﻿Лог утилиты random's system information tool 1.12(автор: random/random)
Run by Елена at 2016-04-12 16:16:36
Microsoft Windows 7 Максимальная  Service Pack 1
Системный раздел C: размер 147 GB (62%) Свободно 238 GB
Total RAM: 2047 MB (40% free)
X86

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:16:43, on 12.04.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18231)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
C:\Users\Елена\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
C:\Program Files\2gis\3.0\2GISTrayNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HomePageDefender\HpDefSrv.exe
C:\Program Files\Mobogenie3\MobogenieService.exe
C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Users\Елена\AppData\Local\Mail.Ru\MailRuUpdater.exe
C:\Users\Елена\AppData\Local\Viber\Viber.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Users\Елена\AppData\Local\THORN\Thorn.exe
C:\Program Files\SSmaker\SSmaker.exe
C:\Users\Елена\AppData\Local\Amigo\Application\amigo.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files\Bluetooth PC Dialer\BluetoothPCDialer.exe
C:\Users\Елена\AppData\Local\Amigo\Application\44.4.2403.3\amigo_cr.exe
C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
C:\Users\Елена\AppData\Local\THORN\ThornHelper.exe
C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
C:\Users\Елена\AppData\Local\Amigo\Application\amigo.exe
C:\Users\Елена\AppData\Local\YZPack\A44DAA0E.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Елена\AppData\Local\Amigo\Application\amigo.exe
C:\Users\Елена\AppData\Local\Amigo\Application\amigo.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Елена\AppData\Local\Amigo\Application\amigo.exe
C:\Users\Елена\AppData\Local\Amigo\Application\amigo.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Елена\AppData\Local\Amigo\Application\amigo.exe
C:\Users\Елена\AppData\Local\Amigo\Application\amigo.exe
C:\Users\Елена\AppData\Local\Amigo\Application\amigo.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Елена\Documents\Новая папка\AutoLogger.exe
C:\Users\Елена\Documents\Новая папка\AutoLogger\AVZ\avz.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Елена\Documents\Новая папка\AutoLogger\RSIT\RSIT.exe
C:\Users\Елена\Documents\Новая папка\AutoLogger\RSIT\Елена_RSIT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yandex.ru/?clid=2101081
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yandex.ru/yandsearch?clid=2101082&text={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=811021
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://yandex.ru/?clid=2101081
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://yandex.ru/yandsearch?clid=2101082&text={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yandex.ru/?clid=2101081
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Wondershare Player 1.6.0 - {43D9786F-A485-683B-9B5B-ACC97ABC17FC} - C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll
O2 - BHO: WsSVRIEHelper - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\Елена\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll
O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll
O2 - BHO: Html5 geolocation provider - {9BFBA68E-E21B-458E-AE12-FE85E903D2C0} - C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\npHtml5loc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL (file missing)
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Визуальные закладки - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - C:\Program Files\Yandex\FastDial\fastdial.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Элементы Яндекса - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\Elements\bartab.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [2Gis Update Notifier] "C:\Program Files\2gis\3.0\2GISTrayNotifier.exe" -delayed_start
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
O4 - HKLM\..\Run: [DelaypluginInstall] C:\ProgramData\Wondershare\Player\DelayPluginI.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [AlterGeoUpdater] C:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [icq] C:\Users\Елена\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [MAgent] C:\Users\Елена\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU
O4 - HKCU\..\Run: [AlterGeoUpdater] C:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe
O4 - HKCU\..\Run: [Praetorian] C:\Users\Елена\AppData\Local\Yandex\Updater\praetorian.exe
O4 - HKCU\..\Run: [MailRuUpdater] C:\Users\Елена\AppData\Local\Mail.Ru\MailRuUpdater.exe
O4 - HKCU\..\Run: [Viber] "C:\Users\Елена\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [SSMaker] C:\Program Files\SSmaker\SSmaker.exe
O4 - HKCU\..\Run: [YZPack] C:\Users\Елена\AppData\Local\YZPack\A44DAA0E.exe
O4 - HKCU\..\Run: [Oxmics] regsvr32.exe C:\Users\Елена\AppData\Local\Oxmics\SmartTst.dll
O4 - HKCU\..\Run: [amigo] C:\Users\Елена\AppData\Local\Amigo\Application\amigo.exe --no-startup-window
O4 - HKCU\..\Run: [Advanced SystemCare 8] "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AlterGeoUpdater] C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe (User 'система')
O4 - HKUS\.DEFAULT\..\Run: [AlterGeoUpdater] C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe (User 'Default user')
O4 - Startup: Bluetooth PC Dialer.lnk = C:\Program Files\Bluetooth PC Dialer\BluetoothPCDialer.exe
O4 - Startup: Отправка в OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
O4 - Global Startup: Tabs.lnk = C:\Program Files\Ticno\Tabs\Ticno Tabs.exe
O8 - Extra context menu item: &Отправить в OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files\Download Master\dmieall.htm
O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files\Download Master\dmie.htm
O8 - Extra context menu item: Передать на удаленную закачку DM - C:\Program Files\Download Master\remdown.htm
O9 - Extra button: Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Звонок щелчком Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Звонок щелчком Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\Елена\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU)
O9 - Extra 'Tools' menuitem: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\Елена\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0531EA0-8EE0-4D84-AD00-244C3AE7CA3E}: NameServer = 85.234.0.53 85.234.2.53
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: WSIEChrome - {6D02ED5F-FD0D-4C4C - (no file)
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: 2GIS UpdateService (2GISUpdateService) - ООО ДубльГИС - C:\Program Files\2gis\3.0\2GISUpdateService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HomePageDefender Service - Unknown owner - C:\Program Files\HomePageDefender\HpDefSrv.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MobogenieService - Mobogenie.com - C:\Program Files\Mobogenie3\MobogenieService.exe
O23 - Service: Mail.Ru Update Service (mrupdsrv) - Mail.Ru - C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Служба политики провайдера безопасности аккаунта (Thorn) - GGS - C:\Users\Елена\AppData\Local\THORN\Thorn.exe
O23 - Service: Updater.Mail.Ru - Mail.Ru - C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

--
End of file - 15805 bytes

======Папка назначеных зданий======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 
C:\Windows\system32\tasks\ASC8_PerformanceMonitor - C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe /Task
C:\Windows\system32\tasks\ASC8_SkipUac_Елена - "C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac
C:\Windows\system32\tasks\avast! Emergency Update - C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe 
C:\Windows\system32\tasks\avastBCLRestartS-1-5-21-2696400509-195554733-1256058888-1000 - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Windows\system32\tasks\GameNet - C:/Program Files/QGNA/qgna.exe /minimized
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\MailRuUpdater - C:\Users\Елена\AppData\Local\Mail.Ru\MailRuUpdater.exe --check
C:\Windows\system32\tasks\MailRuUpdateTask - C:\Users\Елена\AppData\Local\Mail.Ru\MailRuUpdater.exe --scheduler
C:\Windows\system32\tasks\Microsoft Office 15 Sync Maintenance for Елена-ПК-Елена Елена-ПК - C:\Program Files\Microsoft Office\Office15\MsoSync.exe 
C:\Windows\system32\tasks\Opera scheduled Autoupdate 1435989557 - C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Scheduled Update for Ask Toolbar - C:\Program Files\Ask.com\UpdateTask.exe 
C:\Windows\system32\tasks\SidebarExecute - C:\Program Files\Windows Sidebar\sidebar.exe "C:\Users\Елена\Downloads\rp5weather_sevengadgets.ru (1).zip"
C:\Windows\system32\tasks\Soft installer - "C:\Users\Елена\AppData\Local\Hostinstaller\214575942_installcube.exe" subid=2669;src=installcube;scheduler=1
C:\Windows\system32\tasks\SweetLabs App Platform - %LOCALAPPDATA%\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe /LOGON
C:\Windows\system32\tasks\Uninstaller_SkipUac_Елена - C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
C:\Windows\system32\tasks\{10084F85-C5A0-4CE2-94C1-C914194BD8DC} - G:\Новая папка (2)\Новая папка\Расчёт стажей\Stages.exe 
C:\Windows\system32\tasks\{2F741EBB-F070-4E20-BF92-20A56AD00CDA} - C:\Program Files\games\shiver_3_moonlit_grove_se\Shiver_MoonlitGrove.exe 
C:\Windows\system32\tasks\{5BD10707-B897-4A8C-8D74-9FEEE2A002C4} - C:\Program Files\Расчёт стажей\uninst.exe 
C:\Windows\system32\tasks\{65ABA041-B833-4042-9EB8-CFB511A558DA} - C:\Windows\system32\pcalua.exe -a F:\RD_Lord_of_Statues_CE_Rus_Setup.exe -d F:\
C:\Windows\system32\tasks\{660C77B3-0CDB-4364-91D5-8FF44F5FFCB8} - C:\Program Files\games\shiver_3_moonlit_grove_se\Shiver_MoonlitGrove.exe 
C:\Windows\system32\tasks\{6E13FF21-A58E-4487-B5A5-5435C2C750DA} - C:\Program Files\Расчёт стажей\uninst.exe 
C:\Windows\system32\tasks\{73518ACE-7694-4E32-B453-F59795AC6762} - C:\Windows\system32\pcalua.exe -a "C:\Разное с флэшки\Новая папка 5\База 1-С\!crk!\sable004.exe" -d "C:\Разное с флэшки\Новая папка 5\База 1-С\!crk!"
C:\Windows\system32\tasks\{7C14A6B7-3DAA-49A4-98D3-858B5FFF0251} - C:\Windows\system32\pcalua.exe -a "C:\Program Files\Nokia\Nokia PC Suite 6\ApplicationInstaller.exe" -d C:\Users\Елена\Desktop -c "C:\Users\Елена\Desktop\WhatsApp_2_8_29.sis"
C:\Windows\system32\tasks\{997F1182-F2A7-4F30-8B2E-E9EAF9721FA3} - G:\Новая папка (2)\Новая папка\Расчёт стажей\Stages.exe 
C:\Windows\system32\tasks\{D778E6A1-562F-4F6D-8287-03A2C58AC22B} - C:\Program Files\games\shiver_3_moonlit_grove_se\Shiver_MoonlitGrove.exe 
C:\Windows\system32\tasks\{FA97EAB9-8A44-4D73-B3FE-8FE01D14C455} - C:\Program Files\games\shiver_3_moonlit_grove_se\Shiver_MoonlitGrove.exe 
C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask - %systemroot%\system32\sc.exe start osppsvc
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" 
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask - %SystemRoot%\system32\Wat\WatAdminSvc.exe /run
C:\Windows\system32\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs 
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe 
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe 
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe 
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe 
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader - %windir%\system32\WSqmCons.exe -u
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent 
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe 
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe 
C:\Windows\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe 
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs

=========Google Chrome=========

C:\Users\Елена\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Интернет-магазин Chrome 0.2
Extension apdfllckaahabafndbhieahigkjlhalf 1 Диск Google 14.0
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0  
Extension bkdegagmpemadclljncealhmmkojfoam 2 Wondershare Player 1.6.0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Google Search 0.0.0.30
Extension ecnphlgnajanjnkcmbpancdjoidceilk 1 Quick Searcher 2.0.6899
Extension eemcgdkfndhakfknompkggombfjjjeno  Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg  Settings 0.2
Extension eofcbnmajmjmplflapaojjnihcjkigck 1 Avast SafePrice 10.2.0.190
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Google Документы офлайн 1.0
Extension gomekmidlodglbbmalcneegieacbdmki 1 Avast Online Security 10.2.0.190
Extension jaocgokledfmfebefgbeokdodbbdjhdd 0 Mail.ru «Визуальные закладки» 1.0.15
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.31
Extension mfehgcgbbipciphmccgaenjidiccnmng  Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension nbpagnldghgfoolbancepceaanlmhfmd 1 Hotword triggering 0.0.1.4
Extension neajdppkdcdipfabeoofebfddakdcjhd  Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.2.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Платежная система Интернет-магазина Chrome 0.1.2.0
Extension pafkbggdmjlpgkdkcbjmhmfcdpncadgh  Google Now 1.2.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Homepage: http://mail.ru/cnt/10445?gp=811021
default_search_provider.search_url: 
C:\Users\Елена\AppData\Local\Google\Chrome\User Data\Default\Preferences
Plugin 11.5.31.2 Shockwave Flash C:\Program Files\Google\Chrome\Application\49.0.2623.87\PepperFlash\pepflashplayer.dll
Plugin  Chrome Remote Desktop Viewer internal-remoting-viewer
Plugin  Native Client C:\Program Files\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll
Plugin  Chrome PDF Viewer C:\Program Files\Google\Chrome\Application\49.0.2623.87\pdf.dll
Plugin 1.3.21.123 Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
Homepage: 
default_search_provider.search_url: 

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bgcifljfapbhgiehkjlckfjmgeojijcb]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bkdegagmpemadclljncealhmmkojfoam]
"Path"=C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp]
"Path"=C:\Program Files\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChromeSp.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\hcncjpganfocbfoenaemagjjopkkindp]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lbjjfiihgfegniolckphpnfaokdkbmdm]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\noecaidkfpaionjdebbkoehapefchmjj]
"Path"=C:\ProgramData\Wondershare\Player\BHO@Wondershare.com.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj]
"Path"=


======Снимок реестра======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={F4137D40-259A-4FB3-B780-F8C39B303C41}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"=http://www.sweet-page.com/web/?type=ds&ts=1404493247&from=cor&uid=395049983_1052515_0CCA2B46&q={searchTerms}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]
"URL"=http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F4137D40-259A-4FB3-B780-F8C39B303C41}]
"URL"=http://yandex.ru/yandsearch?clid=2101082&text={searchTerms}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2016-04-12 752960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-10-17 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43D9786F-A485-683B-9B5B-ACC97ABC17FC}]
Wondershare Player 1.6.0 - C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll [2013-09-28 621640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF}]
Wondershare Video Converter Ultimate - C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll [2013-12-31 273296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2016-03-16 678656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}]
Поиск@Mail.Ru - C:\Users\Елена\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-04-12 2551000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll [2013-04-23 168224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C0}]
AlterGeoBHO Class - C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\npHtml5loc.dll [2014-08-01 670416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2013-09-13 705240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Surfing Protection - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2013-11-02 1727176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414a-9456-AF95AC9ED7B5}]
Визуальные закладки - C:\Program Files\Yandex\FastDial\fastdial.dll [2013-03-22 1311520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}
{91397D20-1446-11D4-8AF4-0040CA1127B6} - Элементы Яндекса - C:\Program Files\Yandex\Elements\bartab.dll [2013-05-24 3094368]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808]
"2Gis Update Notifier"=C:\Program Files\2gis\3.0\2GISTrayNotifier.exe [2016-02-29 4593384]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"Wondershare Helper Compact.exe"=C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2013-07-25 1985824]
"BrowserPlugInHelper"=C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe [2013-09-04 1966992]
"DelaypluginInstall"=C:\ProgramData\Wondershare\Player\DelayPluginI.exe [2013-09-28 1960008]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2016-04-05 7139256]
"AlterGeoUpdater"=C:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe [2013-01-28 29696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13 1085656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-09-18 205976]
"icq"=C:\Users\Елена\AppData\Roaming\ICQM\icq.exe [2012-12-05 26054568]
"MAgent"=C:\Users\Елена\AppData\Roaming\Mail.Ru\Agent\magent.exe [2014-11-29 36762144]
"AlterGeoUpdater"=C:\Program Files\AlterGeo\Html5 geolocation provider\html5locsvc.exe [2013-01-28 29696]
"Praetorian"=C:\Users\Елена\AppData\Local\Yandex\Updater\praetorian.exe [2012-11-14 1618304]
"MailRuUpdater"=C:\Users\Елена\AppData\Local\Mail.Ru\MailRuUpdater.exe [2016-04-11 5873880]
"Viber"=C:\Users\Елена\AppData\Local\Viber\Viber.exe [2016-03-03 59171920]
"SSMaker"=C:\Program Files\SSmaker\SSmaker.exe [2015-10-12 2960384]
"YZPack"=C:\Users\Елена\AppData\Local\YZPack\A44DAA0E.exe [2016-04-12 100446]
"Oxmics"=regsvr32.exe C:\Users\Елена\AppData\Local\Oxmics\SmartTst.dll []
"amigo"=C:\Users\Елена\AppData\Local\Amigo\Application\amigo.exe [2015-11-17 692952]
"Advanced SystemCare 8"=C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2015-04-08 2429728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Tabs.lnk - C:\Program Files\Ticno\Tabs\Ticno Tabs.exe

C:\Users\Елена\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth PC Dialer.lnk - C:\Program Files\Bluetooth PC Dialer\BluetoothPCDialer.exe
Отправка в OneNote.lnk - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======Ассоциации файлов======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======Список файлов и папок, созданных за последние 3 месяца======

2016-04-12 16:11:05 ----A---- C:\Windows\system32\drivers\uty1nti5.sys
2016-04-12 15:29:48 ----A---- C:\Windows\ntbtlog.txt
2016-04-12 14:24:02 ----D---- C:\Users\Елена\AppData\Roaming\ProductData
2016-04-12 14:22:16 ----D---- C:\ProgramData\ProductData
2016-04-12 14:22:14 ----D---- C:\ProgramData\IObit
2016-04-12 14:22:14 ----D---- C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2016-04-12 14:22:14 ----D---- C:\Program Files\Common Files\IObit
2016-04-12 14:21:24 ----D---- C:\Program Files\IObit
2016-04-12 14:21:13 ----D---- C:\Users\Елена\AppData\Roaming\IObit
2016-04-12 14:18:28 ----D---- C:\Users\Елена\AppData\Roaming\FreeVPN
2016-04-12 14:18:21 ----D---- C:\Program Files\Free VPN
2016-04-12 14:17:23 ----D---- C:\Program Files\HomePageDefender
2016-04-12 13:44:50 ----D---- C:\Windows\shadows
2016-04-12 13:34:06 ----D---- C:\Program Files\VirusTotal
2016-04-12 09:32:38 ----A---- C:\README9.txt
2016-04-12 09:32:38 ----A---- C:\README8.txt
2016-04-12 09:32:38 ----A---- C:\README7.txt
2016-04-12 09:32:38 ----A---- C:\README6.txt
2016-04-12 09:32:38 ----A---- C:\README5.txt
2016-04-12 09:32:38 ----A---- C:\README4.txt
2016-04-12 09:32:38 ----A---- C:\README3.txt
2016-04-12 09:32:38 ----A---- C:\README2.txt
2016-04-12 09:32:38 ----A---- C:\README10.txt
2016-04-12 09:32:38 ----A---- C:\README1.txt
2016-04-12 09:31:56 ----SHD---- C:\ProgramData\Windows
2016-04-09 10:01:54 ----A---- C:\Users\Елена\AppData\Roaming\snoots.dll
2016-04-05 16:18:16 ----A---- C:\Windows\system32\aswBoot.exe
2016-03-16 16:48:01 ----A---- C:\Windows\avastSS.scr
2016-03-16 16:47:44 ----A---- C:\Windows\system32\drivers\aswNdisFlt.sys
2016-03-13 16:23:30 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2016-03-13 16:23:23 ----A---- C:\Windows\system32\seclogon.dll
2016-03-13 16:23:22 ----A---- C:\Windows\system32\win32k.sys
2016-03-13 16:23:19 ----A---- C:\Windows\system32\mfds.dll
2016-03-13 16:22:38 ----A---- C:\Windows\system32\ntdll.dll
2016-03-13 16:22:37 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-03-13 16:22:36 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-03-13 16:22:35 ----A---- C:\Windows\system32\advapi32.dll
2016-03-13 16:22:33 ----A---- C:\Windows\system32\kerberos.dll
2016-03-13 16:22:33 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-03-13 16:22:33 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2016-03-13 16:22:32 ----A---- C:\Windows\system32\lsasrv.dll
2016-03-13 16:22:32 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-03-13 16:22:31 ----A---- C:\Windows\system32\srcore.dll
2016-03-13 16:22:31 ----A---- C:\Windows\system32\smss.exe
2016-03-13 16:22:31 ----A---- C:\Windows\system32\schannel.dll
2016-03-13 16:22:31 ----A---- C:\Windows\system32\rpcrt4.dll
2016-03-13 16:22:31 ----A---- C:\Windows\system32\msv1_0.dll
2016-03-13 16:22:31 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-03-13 16:22:30 ----A---- C:\Windows\system32\ncrypt.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\wdigest.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\TSpkg.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\sspisrv.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\sspicli.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\srclient.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\secur32.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\rstrui.exe
2016-03-13 16:22:29 ----A---- C:\Windows\system32\msaudite.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\lsass.exe
2016-03-13 16:22:29 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-03-13 16:22:29 ----A---- C:\Windows\system32\csrsrv.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\cryptbase.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\credssp.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\auditpol.exe
2016-03-13 16:22:29 ----A---- C:\Windows\system32\apisetschema.dll
2016-03-13 16:22:29 ----A---- C:\Windows\system32\adtschema.dll
2016-03-13 16:22:28 ----A---- C:\Windows\system32\msobjs.dll
2016-03-13 16:22:18 ----A---- C:\Windows\system32\wuwebv.dll
2016-03-13 16:22:18 ----A---- C:\Windows\system32\wups2.dll
2016-03-13 16:22:18 ----A---- C:\Windows\system32\wups.dll
2016-03-13 16:22:18 ----A---- C:\Windows\system32\wudriver.dll
2016-03-13 16:22:18 ----A---- C:\Windows\system32\wucltux.dll
2016-03-13 16:22:18 ----A---- C:\Windows\system32\wuaueng.dll
2016-03-13 16:22:18 ----A---- C:\Windows\system32\wuauclt.exe
2016-03-13 16:22:18 ----A---- C:\Windows\system32\wuapp.exe
2016-03-13 16:22:18 ----A---- C:\Windows\system32\wuapi.dll
2016-03-13 16:22:18 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2016-03-13 16:22:18 ----A---- C:\Windows\system32\WinSetupUI.dll
2016-03-13 16:22:08 ----A---- C:\Windows\system32\olepro32.dll
2016-03-13 16:22:08 ----A---- C:\Windows\system32\oleaut32.dll
2016-03-13 16:22:07 ----A---- C:\Windows\system32\asycfilt.dll
2016-03-13 16:21:58 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-13 16:21:58 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-03-13 16:21:57 ----A---- C:\Windows\system32\urlmon.dll
2016-03-13 16:21:57 ----A---- C:\Windows\system32\occache.dll
2016-03-13 16:21:57 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-13 16:21:57 ----A---- C:\Windows\system32\iernonce.dll
2016-03-13 16:21:57 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-03-13 16:21:57 ----A---- C:\Windows\system32\iedkcs32.dll
2016-03-13 16:21:57 ----A---- C:\Windows\system32\ie4uinit.exe
2016-03-13 16:21:56 ----A---- C:\Windows\system32\vbscript.dll
2016-03-13 16:21:56 ----A---- C:\Windows\system32\msfeeds.dll
2016-03-13 16:21:56 ----A---- C:\Windows\system32\jsproxy.dll
2016-03-13 16:21:56 ----A---- C:\Windows\system32\jscript9diag.dll
2016-03-13 16:21:56 ----A---- C:\Windows\system32\inseng.dll
2016-03-13 16:21:56 ----A---- C:\Windows\system32\ieUnatt.exe
2016-03-13 16:21:56 ----A---- C:\Windows\system32\ieapfltr.dll
2016-03-13 16:21:56 ----A---- C:\Windows\system32\dxtmsft.dll
2016-03-13 16:21:54 ----A---- C:\Windows\system32\webcheck.dll
2016-03-13 16:21:54 ----A---- C:\Windows\system32\msrating.dll
2016-03-13 16:21:53 ----A---- C:\Windows\system32\wininet.dll
2016-03-13 16:21:53 ----A---- C:\Windows\system32\jscript.dll
2016-03-13 16:21:53 ----A---- C:\Windows\system32\iesetup.dll
2016-03-13 16:21:53 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-03-13 16:21:52 ----A---- C:\Windows\system32\ieui.dll
2016-03-13 16:21:52 ----A---- C:\Windows\system32\dxtrans.dll
2016-03-13 16:21:51 ----A---- C:\Windows\system32\ieframe.dll
2016-03-13 16:21:50 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-03-13 16:21:50 ----A---- C:\Windows\system32\mshtmled.dll
2016-03-13 16:21:49 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-03-13 16:21:48 ----A---- C:\Windows\system32\mshtml.dll
2016-03-13 16:21:48 ----A---- C:\Windows\system32\jscript9.dll
2016-03-13 16:21:46 ----A---- C:\Windows\system32\iertutil.dll
2016-03-13 16:20:01 ----A---- C:\Windows\system32\lpk.dll
2016-03-13 16:20:01 ----A---- C:\Windows\system32\fontsub.dll
2016-03-13 16:20:01 ----A---- C:\Windows\system32\dciman32.dll
2016-03-13 16:20:01 ----A---- C:\Windows\system32\atmlib.dll
2016-03-13 16:20:01 ----A---- C:\Windows\system32\atmfd.dll
2016-03-13 16:19:45 ----A---- C:\Windows\system32\wmp.dll
2016-03-13 16:19:45 ----A---- C:\Windows\system32\spwmp.dll
2016-03-13 16:19:44 ----A---- C:\Windows\system32\wmploc.DLL
2016-03-13 16:19:44 ----A---- C:\Windows\system32\dxmasf.dll
2016-03-13 14:56:21 ----A---- C:\Windows\system32\drivers\asw2E3B.tmp
2016-03-13 14:56:21 ----A---- C:\Windows\system32\drivers\asw2C37.tmp
2016-03-13 14:56:20 ----A---- C:\Windows\system32\drivers\asw2A62.tmp
2016-03-13 14:56:20 ----A---- C:\Windows\system32\drivers\asw28DB.tmp
2016-03-13 14:56:19 ----A---- C:\Windows\system32\drivers\asw25BF.tmp
2016-03-13 14:56:19 ----A---- C:\Windows\system32\drivers\asw23BB.tmp
2016-03-13 14:56:18 ----A---- C:\Windows\system32\drivers\asw2188.tmp
2016-03-13 14:56:17 ----A---- C:\Windows\system32\drivers\asw1DFE.tmp
2016-02-10 08:26:21 ----A---- C:\Windows\system32\ole32.dll
2016-02-10 08:25:18 ----A---- C:\Windows\system32\jnwmon.dll
2016-02-10 08:25:18 ----A---- C:\Windows\system32\InkEd.dll
2016-02-10 08:25:09 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-10 08:24:51 ----A---- C:\Windows\system32\ntdll(72).dll
2016-02-10 08:24:51 ----A---- C:\Windows\system32\EncDec.dll
2016-02-10 08:24:51 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-10 08:24:49 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-10 08:24:49 ----A---- C:\Windows\system32\msorcl32.dll
2016-02-10 08:24:49 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-10 08:24:49 ----A---- C:\Windows\system32\kernel32.dll
2016-02-10 08:24:49 ----A---- C:\Windows\system32\advapi32(60).dll
2016-02-10 08:24:48 ----A---- C:\Windows\system32\kerberos(66).dll
2016-02-10 08:24:42 ----A---- C:\Windows\system32\winsrv.dll
2016-02-10 08:24:42 ----A---- C:\Windows\system32\smss(77).exe
2016-02-10 08:24:42 ----A---- C:\Windows\system32\rpcrt4(74).dll
2016-02-10 08:24:42 ----A---- C:\Windows\system32\lsasrv(68).dll
2016-02-10 08:24:42 ----A---- C:\Windows\system32\conhost.exe
2016-02-10 08:24:41 ----A---- C:\Windows\system32\wdigest(83).dll
2016-02-10 08:24:41 ----A---- C:\Windows\system32\TSpkg(81).dll
2016-02-10 08:24:41 ----A---- C:\Windows\system32\sspicli(79).dll
2016-02-10 08:24:41 ----A---- C:\Windows\system32\srcore(78).dll
2016-02-10 08:24:41 ----A---- C:\Windows\system32\schannel(75).dll
2016-02-10 08:24:41 ----A---- C:\Windows\system32\ncrypt(71).dll
2016-02-10 08:24:41 ----A---- C:\Windows\system32\msv1_0(70).dll
2016-02-10 08:24:41 ----A---- C:\Windows\system32\csrsrv(64).dll
2016-02-10 08:24:41 ----A---- C:\Windows\system32\cryptbase(63).dll
2016-02-10 08:24:40 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 08:24:40 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 08:24:40 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 08:24:40 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 08:24:40 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 08:24:40 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 08:24:40 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 08:24:40 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 08:24:40 ----A---- C:\Windows\system32\sspisrv(80).dll
2016-02-10 08:24:40 ----A---- C:\Windows\system32\secur32(76).dll
2016-02-10 08:24:40 ----A---- C:\Windows\system32\lsass(69).exe
2016-02-10 08:24:40 ----A---- C:\Windows\system32\credssp(62).dll
2016-02-10 08:24:40 ----A---- C:\Windows\system32\apisetschema(61).dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 08:24:39 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 08:24:38 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 08:24:37 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 08:23:16 ----A---- C:\Windows\system32\urlmon(82).dll
2016-02-10 08:23:13 ----A---- C:\Windows\system32\iertutil(65).dll
2016-02-10 08:22:49 ----A---- C:\Windows\system32\wininet(85).dll
2016-01-13 15:53:37 ----A---- C:\Windows\system32\gdi32.dll
2016-01-13 15:53:37 ----A---- C:\Windows\system32\aepic.dll
2016-01-13 15:53:37 ----A---- C:\Windows\system32\aeinv.dll
2016-01-13 15:53:35 ----A---- C:\Windows\system32\qedit.dll
2016-01-13 15:53:33 ----A---- C:\Windows\system32\mapistub.dll
2016-01-13 15:53:33 ----A---- C:\Windows\system32\mapi32.dll
2016-01-13 15:53:33 ----A---- C:\Windows\system32\fixmapi.exe
2016-01-13 15:53:30 ----A---- C:\Windows\system32\WMVSDECD.DLL
2016-01-13 15:53:30 ----A---- C:\Windows\system32\WMVDECOD.DLL
2016-01-13 15:53:30 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 15:53:30 ----A---- C:\Windows\system32\WMADMOD.DLL
2016-01-13 15:53:30 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 15:53:30 ----A---- C:\Windows\system32\msmpeg2adec.dll
2016-01-13 15:53:30 ----A---- C:\Windows\system32\mf.dll
2016-01-13 15:53:29 ----A---- C:\Windows\system32\WMVENCOD.DLL
2016-01-13 15:53:29 ----A---- C:\Windows\system32\wmpmde.dll
2016-01-13 15:53:29 ----A---- C:\Windows\system32\WMADMOE.DLL
2016-01-13 15:53:29 ----A---- C:\Windows\system32\quartz.dll
2016-01-13 15:53:29 ----A---- C:\Windows\system32\mfplat.dll
2016-01-13 15:53:29 ----A---- C:\Windows\system32\mcmde.dll
2016-01-13 15:53:29 ----A---- C:\Windows\system32\evr.dll
2016-01-13 15:53:29 ----A---- C:\Windows\system32\COLORCNV.DLL
2016-01-13 15:53:28 ----A---- C:\Windows\system32\WMVXENCD.DLL
2016-01-13 15:53:28 ----A---- C:\Windows\system32\WMVSENCD.DLL
2016-01-13 15:53:28 ----A---- C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 15:53:28 ----A---- C:\Windows\system32\qdvd.dll
2016-01-13 15:53:28 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 15:53:28 ----A---- C:\Windows\system32\MPG4DECD.DLL
2016-01-13 15:53:28 ----A---- C:\Windows\system32\MP43DECD.DLL
2016-01-13 15:53:28 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 15:53:28 ----A---- C:\Windows\system32\devenum.dll
2016-01-13 15:53:27 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 15:53:27 ----A---- C:\Windows\system32\VIDRESZR.DLL
2016-01-13 15:53:27 ----A---- C:\Windows\system32\SysFxUI.dll
2016-01-13 15:53:27 ----A---- C:\Windows\system32\rrinstaller.exe
2016-01-13 15:53:27 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 15:53:27 ----A---- C:\Windows\system32\qasf.dll
2016-01-13 15:53:27 ----A---- C:\Windows\system32\MP4SDECD.DLL
2016-01-13 15:53:27 ----A---- C:\Windows\system32\MP3DMOD.DLL
2016-01-13 15:53:27 ----A---- C:\Windows\system32\mfvdsp.dll
2016-01-13 15:53:27 ----A---- C:\Windows\system32\mfps.dll
2016-01-13 15:53:26 ----A---- C:\Windows\system32\mfpmp.exe
2016-01-13 15:53:26 ----A---- C:\Windows\system32\drivers\portcls.sys
2016-01-13 15:53:26 ----A---- C:\Windows\system32\drivers\drmk.sys
2016-01-13 15:53:25 ----A---- C:\Windows\system32\mferror.dll
2016-01-13 15:53:25 ----A---- C:\Windows\system32\ksuser.dll
2016-01-13 15:53:25 ----A---- C:\Windows\system32\drivers\drmkaud.sys

======Список файлов и папок, измененных за последние 3 месяца======

2016-04-12 16:16:40 ----D---- C:\Windows\Temp
2016-04-12 16:11:05 ----D---- C:\Windows\system32\drivers
2016-04-12 16:06:16 ----RD---- C:\Users
2016-04-12 15:51:41 ----D---- C:\Users\Елена\AppData\Roaming\WinRAR
2016-04-12 15:43:22 ----D---- C:\Program Files\Opera
2016-04-12 15:42:23 ----D---- C:\Windows\tracing
2016-04-12 15:39:51 ----D---- C:\Users\Елена\AppData\Roaming\ViberPC
2016-04-12 15:29:48 ----D---- C:\Windows
2016-04-12 15:27:22 ----D---- C:\Windows\system32\config
2016-04-12 14:46:13 ----SHD---- C:\Windows\Installer
2016-04-12 14:46:13 ----SHD---- C:\Config.Msi
2016-04-12 14:46:09 ----D---- C:\ProgramData\Microsoft Help
2016-04-12 14:43:52 ----SHD---- C:\System Volume Information
2016-04-12 14:23:35 ----D---- C:\Windows\system32\Tasks
2016-04-12 14:22:42 ----D---- C:\Users\Елена\AppData\Roaming\Apple Computer
2016-04-12 14:22:30 ----D---- C:\Windows\Tasks
2016-04-12 14:22:16 ----HD---- C:\ProgramData
2016-04-12 14:22:14 ----D---- C:\Program Files\Common Files
2016-04-12 14:21:24 ----D---- C:\Program Files
2016-04-12 14:19:27 ----D---- C:\Users\Елена\AppData\Roaming\MailProducts
2016-04-12 10:53:38 ----D---- C:\ProgramData\Wondershare Video Converter Ultimate
2016-04-12 10:52:23 ----D---- C:\Windows\system32\wbem
2016-04-12 10:51:44 ----D---- C:\Windows\system32\catroot2
2016-04-12 10:51:44 ----D---- C:\Windows\System32
2016-04-12 10:51:43 ----D---- C:\Windows\registration
2016-04-12 10:44:01 ----D---- C:\Program Files\WinRAR
2016-04-12 10:22:33 ----D---- C:\1f02c0cc79ee8ea0f11273e087a38f54
2016-04-12 10:21:00 ----D---- C:\ProgramData\Wondershare Player
2016-04-12 10:20:50 ----D---- C:\ProgramData\{F5771D98-ADD0-43C6-9597-034A6E24ADBB}
2016-04-12 10:11:06 ----D---- C:\Users\Елена\AppData\Roaming\BitTorrent
2016-04-12 10:11:06 ----D---- C:\Users\Елена\AppData\Roaming\Babylon
2016-04-12 10:11:05 ----D---- C:\Users\Елена\AppData\Roaming\Download Master
2016-04-12 10:11:03 ----D---- C:\Users\Елена\AppData\Roaming\HaoZip
2016-04-12 10:11:02 ----D---- C:\Users\Елена\AppData\Roaming\ICQ-Profile
2016-04-12 10:09:37 ----D---- C:\Users\Елена\AppData\Roaming\Mobogenie
2016-04-12 10:09:24 ----D---- C:\Users\Елена\AppData\Roaming\Mra
2016-04-12 10:07:59 ----D---- C:\Users\Елена\AppData\Roaming\newSI_1497
2016-04-12 10:07:55 ----D---- C:\Users\Елена\AppData\Roaming\newSI_2
2016-04-12 10:07:36 ----D---- C:\Users\Елена\AppData\Roaming\TeamViewer
2016-04-12 10:05:41 ----D---- C:\Users\Елена\AppData\Roaming\Zona
2016-04-12 10:05:41 ----D---- C:\Users\Елена\AppData\Roaming\Yandex
2016-04-12 09:34:07 ----D---- C:\Разное с флэшки
2016-04-08 13:16:17 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-04-08 11:30:56 ----SD---- C:\ProgramData\Microsoft
2016-04-06 08:43:44 ----D---- C:\Windows\Prefetch
2016-04-05 16:28:02 ----D---- C:\ProgramData\AVAST Software
2016-04-05 16:27:39 ----D---- C:\Windows\system32\catroot
2016-04-05 16:27:38 ----D---- C:\Windows\system32\DriverStore
2016-04-05 16:27:38 ----D---- C:\Windows\inf
2016-04-05 07:22:44 ----D---- C:\Windows\winsxs
2016-03-28 19:04:55 ----D---- C:\Program Files\Mail.Ru
2016-03-28 06:53:35 ----D---- C:\Windows\rescache
2016-03-17 14:21:31 ----D---- C:\Windows\Microsoft.NET
2016-03-17 14:21:20 ----RSD---- C:\Windows\assembly
2016-03-17 10:53:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-17 10:45:08 ----D---- C:\Windows\system32\ru-RU
2016-03-17 10:45:08 ----D---- C:\Windows\system32\en-US
2016-03-17 10:45:01 ----D---- C:\Program Files\Internet Explorer
2016-03-17 09:13:24 ----D---- C:\Windows\system32\MRT
2016-03-17 09:06:36 ----A---- C:\Windows\system32\MRT.exe
2016-03-17 09:05:47 ----D---- C:\Program Files\Windows Media Player
2016-03-16 16:47:52 ----D---- C:\Program Files\avast software
2016-03-13 15:01:21 ----D---- C:\Program Files\Mobogenie3
2016-03-13 15:01:21 ----D---- C:\Program Files\Common Files\microsoft shared
2016-03-13 15:01:17 ----HD---- C:\Windows\system32\GroupPolicy
2016-03-13 15:01:17 ----D---- C:\Windows\system32\wfp
2016-03-13 15:01:17 ----D---- C:\Windows\system32\Macromed
2016-03-13 15:01:17 ----D---- C:\Windows\system32\CodeIntegrity
2016-03-13 15:01:17 ----D---- C:\Windows\PolicyDefinitions
2016-02-13 12:02:15 ----D---- C:\Program Files\Windows Journal

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-03-16 58776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-04-05 221240]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-12-05 722416]
R1 adgnetworkwfpdrv;adgnetworkwfpdrv; C:\Windows\system32\drivers\adgnetworkwfpdrv.sys [2015-06-02 48120]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-03-16 91232]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-04-05 816304]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-04-05 447848]
R2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-04-09 48256]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-03-16 32792]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-04-05 91168]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 9647104]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 442368]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-11-06 84992]
R3 NVENETFD;Драйвер сетевого контроллера NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-03-16 127432]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD - драйвер фильтра шины AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 an6jwrt4;an6jwrt4; C:\Windows\system32\drivers\an6jwrt4.sys []
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-04-29 26112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-12-07 23040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 15872]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 sisagp;SIS - фильтр шины AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 28160]
S3 uty1nti5;AVZ Kernel Driver; \??\C:\Windows\system32\Drivers\uty1nti5.sys [2016-04-12 7168]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA - фильтр шины AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WINUSB;Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2010-11-20 35968]
S3 XDva401;XDva401; \??\C:\Windows\system32\XDva401.sys []
S4 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]

======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [2015-08-05 821024]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 219136]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 291840]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2016-03-16 237096]
R2 HomePageDefender Service;HomePageDefender Service; C:\Program Files\HomePageDefender\HpDefSrv.exe [2016-03-14 291480]
R2 MobogenieService;MobogenieService; C:\Program Files\Mobogenie3\MobogenieService.exe [2015-05-28 127680]
R2 mrupdsrv;Mail.Ru Update Service; C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe [2016-03-28 2555096]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; %SystemRoot%\system32\svchost.exe -k WindowsMobile;"ServiceDll"=%windir%\WindowsMobile\rapimgr.dll
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
R2 Thorn;Служба политики провайдера безопасности аккаунта; C:\Users\Елена\AppData\Local\THORN\Thorn.exe [2015-10-01 56824]
R2 Updater.Mail.Ru;Updater.Mail.Ru; C:\Program Files\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [2015-11-17 5490408]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; %SystemRoot%\system32\svchost.exe -k WindowsMobile;"ServiceDll"=%windir%\WindowsMobile\wcescomm.dll
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Служба Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2015-07-29 2909472]
S3 2GISUpdateService;2GIS UpdateService; C:\Program Files\2gis\3.0\2GISUpdateService.exe [2016-02-29 3772648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 gupdatem;Служба Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-11-22 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-02-08 102912]
S3 ose;Office  Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 4846168]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-04 1343400]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
