System32\Tasks\{8E67143C-3475-47C5-B144-47B66B00C398} => pcalua.exe -a "C:\Users\МИХАИЛ 1\Downloads\googlesketchupwru(1).exe" -d "C:\Users\МИХАИЛ 1\Downloads" Task: {4B3B6FEC-9FD4-4A94-8B8F-32A9A08FAE2A} - System32\Tasks\{07A7C1BE-2546-4E8A-9F01-58BAD903F747} => F:\Games\bin\TimeShift.Exe Task: {616DFD08-C6A0-4C58-8896-6E278A26B83F} - System32\Tasks\{FC999D47-94DE-417A-A117-9F14724FD962} => pcalua.exe -a "C:\Users\МИХАИЛ 1\Downloads\2GISShell-3.14.9.0-2GISData_Omsk-122.0.0.exe" -d "C:\Users\МИХАИЛ 1\Downloads" Task: {61C36ECC-54CF-4248-A161-88F300025764} - System32\Tasks\{9E511542-1631-43AE-936D-9C5A12D084A9} => F:\Games\Metro Last Light\MetroLL.exe Task: {7A7346D4-9825-4233-B8E4-CD52E6E88050} - System32\Tasks\MailRuUpdater => C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\MailRuUpdater.exe [2016-04-11] (Mail.Ru) Task: {88AD5B93-AE53-4AE8-A25A-F28608256244} - System32\Tasks\{D795DFDA-7E1E-43CC-8420-4A1A4C84E5F3} => pcalua.exe -a "F:\кино\Silent Hill - Homecoming\Руссификатор (Озвучка)\Silent Hill 5 - Homecoming-sound 1.3.1.exe" -d "F:\кино\Silent Hill - Homecoming\Руссификатор (Озвучка)" Task: {8F9E9108-BFC1-41FA-9758-DC513E1ACFBD} - System32\Tasks\{16398A8C-BFCC-4853-BD47-177C5F03196A} => pcalua.exe -a "C:\Users\МИХАИЛ 1\AppData\Roaming\istartpageing\UninstallManager.exe" -c -ptid=cmi Task: {A18B5274-0711-4751-8514-9949DF7A2970} - System32\Tasks\{EA308191-BE61-4557-A514-1ED1BDF8DE66} => pcalua.exe -a E:\autorun.exe -d E:\ Task: {A7143AFF-C2FD-4FC3-854A-B5AE6C09C236} - System32\Tasks\{C8635629-C672-4122-B7F8-223C989D6CC7} => F:\игры\Scarface\Scarface.exe Task: {A8365DA4-67AE-4417-9B0B-976FEE8F6D11} - System32\Tasks\{179B3638-723A-4CE7-A7DD-AA3D7C644750} => pcalua.exe -a "C:\Users\МИХАИЛ 1\Downloads\2GISShell-3.14.8.0-2GISData_Omsk-121.0.0.exe" -d "C:\Users\МИХАИЛ 1\Downloads" Task: {AA6546E9-3E51-49A3-A967-77F40BD18EC2} - System32\Tasks\{82EDEFA4-64D6-4330-8579-A2813B9959FB} => pcalua.exe -a "C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\44.4.2403.3\Installer\setup.exe" -c --uninstall Task: {B43B8EF6-BF53-4898-A181-E880A29BAAAF} - System32\Tasks\{06C4734A-DDB0-45A8-9D0F-585614FFDE75} => F:\Games\TimeShift\bin\TimeShift.exe Task: {B51D7F43-3901-4876-A08D-822C655A4949} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-09] (Piriform Ltd) Task: {B631BB76-FAB3-4E53-B44A-C5928E33AC66} - System32\Tasks\{6607C1CC-EC42-4E73-980D-1EFEED2DBCDE} => F:\Games\TimeShift\bin\TimeShift.exe Task: {BE320C98-ED99-46D4-8F85-74B2267B94A0} - System32\Tasks\{B20AC3F7-95AC-4058-9550-E9FA9BD60A7E} => pcalua.exe -a F:\Games\Scarface\DirectX9\DXSETUP.exe -d F:\Games\Scarface\DirectX9 Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-21] (Корпорация Майкрософт (Microsoft Corp.)) Task: {D5428AA7-C82C-464D-B0FF-1F396F094230} - System32\Tasks\{C2B62486-30D0-4AA5-AEA8-FAEBF86806B9} => F:\Games\Metro Last Light\MetroLL.exe Task: {D704D1D6-D530-4C90-A93D-CAB7AC173BF9} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\МИХАИЛ 1\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION Task: {D934F3E9-D2C7-4954-81DF-D7BB5CBCDA8E} - System32\Tasks\WinZipDriverUpdater_UPDATES => C:\Program Files\WinZip Driver Updater\winzipdu.exe [2013-07-15] (WinZip Computing, S.L. (WinZip Computing)) Task: {E27CBD8F-C552-4DB1-8F0E-4122C1D174AD} - System32\Tasks\{6E471CCD-3E51-4564-B59A-DF68AF1C3EBE} => pcalua.exe -a G:\setup.exe -d G:\ Task: {E2E2366B-5C36-4B60-B830-D309CDEF4511} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\WinZipDriverUpdater_UPDATES.job => C:\Program Files\WinZip Driver Updater\winzipdu.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\МИХАИЛ 1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Вконтакте.lnk -> C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\vk.exe () -> hxxp://r.mail.ru/n137257923 ShortcutWithArgument: C:\Users\МИХАИЛ 1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Одноклассники.lnk -> C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\ok.exe () -> hxxp://r.mail.ru/n137257727 ShortcutWithArgument: C:\Users\Public\Desktop\Terrorist Takedown - Covert Ops.lnk -> F:\Games\Terrorist Takedown - Covert Ops\CovertOperations.exe (City Interactive) -> "hxxp://firstpoisk.ru" -game cstrike ==================== Loaded Modules (Whitelisted) ============== 2013-01-19 18:14 - 2015-11-21 22:49 - 04721368 _____ () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe 2011-11-24 23:49 - 2011-11-24 23:47 - 00008192 _____ () C:\Windows\system32\srvany.exe 2011-11-24 23:49 - 2011-11-24 23:49 - 00151622 _____ () C:\Windows\kmsem\KMService.exe 2011-11-24 23:49 - 2011-11-24 23:47 - 00032768 _____ () C:\Windows\kmsem\Shadow.KMS 2008-03-10 02:04 - 2008-03-10 02:04 - 00065536 _____ () C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe 2013-02-02 21:47 - 2013-02-02 21:47 - 00075064 _____ () C:\Windows\system32\PnkBstrA.exe 2011-03-17 03:11 - 2011-03-17 03:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2011-03-02 14:56 - 2011-03-02 14:56 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2013-05-30 18:33 - 2013-05-30 18:33 - 00630784 _____ () C:\Program Files\ExpressDownloader\TorrentExpress.exe 2013-02-12 17:55 - 2013-02-12 17:55 - 00279955 _____ () C:\Program Files\ExpressDownloader\libidn-11.dll 2015-04-28 19:34 - 2014-12-02 16:10 - 00218712 _____ () C:\Program Files\Download Master\unrar.dll 2015-04-28 19:44 - 2015-05-14 00:59 - 00203264 _____ () C:\Users\МИХАИЛ 1\AppData\Roaming\Download Master\Plugins\videoserv.dll 2016-01-15 23:18 - 2016-01-15 23:18 - 00144896 _____ () C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\GameCenter\zlib1.dll 2016-01-15 23:18 - 2016-01-15 23:18 - 00062464 _____ () C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\GameCenter\pxd.dll 2016-01-15 23:18 - 2016-01-21 17:52 - 00186240 _____ () C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\GameCenter\LightUpdate.dll 2014-01-12 00:54 - 2016-03-17 19:30 - 02322304 _____ () C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\GameCenter\BigUp2.dll 2015-08-26 15:18 - 2015-08-26 15:18 - 50425344 _____ () C:\Users\МИХАИЛ 1\AppData\Local\Mail.Ru\GameCenter\Chrome\3.2454.1317\libcef.dll 2015-12-09 01:25 - 2015-12-09 01:25 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1049.dll 2016-01-07 17:25 - 2015-11-17 21:17 - 00334552 _____ () C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\44.4.2403.3\amigo_cr.exe 2016-01-07 17:25 - 2015-11-17 21:16 - 01406168 _____ () C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\44.4.2403.3\libglesv2.dll 2016-01-07 17:25 - 2015-11-17 21:16 - 00081624 _____ () C:\Users\МИХАИЛ 1\AppData\Local\Amigo\Application\44.4.2403.3\libegl.dll 2011-11-24 23:51 - 2011-03-02 15:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll 2016-03-19 16:26 - 2016-03-19 16:26 - 19397824 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:44504F07 [133] AlternateDataStreams: C:\Users\Все пользователи\TEMP:44504F07 [133] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\14905097.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60661981.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91861067.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\14905097.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60661981.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\91861067.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 08:04 - 2015-12-15 23:27 - 00001146 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 validation.sls.microsoft.com 0.0.0.1 mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3032902621-1377843980-1404468434-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\МИХАИЛ 1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0) MpsSvc => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: Туннельный адаптер Microsoft Teredo Description: Туннельный адаптер Microsoft Teredo Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: swsedrvr_vt_1_10_0_25 Description: swsedrvr_vt_1_10_0_25 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: swsedrvr_vt_1_10_0_25 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: USB2.0-CRW Description: USB2.0-CRW Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/14/2016 08:12:55 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2016 08:11:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Имя сбойного приложения: praetorian.exe, версия: 0.2.2.113, отметка времени: 0x4fcc442c Имя сбойного модуля: praetorian.exe, версия: 0.2.2.113, отметка времени 0x4fcc442c Код исключения: 0xc0000417 Смещение ошибки: 0x000fa52a Идентификатор сбойного процесса: 0xbe4 Время запуска сбойного приложения: 0xpraetorian.exe0 Путь сбойного приложения: praetorian.exe1 Путь сбойного модуля: praetorian.exe2 Код отчета: praetorian.exe3 Error: (04/14/2016 08:09:43 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (04/14/2016 05:06:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2016 05:05:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Имя сбойного приложения: praetorian.exe, версия: 0.2.2.113, отметка времени: 0x4fcc442c Имя сбойного модуля: praetorian.exe, версия: 0.2.2.113, отметка времени 0x4fcc442c Код исключения: 0xc0000417 Смещение ошибки: 0x000fa52a Идентификатор сбойного процесса: 0xbf0 Время запуска сбойного приложения: 0xpraetorian.exe0 Путь сбойного приложения: praetorian.exe1 Путь сбойного модуля: praetorian.exe2 Код отчета: praetorian.exe3 Error: (04/14/2016 04:44:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2016 04:44:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Имя сбойного приложения: praetorian.exe, версия: 0.2.2.113, отметка времени: 0x4fcc442c Имя сбойного модуля: praetorian.exe, версия: 0.2.2.113, отметка времени 0x4fcc442c Код исключения: 0xc0000417 Смещение ошибки: 0x000fa52a Идентификатор сбойного процесса: 0xd6c Время запуска сбойного приложения: 0xpraetorian.exe0 Путь сбойного приложения: praetorian.exe1 Путь сбойного модуля: praetorian.exe2 Код отчета: praetorian.exe3 Error: (04/14/2016 04:40:55 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (04/14/2016 03:39:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/14/2016 03:39:03 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC System errors: ============= Error: (04/14/2016 08:31:57 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Структура файловой системы на диске повреждена и непригодна к использованию. Запустите программу CHKDSK на томе . Error: (04/14/2016 08:12:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Служба "Прослушиватель домашней группы" завершена из-за внутренней ошибки %%-2147023143. Error: (04/14/2016 08:11:55 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: Структура файловой системы на диске повреждена и непригодна к использованию. Запустите программу CHKDSK на томе . Error: (04/14/2016 08:11:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Сбой при загрузке драйвера(ов) перезагрузки или запуска системы: swsedrvr_vt_1_10_0_25 Error: (04/14/2016 08:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "Presentation Software Satellite" из-за ошибки %%2 Error: (04/14/2016 08:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "Hit Enable" из-за ошибки %%2 Error: (04/14/2016 08:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Сбой при запуске службы "Comment Box Visit" из-за ошибки %%2 Error: (04/14/2016 08:11:13 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Служба "Брандмауэр Windows" завершена из-за внутренней ошибки %%5. Error: (04/14/2016 06:31:03 PM) (Source: Disk) (EventID: 7) (User: ) Description: Неверный блок на устройстве \Device\Harddisk0\DR0. Error: (04/14/2016 06:31:03 PM) (Source: Disk) (EventID: 7) (User: ) Description: Неверный блок на устройстве \Device\Harddisk0\DR0. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz Percentage of memory in use: 69% Total physical RAM: 3009.86 MB Available physical RAM: 906.55 MB Total Virtual: 6018.01 MB Available Virtual: 2908.61 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:29.3 GB) (Free:2.47 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:29.29 GB) (Free:2.81 GB) FAT32 Drive f: () (Fixed) (Total:536.49 GB) (Free:22.86 GB) NTFS Drive h: (Summer) (Removable) (Total:7.69 GB) (Free:0.1 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: C3FFC3FF) Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=29.3 GB) - (Type=0C) Partition 3: (Not Active) - (Size=536.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1.1 GB) - (Type=12) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ==================== End of Addition.txt ============================