Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-04-2016 01
Ran by Елена (2016-04-13 08:58:32)
Running from C:\Users\Елена\Downloads
Microsoft Windows 7 Максимальная  Service Pack 1 (X86) (2012-12-03 13:52:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Администратор (S-1-5-21-2696400509-195554733-1256058888-500 - Administrator - Disabled)
Гость (S-1-5-21-2696400509-195554733-1256058888-501 - Limited - Disabled) => C:\Users\Гость
Елена (S-1-5-21-2696400509-195554733-1256058888-1000 - Administrator - Enabled) => C:\Users\Елена

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1С:Предприятие 7.7 (сетевая версия) (HKLM\...\1С:Предприятие 7.7 (сетевая версия)) (Version:  - )
1С:Предприятие 8.0 (HKLM\...\InstallShield_{B7EA9849-C4B5-4720-9AF9-C475FF7F203A}) (Version: 8.0.3 - 1C)
1С:Предприятие 8.0 (Version: 8.0.3 - 1C) Hidden
2ГИС 3.16.3.0 (HKLM\...\{7A4DAA49-F574-4186-8085-BFC8CF0BAA2F}) (Version: 3.16.3.0 - ООО "ДубльГИС")
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.15) - Russian (HKLM\...\{AC76BA86-7AD7-1049-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{3825F8BD-F784-6FBB-A5CD-857559148007}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 11.1.2253 - AVAST Software)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.8.0.29626 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-2696400509-195554733-1256058888-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Black Desert (HKLM\...\{4BD65630-3A19-4fc2-8AD8-2CF729DB6608}.30000000000) (Version: 1.0 - Global Gamers Solutions Ltd. ©)
BluetoothPCDialer (HKLM\...\{4E526F25-8B1F-46AA-B50C-BBDA00EDFF66}) (Version: 3.10.0000 - BlueShareware.com)
Download Master version 6.0.2.1429 (HKLM\...\Download Master_is1) (Version: 6.0.2.1429 - WestByte)
Encoder Scan Tool 3.1.2 (HKLM\...\Encoder Scan Tool 3.1.2) (Version: 3.1.2 - VirusTotal)
Free VPN version 3.2 (HKLM\...\Free VPN_is1) (Version: 3.2 - VPNMaster, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HaoZip, версия 2.6.1.8350 (HKLM\...\HaoZip_is1) (Version: 2.6.1.8350 - HaoZip Software Studio)
Html5 geolocation provider (HKLM\...\{0DADC228-827E-40E2-AE6D-B9D62DA7CC32}) (Version: 3.6.3.901 - AlterGeo)
ICQ 8.0 (сборка 5880, для текущего пользователя) (HKU\S-1-5-21-2696400509-195554733-1256058888-1000\...\ICQ) (Version: 8.0.5880.0 - Mail.Ru)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Mail.Ru Агент 6.3 (сборка 8065) (HKU\S-1-5-21-2696400509-195554733-1256058888-1000\...\MRA) (Version: 6.3.8065.0 - Mail.Ru) <==== ATTENTION
Microsoft .NET Compact Framework 3.5 (HKLM\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office профессиональный плюс 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Navitel Navigator (HKLM\...\Navitel Navigator) (Version:  - )
Navitel Navigator update center (HKLM\...\NavitelNavigatorUpdateCenter) (Version: 1.1.0.1 - JSC "Center of Navigation Technologies")
ooVoo (HKLM\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.8022 - ooVoo LLC.)
Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 36.0.2130.46 (HKLM\...\Opera 36.0.2130.46) (Version: 36.0.2130.46 - Opera Software)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SpeedCamEdit (HKLM\...\{F0C9FD11-A616-4A67-8DF8-1081F216FB39}) (Version: 1.0.0 - CNT)
SSmaker, сборка 5763 (HKLM\...\{98215FF1-2A94-4F4D-9260-E5FD06B4ACC4}_is1) (Version: 5763 - SSmaker.Ru)
Super Hanjie (HKLM\...\Super Hanjie) (Version: 1.00 - White Park Bay Ltd)
Super Hitori (HKLM\...\Super Hitori) (Version: 1.00 - White Park Bay Ltd)
Super Kakuro (HKLM\...\Super Kakuro) (Version: 1.00 - White Park Bay Ltd)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.17396 - TeamViewer)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
Unity Web Player (HKU\S-1-5-21-2696400509-195554733-1256058888-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Update for Html5 geolocation provider (HKLM\...\{D492942E-9368-48D9-BB8B-68E8E4CE2D43}) (Version: 3.7.6.911 - AlterGeo)
Viber (HKU\S-1-5-21-2696400509-195554733-1256058888-1000\...\Viber) (Version: 5.2.0.2529 - Viber Media Inc)
WinRAR 5.31 (32-разрядная) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Player(Build 1.6.0) (HKLM\...\Wondershare Player_is1) (Version: 1.6.0.3 - Wondershare)
Wondershare Video Converter Ultimate(Build 6.6.0.5) (HKLM\...\Wondershare Video Converter Ultimate_is1) (Version: 6.6.0.5 - Wondershare Software)
Данные 2ГИС г.Краснодар 01.04.2016 (HKLM\...\{6F475384-0579-4C50-9FA0-07814A91DC0C}) (Version: 75.0.0 - ООО "ДубльГИС")
Данные 2ГИС г.Чебоксары 01.04.2016 (HKLM\...\{F62F40BD-B482-4A45-A9B9-551B8197BC22}) (Version: 54.0.0 - ООО "ДубльГИС")
Засоби перевірки правопису Microsoft Office 2013 – Українська версія (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Карточная игра в дурака (HKLM\...\Карточная игра в дурака) (Version:  - Карточная игра в дурака)
Карточная игра в дурака (Version: 6.2 - Durbetsel) Hidden
Карточная игра Лабиринт (HKLM\...\Карточная игра Лабиринт) (Version:  - )
Модуль "Фотографии на карте города" для 2ГИС (HKLM\...\{E468C6E0-E3BB-4ABF-BD59-CBA2AB94AA86}) (Version: 1.0.4.0 - ООО "ДубльГИС")
Модуль GPS для ДубльГИС (HKLM\...\{96EC845D-3D94-41C6-9DB2-A355A43DEE51}) (Version: 1.12.0 - ООО "ДубльГИС")
Пакет драйверов Windows - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Средства проверки правописания Microsoft Office 2013 — русский (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Центр устройств Windows Mobile (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Элементы Яндекса 7.2 для Internet Explorer (HKLM\...\{EE24665C-844A-4489-9F11-70E41F4EE476}) (Version: 7.2.5.3111 - Яндекс)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{02D7EFA7-DC60-41E8-94F5-56FD33781A42}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{042B24AB-B348-46EE-84F4-E3A9463BFE73}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{0621CF6B-B4C3-46B3-9EB1-CFE78D8FE0E7}\InprocServer32 -> C:\Windows\system32\vbalExpBar6.ocx (vbAccelerator)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{0E7BDA63-C05D-4530-A9AA-EF3334712BD5}\InprocServer32 -> C:\Windows\system32\nslock17vb6.ocx (ActiveLock)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{1242721E-A065-48F1-B71A-A93E3ECBD974}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{129CC54F-6D94-4C6F-9B07-F4A020AAD7F5}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{19195D84-DF87-4127-9AA0-2A77AC0D16EB}\InprocServer32 -> C:\Windows\system32\nslock17vb6.ocx (ActiveLock)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{25050695-5A53-4692-B49B-8FA4E14627A5}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{265173B2-A094-4310-B064-3E1F5100AA4D}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{31635A33-3613-4471-821B-5C2E8081BA05}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{33D590C7-D501-41BB-86BB-CC38D2054FD7}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{3803C71E-C778-49C4-BF6E-F3B1F39C3E93}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{396F7AC9-A0DD-11D3-93EC-00C0DFE7442A}\InprocServer32 -> C:\Windows\system32\vbalIml6.ocx (vbAccelerator)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{396F7AD1-A0DD-11D3-93EC-00C0DFE7442A}\InprocServer32 -> C:\Windows\system32\vbalIml6.ocx (vbAccelerator)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{396F7AD5-A0DD-11D3-93EC-00C0DFE7442A}\InprocServer32 -> C:\Windows\system32\vbalIml6.ocx (vbAccelerator)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{3B571F1A-B4D3-4E58-B12A-154D8B6E1FC4}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Елена\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{4671DB2A-087D-4EB2-96DF-64AF0177FE1B}\localserver32 -> C:\Users\Елена\AppData\Local\Yandex\Updater\yupdate-ctrl.exe (Yandex LLC)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{5CFF5D59-5946-11D0-BDEF-00A024D1875C}\InprocServer32 -> C:\Windows\system32\stdvcl40.dll (Borland Software Corporation)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{5CFF5D5A-5946-11D0-BDEF-00A024D1875C}\InprocServer32 -> C:\Windows\system32\stdvcl40.dll (Borland Software Corporation)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{5CFF5D5B-5946-11D0-BDEF-00A024D1875C}\InprocServer32 -> C:\Windows\system32\stdvcl40.dll (Borland Software Corporation)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{6AD28F7F-B90C-41AF-89CF-9891E6B3E24F}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 -> C:\Windows\system32\SSubTmr6.dll (vbAccelerator)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 -> C:\Windows\system32\SSubTmr6.dll (vbAccelerator)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{73320BD7-4969-4A74-90C5-83ABEB1B3AC9}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{7548287E-6F6E-4BF8-9DB0-14EBA96BCCD2}\InprocServer32 -> C:\Windows\system32\nslock17vb6.ocx (ActiveLock)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{7B177B08-FC29-4707-9061-DE094AA9C964}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{8AC0CD33-0DC0-425D-8BCC-65556A74F904}\InprocServer32 -> C:\Windows\system32\nslock17vb6.ocx (ActiveLock)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{8DB910C1-F004-4946-94D9-8ED1ADA7FEB4}\InprocServer32 -> C:\Windows\system32\nslock17vb6.ocx (ActiveLock)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{8E898C2B-A971-405D-9BAA-32B40DDA485B}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{949CDFC6-2A52-4C27-A0A2-F87EF62D5536}\localserver32 -> C:\Users\Елена\AppData\Local\Yandex\Updater\praetorian.exe (Yandex LLC)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\Елена\AppData\Local\Yandex\YandexBrowser\Application\25.0.1364.22194\delegate_execute.exe" (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{A4F699F4-0CD2-47DD-8218-90007849DBD1}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{A9FDA1D3-28FC-48FD-9B3C-8985C31300D5}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{B0119D36-F9B5-4F22-BE28-5031DF02A8BB}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{B1856830-C0BD-4406-8F56-340D81656611}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{B7BA9598-1527-4AB8-9B5B-22BDD270E362}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C455F4F3-9C10-43EE-A6C8-4200C875A3E9}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C730DB09-A290-46AA-86DF-31C66E0FB902}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C7D21AB8-FFBA-45CD-8233-F4D203F75E03}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{C915F573-4C11-4968-9080-29E611FDBE9F}\InprocServer32 -> C:\Windows\eSellerateControl365.dll (eSellerate Inc.)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{D2E7ADE9-4B26-4741-8606-8D36E57E2AE7}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{E64AF4DD-C3F2-431B-9F8B-A4080ECA9020}\InprocServer32 -> C:\Windows\system32\nslock17vb6.ocx (ActiveLock)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{E6C9C319-46F2-451f-BBCA-B8E836FF0105}\InprocServer32 -> C:\Program Files\1Cv77\ZPL2\1Cv7(Камин)13-11-2012\ExtForms\KMNGuard.mod (KAMIN)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{EC242A06-CC98-4F27-96F5-0855EFDBEA76}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{F12F1E26-0386-48AA-97D7-58C4D758B35F}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{F42D677E-754B-11D0-BDFB-00A024D1875C}\InprocServer32 -> C:\Windows\system32\stdvcl40.dll (Borland Software Corporation)
CustomCLSID: HKU\S-1-5-21-2696400509-195554733-1256058888-1000_Classes\CLSID\{F8BF9F8D-FED2-4F34-97D8-37A601528FD4}\InprocServer32 -> C:\Windows\system32\wcl.dll (Soft Service Company)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01018F32-F2FB-4487-AED4-DB9BD41B234A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {104492D7-C25C-4756-966A-33E52882F2E3} - System32\Tasks\{2F741EBB-F070-4E20-BF92-20A56AD00CDA} => C:\Program Files\games\shiver_3_moonlit_grove_se\Shiver_MoonlitGrove.exe
Task: {11C8CC40-BE81-4251-85DD-5C99C36D13D1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {157F0700-1046-497D-9AA7-1068F48A81E0} - System32\Tasks\{73518ACE-7694-4E32-B453-F59795AC6762} => pcalua.exe -a "C:\Разное с флэшки\Новая папка 5\База 1-С\!crk!\sable004.exe" -d "C:\Разное с флэшки\Новая папка 5\База 1-С\!crk!"
Task: {24ECD363-7289-4F04-8F97-4CF0E69B690E} - System32\Tasks\{10084F85-C5A0-4CE2-94C1-C914194BD8DC} => G:\Новая папка (2)\Новая папка\Расчёт стажей\Stages.exe
Task: {2BC35B55-53D9-4491-A52D-56D13EC01C87} - System32\Tasks\MailRuUpdateTask => C:\Users\Елена\AppData\Local\Mail.Ru\MailRuUpdater.exe
Task: {35BE2E7D-CBA7-40BB-8C2A-C5AEE3A786BA} - System32\Tasks\{5BD10707-B897-4A8C-8D74-9FEEE2A002C4} => C:\Program Files\Расчёт стажей\uninst.exe
Task: {3D709F4A-0FFE-4433-88D3-E775F135B7AD} - System32\Tasks\Uninstaller_SkipUac_Елена => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {41EFD2BD-F317-415F-8E5B-6DE6818D1ED3} - System32\Tasks\{7C14A6B7-3DAA-49A4-98D3-858B5FFF0251} => pcalua.exe -a "C:\Program Files\Nokia\Nokia PC Suite 6\ApplicationInstaller.exe" -d C:\Users\Елена\Desktop -c "C:\Users\Елена\Desktop\WhatsApp_2_8_29.sis"
Task: {4ABF4795-0BEA-4524-8CBC-8FDFE8965ED4} - System32\Tasks\avastBCLRestartS-1-5-21-2696400509-195554733-1256058888-1000 => Chrome.exe 
Task: {4C82E2EA-8923-4E3A-9BEA-C4ED1DE58338} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-04] ()
Task: {50CC2509-EAF1-4AD6-AD8C-E63F6A045E6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {599EB272-F4BB-4739-B8AD-1ADBF25C8042} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {5CA6BDF0-BA4D-4AE5-B902-728BFD2D13EB} - System32\Tasks\{6E13FF21-A58E-4487-B5A5-5435C2C750DA} => C:\Program Files\Расчёт стажей\uninst.exe
Task: {5EDCB9FC-EAEA-485B-806A-B63A133A8E46} - System32\Tasks\{660C77B3-0CDB-4364-91D5-8FF44F5FFCB8} => C:\Program Files\games\shiver_3_moonlit_grove_se\Shiver_MoonlitGrove.exe
Task: {608CE304-FCE0-403A-A4E6-CFF1564F1978} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2016-03-16] (AVAST Software)
Task: {7C45CE65-7B5D-4B75-91F1-E7EB43EC9C89} - System32\Tasks\{D778E6A1-562F-4F6D-8287-03A2C58AC22B} => C:\Program Files\games\shiver_3_moonlit_grove_se\Shiver_MoonlitGrove.exe
Task: {8E2A45C9-C020-4808-9DC5-DEE0536C6480} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {9EE80E26-BB93-4584-83D1-92DE787F8DEC} - System32\Tasks\{997F1182-F2A7-4F30-8B2E-E9EAF9721FA3} => G:\Новая папка (2)\Новая папка\Расчёт стажей\Stages.exe
Task: {A9B79086-F44C-4BBC-8A0F-75C36F32E53A} - System32\Tasks\{FA97EAB9-8A44-4D73-B3FE-8FE01D14C455} => C:\Program Files\games\shiver_3_moonlit_grove_se\Shiver_MoonlitGrove.exe
Task: {AA6C04CE-C2BF-4655-AD72-42D7856C341F} - System32\Tasks\MailRuUpdater => C:\Users\Елена\AppData\Local\Mail.Ru\MailRuUpdater.exe
Task: {B2F154CC-A5A8-40BD-9657-FEE6107E8D92} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {B710CF1F-4C66-4516-9EE9-A016D5E50C98} - System32\Tasks\GameNet => C:\Program Files\QGNA\qgna.exe
Task: {C128C2DC-4983-428C-93A4-A7CD3AF790E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C2BDDF2C-1D99-470E-965D-9F9E639C4F7D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Елена-ПК-Елена Елена-ПК => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-11-08] (Microsoft Corporation)
Task: {C934252C-D619-4999-9A96-BAE9F042A3A3} - System32\Tasks\ASC8_SkipUac_Елена => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {CB0ED53A-6CBE-48D3-B127-0ACC53103826} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-20] (Корпорация Майкрософт (Microsoft Corp.))
Task: {DFE5E919-6798-4A70-B2AC-7EA9861423A9} - System32\Tasks\Opera scheduled Autoupdate 1435989557 => C:\Program Files\Opera\launcher.exe [2016-03-24] (Opera Software)
Task: {EE256451-1CB0-4641-BF2C-3BEBF0D2C05D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FB4FC081-58B6-473D-AF0C-FE0EF369F5DD} - System32\Tasks\{65ABA041-B833-4042-9EB8-CFB511A558DA} => pcalua.exe -a F:\RD_Lord_of_Statues_CE_Rus_Setup.exe -d F:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Елена\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mail.ru

==================== Loaded Modules (Whitelisted) ==============

2016-03-16 16:48 - 2016-03-16 16:48 - 00113496 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2016-03-16 16:48 - 2016-03-16 16:48 - 00133768 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2016-04-12 20:58 - 2016-04-12 20:58 - 02887168 _____ () C:\Program Files\Alwil Software\Avast5\defs\16041201\algo.dll
2016-03-16 16:48 - 2016-03-16 16:48 - 00480760 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
2013-11-03 19:20 - 2013-08-07 13:31 - 00214528 _____ () C:\Windows\System32\WSCM32.dll
2012-12-05 19:59 - 2012-12-05 19:59 - 00138136 _____ () C:\Users\Елена\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll
2013-04-09 17:47 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2015-12-08 10:57 - 2015-04-24 16:40 - 00043520 _____ () C:\Users\Елена\AppData\Local\THORN\QtSolutions_Service-head.dll
2015-12-08 10:57 - 2014-08-28 10:36 - 00732160 _____ () C:\Users\Елена\AppData\Local\THORN\libGLESv2.dll
2015-12-08 10:57 - 2014-08-28 10:41 - 00856576 _____ () C:\Users\Елена\AppData\Local\THORN\platforms\qwindows.dll
2015-12-08 10:57 - 2014-08-28 10:36 - 00047104 _____ () C:\Users\Елена\AppData\Local\THORN\libEGL.dll
2013-11-03 19:21 - 2013-07-24 08:24 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2012-12-19 14:31 - 2012-12-19 14:31 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-12-27 11:11 - 2015-12-27 11:11 - 40539648 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2016-03-24 16:15 - 2016-03-03 17:41 - 59171920 _____ () C:\Users\Елена\AppData\Local\Viber\Viber.exe
2016-03-24 16:15 - 2016-03-03 17:39 - 00095312 _____ () C:\Users\Елена\AppData\Local\Viber\qfacebook.dll
2016-03-24 16:15 - 2016-03-03 17:39 - 00042064 _____ () C:\Users\Елена\AppData\Local\Viber\qrencode.dll
2016-03-24 16:15 - 2016-03-03 17:40 - 00398416 _____ () C:\Users\Елена\AppData\Local\Viber\imageformats\qsvg.dll
2016-03-24 16:15 - 2016-03-03 17:40 - 00695888 _____ () C:\Users\Елена\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-04-12 14:21 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2016-04-12 14:22 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2016-04-12 14:22 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2016-04-12 14:22 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-03-31 13:00 - 2016-03-31 12:59 - 63828520 _____ () C:\Program Files\Opera\36.0.2130.46\opera.dll
2016-03-31 13:00 - 2016-03-31 12:58 - 02134568 _____ () C:\Program Files\Opera\36.0.2130.46\libglesv2.dll
2016-03-31 13:00 - 2016-03-31 12:58 - 00082472 _____ () C:\Program Files\Opera\36.0.2130.46\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4D348522 [143]
AlternateDataStreams: C:\ProgramData\TEMP:596E986D [120]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:4D348522 [143]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:596E986D [120]
AlternateDataStreams: C:\Users\Елена\Local Settings:wa [146]
AlternateDataStreams: C:\Users\Елена\AppData\Local:wa [146]
AlternateDataStreams: C:\Users\Елена\AppData\Local\Application Data:wa [146]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2696400509-195554733-1256058888-1000\...\com -> hxxp://*.Wondershare.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2696400509-195554733-1256058888-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Елена\AppData\Roaming\E5B25203E5B25203.bmp
DNS Servers: 85.234.0.53 - 85.234.2.53
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EA2D7EB5-2020-4ED4-9FC9-23152DDD7898}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [{BC025DFF-CB68-419A-A58D-5792639403AF}] => (Allow) C:\Program Files\Opera\opera.exe
FirewallRules: [TCP Query User{611EA837-1AF3-4744-9C8B-7B75E92FA1A2}C:\users\елена\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\елена\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [UDP Query User{B03DED1C-47EA-4608-A1B8-8789CE57A8C8}C:\users\елена\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe] => (Allow) C:\users\елена\appdata\local\mail.ru\gamecenter\gamecenter@mail.ru.exe
FirewallRules: [TCP Query User{37A0D0EE-D834-495F-87E6-D8E9CDB5671A}C:\users\елена\appdata\roaming\thinstall\{e9f81423-211e-46b6-9ae0-38568bc5cf6f}\skel\27b3fd671cb277ea9c2f48308c7d4839f58bcc5b.console.exe] => (Allow) C:\users\елена\appdata\roaming\thinstall\{e9f81423-211e-46b6-9ae0-38568bc5cf6f}\skel\27b3fd671cb277ea9c2f48308c7d4839f58bcc5b.console.exe
FirewallRules: [UDP Query User{7B07AF0B-0231-4DC9-9CB7-95BA1AD67EDF}C:\users\елена\appdata\roaming\thinstall\{e9f81423-211e-46b6-9ae0-38568bc5cf6f}\skel\27b3fd671cb277ea9c2f48308c7d4839f58bcc5b.console.exe] => (Allow) C:\users\елена\appdata\roaming\thinstall\{e9f81423-211e-46b6-9ae0-38568bc5cf6f}\skel\27b3fd671cb277ea9c2f48308c7d4839f58bcc5b.console.exe
FirewallRules: [{18AA1546-7113-4F30-A694-8931FF5C0F96}] => (Allow) C:\Users\Елена\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{CF4B6C2D-F560-4347-91F2-3224DE1694D2}] => (Allow) C:\Users\Елена\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{EF7255C4-4354-44F3-803C-C02545D5E0A8}] => (Allow) C:\Program Files\Ticno\Tabs\Ticno Tabs.exe
FirewallRules: [{BC066171-0E54-4B36-8A36-ADA4DAA8FAC4}] => (Allow) C:\Program Files\Ticno\Tabs\Ticno Tabs.exe
FirewallRules: [{EFE79B1F-C9A9-46AF-9A0F-8B354379AA67}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3FB358EC-221C-499C-9349-63FED95A81C6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A9A2AB03-A51E-4E5D-9CBE-C77A37615261}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{94BF94A9-C531-4DB5-83C3-3AEEE9BD48E3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{16D796B7-8FD1-4E1F-9C6E-248221E6E0DE}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{7F3C0EE3-2134-4D51-820A-CC0E7EBF65F9}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{D8E55019-C7E6-4780-AA10-73C96351D387}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{D0CED175-2047-4134-BF7C-D98CAA0C113D}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{B5EF97FB-DE27-4EA6-8FBF-E1F7445D436C}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{466F7A8A-80A2-41AC-8D0C-8939D8AC2FC2}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{74280D6A-0F81-4F68-868A-D0DACC716C2B}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{320E7DA6-68DF-429C-B60C-1F0D60DCD3EE}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{1C28EF7F-62A3-4C51-B1F2-132351458C23}C:\program files\wondershare\video converter ultimate\urlreqservice.exe] => (Block) C:\program files\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [UDP Query User{A7C93982-DE37-41A9-B962-1B9982B800EE}C:\program files\wondershare\video converter ultimate\urlreqservice.exe] => (Block) C:\program files\wondershare\video converter ultimate\urlreqservice.exe
FirewallRules: [{8DF54932-0B80-4DA6-A290-9E9F55F6C632}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9FA052F2-BDFD-41FA-9307-78F4A0BF3335}] => (Allow) C:\Users\Елена\AppData\Roaming\Mail.Ru\Agent\magent.exe
FirewallRules: [{D9110C1E-9714-4AEE-8C30-EE88478FC99B}] => (Allow) C:\Users\Елена\AppData\Roaming\Mail.Ru\Agent\magent.exe
FirewallRules: [TCP Query User{7AAF079A-1507-4052-9572-9201031E3837}C:\users\елена\appdata\local\temp\uttec72.tmp.exe] => (Allow) C:\users\елена\appdata\local\temp\uttec72.tmp.exe
FirewallRules: [UDP Query User{D10A80CD-1015-44A8-A8B8-0963F2DC64C9}C:\users\елена\appdata\local\temp\uttec72.tmp.exe] => (Allow) C:\users\елена\appdata\local\temp\uttec72.tmp.exe
FirewallRules: [TCP Query User{BEEC2730-F019-4B98-9F40-70ABDEAF3017}C:\users\елена\appdata\local\temp\utt2790.tmp.exe] => (Allow) C:\users\елена\appdata\local\temp\utt2790.tmp.exe
FirewallRules: [UDP Query User{CFE59AA7-46C8-4710-A54B-841AF3E25250}C:\users\елена\appdata\local\temp\utt2790.tmp.exe] => (Allow) C:\users\елена\appdata\local\temp\utt2790.tmp.exe
FirewallRules: [{CE15C279-AB2F-4963-9D85-665676C5F653}] => (Allow) C:\Users\Елена\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{905E79D8-26EF-4682-8F35-9B1666AE14FA}] => (Allow) C:\Users\Елена\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{845448F0-5165-4201-9CE4-B50AECBE803D}] => (Allow) C:\Users\Елена\Downloads\gamenet.exe
FirewallRules: [{91D350FE-93B7-488B-A330-4B7D28C9E45D}] => (Allow) C:\Users\Елена\Downloads\gamenet.exe
FirewallRules: [{E832C3B5-63EE-49EA-AE3E-A569A94A8600}] => (Allow) C:\Users\Елена\AppData\Local\Temp\is-I1VAU.tmp\setup8061.tmp
FirewallRules: [{4B17D6C9-159A-40D5-A1E7-D12AE224F816}] => (Allow) C:\Users\Елена\AppData\Local\Temp\is-I1VAU.tmp\setup8061.tmp
FirewallRules: [{7D56F5CA-1979-44A7-8BD6-471057A287A9}] => (Allow) C:\Users\Елена\AppData\Local\Temp\is-T7QIO.tmp\setup32601.tmp
FirewallRules: [{48A56D43-2282-403A-9082-9F774852D64A}] => (Allow) C:\Users\Елена\AppData\Local\Temp\is-T7QIO.tmp\setup32601.tmp
FirewallRules: [{2B2AA356-3F4B-463E-AA58-3EBEB3FB3F6B}] => (Allow) C:\Users\Елена\AppData\Local\THORN\Thorn.exe
FirewallRules: [{6708DCBA-8886-4BF6-9BE0-7655C2048C5C}] => (Allow) C:\Users\Елена\AppData\Local\THORN\Thorn.exe
FirewallRules: [TCP Query User{A13F93F9-3F01-4465-BA08-DB1F38383A82}C:\program files\qgna\qgna.exe] => (Block) C:\program files\qgna\qgna.exe
FirewallRules: [UDP Query User{B1B4D960-FF5B-45E2-A92D-7522AACCC7FD}C:\program files\qgna\qgna.exe] => (Block) C:\program files\qgna\qgna.exe
FirewallRules: [{CCADA188-B431-477F-8498-7DA3116796E8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{1CE1B4D7-9416-49B8-B1B6-F2980A9772CA}] => (Allow) C:\Program Files\Mobogenie3\mobogenieP2sp.exe
FirewallRules: [{2F5C9A21-287C-4884-BA2D-B79464EE8E4D}] => (Allow) C:\Program Files\Mobogenie3\mobogenieP2sp.exe

==================== Restore Points =========================

12-04-2016 10:47:19 01.04.2016 г.
12-04-2016 10:48:40 Операция восстановления
12-04-2016 14:42:57 Configured Microsoft Office профессиональный плюс 2013
12-04-2016 14:43:26 PROPLUS

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2016 08:02:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Программа SSmaker.exe версии 2.0.0.0 прекратила взаимодействие с Windows и была закрыта. Чтобы узнать, имеются ли дополнительные сведения о проблеме, проверьте историю проблемы в Центре поддержки в панели управления.

ИД процесса: ebc

Время запуска: 01d195416acf3b90

Время завершения: 0

Путь приложения: C:\Program Files\SSmaker\SSmaker.exe

ИД отчета: dbe117e1-0134-11e6-a864-003067a42c35

Error: (04/13/2016 08:00:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: praetorian.exe, версия: 0.4.0.146, отметка времени: 0x50a0b3a9
Имя сбойного модуля: praetorian.exe, версия: 0.4.0.146, отметка времени 0x50a0b3a9
Код исключения: 0xc0000417
Смещение ошибки: 0x001123f5
Идентификатор сбойного процесса: 0xda0
Время запуска сбойного приложения: 0xpraetorian.exe0
Путь сбойного приложения: praetorian.exe1
Путь сбойного модуля: praetorian.exe2
Код отчета: praetorian.exe3

Error: (04/13/2016 07:34:50 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (04/13/2016 07:25:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: praetorian.exe, версия: 0.4.0.146, отметка времени: 0x50a0b3a9
Имя сбойного модуля: praetorian.exe, версия: 0.4.0.146, отметка времени 0x50a0b3a9
Код исключения: 0xc0000417
Смещение ошибки: 0x001123f5
Идентификатор сбойного процесса: 0xfd4
Время запуска сбойного приложения: 0xpraetorian.exe0
Путь сбойного приложения: praetorian.exe1
Путь сбойного модуля: praetorian.exe2
Код отчета: praetorian.exe3

Error: (04/12/2016 10:09:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: praetorian.exe, версия: 0.4.0.146, отметка времени: 0x50a0b3a9
Имя сбойного модуля: praetorian.exe, версия: 0.4.0.146, отметка времени 0x50a0b3a9
Код исключения: 0xc0000417
Смещение ошибки: 0x001123f5
Идентификатор сбойного процесса: 0xf20
Время запуска сбойного приложения: 0xpraetorian.exe0
Путь сбойного приложения: praetorian.exe1
Путь сбойного модуля: praetorian.exe2
Код отчета: praetorian.exe3

Error: (04/12/2016 10:07:23 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Неверный дескриптор

Error: (04/12/2016 10:07:23 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Неверный дескриптор

Error: (04/12/2016 09:27:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: ClearLNK.exe, версия: 2.9.0.6, отметка времени: 0x570782a4
Имя сбойного модуля: KERNELBASE.dll, версия: 6.1.7601.19135, отметка времени 0x56a1c680
Код исключения: 0xc000008f
Смещение ошибки: 0x000080d7
Идентификатор сбойного процесса: 0x150c
Время запуска сбойного приложения: 0xClearLNK.exe0
Путь сбойного приложения: ClearLNK.exe1
Путь сбойного модуля: ClearLNK.exe2
Код отчета: ClearLNK.exe3

Error: (04/12/2016 08:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Имя сбойного приложения: praetorian.exe, версия: 0.4.0.146, отметка времени: 0x50a0b3a9
Имя сбойного модуля: praetorian.exe, версия: 0.4.0.146, отметка времени 0x50a0b3a9
Код исключения: 0xc0000417
Смещение ошибки: 0x001123f5
Идентификатор сбойного процесса: 0x123c
Время запуска сбойного приложения: 0xpraetorian.exe0
Путь сбойного приложения: praetorian.exe1
Путь сбойного модуля: praetorian.exe2
Код отчета: praetorian.exe3

Error: (04/12/2016 08:52:53 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Неверный дескриптор


System errors:
=============
Error: (04/13/2016 07:46:45 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Диспетчер управления службами пытался выполнить исправляющее действие (Перезапуск службы) после непредвиденного завершения службы Windows Search, но при этом произошла следующая ошибка: 
%%1056

Error: (04/13/2016 07:46:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба Служба общих сетевых ресурсов проигрывателя Windows Media была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 30000 мсек: Перезапуск службы.

Error: (04/13/2016 07:46:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба Windows Search была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 30000 мсек: Перезапуск службы.

Error: (04/13/2016 07:46:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба Updater.Mail.Ru была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 0 мсек: Перезапуск службы.

Error: (04/13/2016 07:46:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба Служба политики провайдера безопасности аккаунта была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 0 мсек: Перезапуск службы.

Error: (04/13/2016 07:46:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "StarWind AE Service" неожиданно прервана. Это произошло (раз): 1.

Error: (04/13/2016 07:46:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба Internet Pass-Through Service была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 1000 мсек: Перезапуск службы.

Error: (04/13/2016 07:46:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба Mail.Ru Update Service была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 0 мсек: Перезапуск службы.

Error: (04/13/2016 07:46:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Служба MobogenieService была неожиданно завершена. Это произошло 1 раз(а). Следующее корректирующее действие будет предпринято через 1000 мсек: Перезапуск службы.

Error: (04/13/2016 07:46:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Служба "AMD FUEL Service" неожиданно прервана. Это произошло (раз): 1.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X2 220 Processor
Percentage of memory in use: 74%
Total physical RAM: 2047.37 MB
Available physical RAM: 528.66 MB
Total Virtual: 4094.73 MB
Available Virtual: 2142.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.61 GB) (Free:142.88 GB) NTFS
Drive e: (Зарезервировано системой) (Fixed) (Total:0.28 GB) (Free:0.22 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 8426D0E9)
Partition 1: (Active) - (Size=283 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================