﻿Лог утилиты random's system information tool 1.12(автор: random/random)
Run by Центр at 2016-03-01 10:50:37
Microsoft Windows XP Professional Service Pack 3
Системный раздел C: размер 71 GB (89%) Свободно 80 GB
Total RAM: 959 MB (12% free)
X86

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:50:42, on 01.03.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\Wbem\wmiprvse.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01pi.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
c:\windows\system32\spool\drivers\w32x86\3\usp01sm.exe
C:\Documents and Settings\Центр\Рабочий стол\AutoLogger.exe
C:\Documents and Settings\Центр\Рабочий стол\AutoLogger\AVZ\avz.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\35.0.2066.82\opera.exe
C:\Program Files\Opera\35.0.2066.82\opera_crashreporter.exe
C:\Program Files\Opera\35.0.2066.82\opera.exe
C:\Program Files\Opera\35.0.2066.82\opera.exe
C:\Program Files\Opera\35.0.2066.82\opera.exe
C:\Program Files\Opera\35.0.2066.82\opera.exe
C:\Program Files\Opera\35.0.2066.82\opera.exe
C:\Program Files\Opera\35.0.2066.82\opera.exe
C:\Documents and Settings\Центр\Рабочий стол\AutoLogger\RSIT\RSIT.exe
C:\Documents and Settings\Центр\Рабочий стол\AutoLogger\RSIT\Центр_RSIT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO                                                                                                                                                                                                                           
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1614895754-261478967-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 7313 bytes

======Папка назначеных зданий======

C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe 
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1455960165.job - C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)

=========Google Chrome=========

C:\Documents and Settings\Центр\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 0 Google Презентации 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Интернет-магазин Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 0 Документы Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Диск Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0  
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus 1.10.1
Extension cngkcldnnppckgbmndaccoffaikjbemc 1 Puk-Puk 3
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Google Search 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension eofcbnmajmjmplflapaojjnihcjkigck 0 Avast SafePrice 11.1.0.221
Extension felcaaldnbdncclmgdcncolpebgiejap 0 Google Таблицы 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Google Документы офлайн 1.1
Extension gomekmidlodglbbmalcneegieacbdmki 1 Avast Online Security 11.1.0.221
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.31
Extension lccekmodgklaepjeofjdjpbminllajkg   
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mfffpogegjflfpflabcdkioaeobkgjik 1 GaiaAuthExtension 0.0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension nbpagnldghgfoolbancepceaanlmhfmd 1 Hotword triggering 0.0.1.4
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.1.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Платежная система Интернет-магазина Chrome 0.1.2.0
Extension pjkljhegncpnkpknbcohdijeoejaedia   
Homepage: 
default_search_provider.search_url: 
C:\Documents and Settings\Центр\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Plugin  Chrome PDF Viewer chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/
Plugin 17.0.0.188 Shockwave Flash C:\Program Files\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll
Plugin  Chrome Remote Desktop Viewer internal-remoting-viewer
Plugin  Native Client C:\Program Files\Google\Chrome\Application\48.0.2564.116\internal-nacl-plugin
Plugin  Chrome PDF Viewer internal-pdf-viewer
Homepage: 
default_search_provider.search_url: 

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx


======Снимок реестра======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-02-16 7139768]
"RTHDCPL"=RTHDCPL.EXE []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2013-03-22 15517984]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2013-03-23 1982312]
"USB Antivirus"=C:\Program Files\USB Disk Security\USBGuard.exe [2013-06-21 687336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"CCleaner"=C:\Program Files\CCleaner\CCleaner.exe [2013-12-17 4370712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2015-03-25 31676000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallTheme"=%WinDir%\Resources\Themes\Winstyle Neon.Theme
"InstallVisualStyle"=%WinDir%\Resources\Themes\Winstyle Neon\Winstyle Neon.msstyles
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe"="C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2"
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe"="C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe:*:Enabled:Samsung Universal Print Driver 2"
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe"="C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe:*:Enabled:PotPlayer"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccleaner.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
"StubPath"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"StubPath"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======Список файлов и папок, созданных за последние 3 месяца======

2016-03-01 10:48:32 ----A---- C:\WINDOWS\system32\drivers\utiyodg2.sys
2016-02-25 16:21:44 ----D---- C:\irbiswrk
2016-02-22 09:15:59 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-20 11:22:55 ----D---- C:\Documents and Settings\Центр\Application Data\Opera Software
2016-02-17 14:56:28 ----D---- C:\Documents and Settings\Центр\Application Data\Foxit Software
2016-02-17 14:56:13 ----D---- C:\Program Files\Foxit Software
2016-02-17 14:51:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2016-02-16 10:35:41 ----A---- C:\WINDOWS\system32\ptpusb.dll
2016-02-16 10:35:40 ----A---- C:\WINDOWS\system32\ptpusd.dll
2016-02-16 10:35:40 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2016-02-13 15:13:44 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2016-02-13 15:13:17 ----D---- C:\Documents and Settings\Центр\Application Data\AVG
2016-02-13 15:12:51 ----D---- C:\Program Files\AVG
2016-02-13 15:10:51 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2016-02-13 15:10:50 ----D---- C:\Documents and Settings\All Users\Application Data\AVG
2016-02-13 15:08:59 ----D---- C:\Documents and Settings\Центр\Application Data\WinRAR
2016-02-13 13:26:15 ----D---- C:\Documents and Settings\All Users\Application Data\Logs
2016-02-13 10:04:52 ----A---- C:\WINDOWS\UC.PIF
2016-02-13 10:04:52 ----A---- C:\WINDOWS\RAR.PIF
2016-02-13 10:04:51 ----D---- C:\totalcmd
2016-02-13 10:04:51 ----D---- C:\Documents and Settings\Центр\Application Data\GHISLER
2016-02-13 10:04:51 ----A---- C:\WINDOWS\PKZIP.PIF
2016-02-13 10:04:51 ----A---- C:\WINDOWS\PKUNZIP.PIF
2016-02-13 10:04:51 ----A---- C:\WINDOWS\LHA.PIF
2016-02-13 10:04:51 ----A---- C:\WINDOWS\ARJ.PIF
2016-02-13 10:04:06 ----D---- C:\Documents and Settings\Центр\Application Data\Macromedia
2016-02-13 09:51:32 ----D---- C:\Documents and Settings\Центр\Application Data\Skype
2016-02-13 09:51:25 ----D---- C:\Program Files\Common Files\Skype
2016-02-13 09:51:24 ----RD---- C:\Program Files\Skype
2016-02-13 09:51:12 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2016-02-13 09:47:34 ----D---- C:\Program Files\WinRAR
2016-02-13 09:44:01 ----D---- C:\Program Files\DAUM
2016-02-13 09:39:11 ----A---- C:\WINDOWS\system32\CNMLMC1.DLL
2016-02-13 09:31:32 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2016-02-13 09:31:19 ----A---- C:\WINDOWS\system32\CNMLM9M.DLL
2016-02-13 09:31:16 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2016-02-13 09:31:08 ----HD---- C:\Program Files\CanonBJ
2016-02-13 09:30:18 ----D---- C:\Documents and Settings\All Users\Application Data\Samsung
2016-02-13 09:29:59 ----A---- C:\WINDOWS\system32\usp01l.dll
2016-02-13 09:29:58 ----A---- C:\WINDOWS\system32\usp01ci.exe
2016-02-13 09:29:58 ----A---- C:\WINDOWS\system32\usp01ci.dll
2016-02-13 09:29:56 ----N---- C:\WINDOWS\TotalUninstaller.exe
2016-02-13 09:29:55 ----D---- C:\Program Files\Samsung
2016-02-13 09:27:27 ----SHD---- C:\RECYCLER
2016-02-13 09:25:40 ----D---- C:\Documents and Settings\All Users\Application Data\Licenses
2016-02-13 09:25:40 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2016-02-13 09:25:30 ----D---- C:\Program Files\Detong
2016-02-13 09:23:10 ----A---- C:\WINDOWS\ODBC.INI
2016-02-13 09:23:01 ----A---- C:\WINDOWS\system32\mdimon.dll
2016-02-13 09:22:05 ----D---- C:\Program Files\Microsoft.NET
2016-02-13 09:21:09 ----D---- C:\Program Files\Common Files\DESIGNER
2016-02-13 09:21:04 ----D---- C:\Program Files\Microsoft Works
2016-02-13 09:20:51 ----D---- C:\Program Files\Microsoft Visual Studio
2016-02-13 09:20:30 ----D---- C:\WINDOWS\SHELLNEW
2016-02-13 09:20:21 ----D---- C:\Program Files\Microsoft Office
2016-02-12 17:19:32 ----A---- C:\WINDOWS\system32\h323log.txt
2016-02-12 17:19:30 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2016-02-12 17:19:25 ----A---- C:\WINDOWS\system32\hidserv.dll
2016-02-12 17:19:20 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys
2016-02-12 17:19:13 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2016-02-12 17:18:57 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2016-02-12 17:18:51 ----A---- C:\WINDOWS\system32\usbui.dll
2016-02-12 17:18:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-12 17:18:10 ----SHD---- C:\WINDOWS\Installer
2016-02-12 17:18:10 ----D---- C:\Program Files\Common Files\ODBC
2016-02-12 17:18:10 ----A---- C:\WINDOWS\ODBCINST.INI
2016-02-12 17:18:08 ----D---- C:\Program Files\Common Files\SpeechEngines
2016-02-12 17:18:07 ----RD---- C:\Program Files
2016-02-12 17:18:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2016-02-12 17:18:07 ----D---- C:\Program Files\Common Files
2016-02-12 17:18:05 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2016-02-12 17:18:05 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2016-02-12 17:18:05 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2016-02-12 17:18:04 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2016-02-12 17:18:04 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2016-02-12 17:18:04 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2016-02-12 17:18:04 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2016-02-12 17:18:03 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2016-02-12 17:18:03 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2016-02-12 17:18:03 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2016-02-12 17:18:02 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2016-02-12 17:18:02 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2016-02-12 17:18:02 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2016-02-12 17:18:02 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2016-02-12 17:18:02 ----RA---- C:\WINDOWS\system32\kbdest.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdro.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2016-02-12 17:17:58 ----A---- C:\WINDOWS\system32\kbduzb.dll
2016-02-12 17:17:58 ----A---- C:\WINDOWS\system32\kbdur.dll
2016-02-12 17:17:58 ----A---- C:\WINDOWS\system32\kbdtat.dll
2016-02-12 17:17:58 ----A---- C:\WINDOWS\system32\kbdmon.dll
2016-02-12 17:17:58 ----A---- C:\WINDOWS\system32\kbdkyr.dll
2016-02-12 17:17:58 ----A---- C:\WINDOWS\system32\kbdkaz.dll
2016-02-12 17:17:58 ----A---- C:\WINDOWS\system32\kbdaze.dll
2016-02-12 17:17:57 ----A---- C:\WINDOWS\system32\kbdycc.dll
2016-02-12 17:17:57 ----A---- C:\WINDOWS\system32\kbdbu.dll
2016-02-12 17:17:57 ----A---- C:\WINDOWS\system32\kbdblr.dll
2016-02-12 17:17:57 ----A---- C:\WINDOWS\system32\irclass.dll
2016-02-12 17:17:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
2016-02-12 17:17:56 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2016-02-12 17:17:56 ----A---- C:\WINDOWS\system32\dgsetup.dll
2016-02-12 17:17:56 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2016-02-12 17:17:54 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2016-02-12 17:17:54 ----A---- C:\WINDOWS\TASKMAN.EXE
2016-02-12 17:17:54 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2016-02-12 17:17:54 ----A---- C:\WINDOWS\system32\batt.dll
2016-02-12 17:17:54 ----A---- C:\WINDOWS\NOTEPAD.EXE
2016-02-12 17:17:53 ----A---- C:\WINDOWS\system32\storprop.dll
2016-02-12 17:17:50 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2016-02-12 17:17:44 ----RA---- C:\WINDOWS\SET8.tmp
2016-02-12 17:17:42 ----RA---- C:\WINDOWS\SET4.tmp
2016-02-12 17:17:41 ----RA---- C:\WINDOWS\SET3.tmp
2016-02-12 17:17:37 ----D---- C:\WINDOWS\system32\CatRoot2
2016-02-12 17:17:37 ----D---- C:\WINDOWS\system32\CatRoot
2016-02-12 17:17:31 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2016-02-12 17:17:12 ----D---- C:\Documents and Settings
2016-02-12 17:17:11 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-12 17:16:48 ----SH---- C:\boot.ini
2016-02-12 17:15:43 ----SHD---- C:\System Volume Information
2016-02-12 17:14:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2016-02-12 17:14:03 ----RSD---- C:\WINDOWS\Fonts
2016-02-12 17:14:03 ----RD---- C:\WINDOWS\Web
2016-02-12 17:14:03 ----HD---- C:\WINDOWS\inf
2016-02-12 17:14:03 ----D---- C:\WINDOWS\WinSxS
2016-02-12 17:14:03 ----D---- C:\WINDOWS\twain_32
2016-02-12 17:14:03 ----D---- C:\WINDOWS\Temp
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\wins
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\wbem
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\usmt
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\spool
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\ShellExt
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\Setup
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\ru-ru
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\ru
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\ras
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\oobe
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\npp
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\mui
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\inetsrv
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\IME
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\icsxml
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\ias
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\export
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\drivers\etc
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\drivers\disdn
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\drivers
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\dhcp
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\config
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\3com_dmi
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\3076
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\2052
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\1054
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\1049
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\1042
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\1041
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\1037
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\1033
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\1031
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\1028
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system32\1025
2016-02-12 17:14:03 ----D---- C:\WINDOWS\system
2016-02-12 17:14:03 ----D---- C:\WINDOWS\security
2016-02-12 17:14:03 ----D---- C:\WINDOWS\Resources
2016-02-12 17:14:03 ----D---- C:\WINDOWS\repair
2016-02-12 17:14:03 ----D---- C:\WINDOWS\Provisioning
2016-02-12 17:14:03 ----D---- C:\WINDOWS\PeerNet
2016-02-12 17:14:03 ----D---- C:\WINDOWS\pchealth
2016-02-12 17:14:03 ----D---- C:\WINDOWS\Network Diagnostic
2016-02-12 17:14:03 ----D---- C:\WINDOWS\mui
2016-02-12 17:14:03 ----D---- C:\WINDOWS\msapps
2016-02-12 17:14:03 ----D---- C:\WINDOWS\msagent
2016-02-12 17:14:03 ----D---- C:\WINDOWS\L2Schemas
2016-02-12 17:14:03 ----D---- C:\WINDOWS\java
2016-02-12 17:14:03 ----D---- C:\WINDOWS\ime
2016-02-12 17:14:03 ----D---- C:\WINDOWS\Help
2016-02-12 17:14:03 ----D---- C:\WINDOWS\ehome
2016-02-12 17:14:03 ----D---- C:\WINDOWS\Driver Cache
2016-02-12 17:14:03 ----D---- C:\WINDOWS\Debug
2016-02-12 17:14:03 ----D---- C:\WINDOWS\Connection Wizard
2016-02-12 17:14:03 ----D---- C:\WINDOWS\Config
2016-02-12 17:14:03 ----D---- C:\WINDOWS\AppPatch
2016-02-12 17:14:03 ----D---- C:\WINDOWS\addins
2016-02-12 17:14:03 ----D---- C:\WINDOWS
2016-02-12 17:14:03 ----ASH---- C:\pagefile.sys
2016-02-12 17:14:03 ----AD---- C:\WINDOWS\system32
2016-02-12 15:52:47 ----D---- C:\KMPlayer
2016-02-12 15:51:33 ----D---- C:\Documents and Settings\Центр\Application Data\uTorrent
2016-02-12 15:51:31 ----D---- C:\Program Files\uTorrent
2016-02-12 15:50:34 ----D---- C:\Documents and Settings\Центр\Application Data\AIMP3
2016-02-12 15:50:32 ----D---- C:\Program Files\AIMP3
2016-02-12 15:50:19 ----A---- C:\WINDOWS\system32\BCGPOleAcc.dll
2016-02-12 15:50:18 ----A---- C:\WINDOWS\system32\TwnLib4.dll
2016-02-12 15:50:18 ----A---- C:\WINDOWS\system32\imagXRA7.dll
2016-02-12 15:50:18 ----A---- C:\WINDOWS\system32\imagXR7.dll
2016-02-12 15:50:18 ----A---- C:\WINDOWS\system32\imagXpr7.dll
2016-02-12 15:50:18 ----A---- C:\WINDOWS\system32\imagX7.dll
2016-02-12 15:50:18 ----A---- C:\WINDOWS\system32\BCGCBPRO860u80.dll
2016-02-12 15:50:17 ----D---- C:\Program Files\Common Files\Nero
2016-02-12 15:50:16 ----D---- C:\Program Files\Nero
2016-02-12 15:48:49 ----D---- C:\Documents and Settings\Центр\Application Data\Zbshareware Lab
2016-02-12 15:48:47 ----D---- C:\Program Files\USB Disk Security
2016-02-12 15:48:20 ----D---- C:\Program Files\CCleaner
2016-02-12 15:46:50 ----D---- C:\Program Files\Google
2016-02-12 15:46:20 ----D---- C:\Documents and Settings\Центр\Application Data\Opera
2016-02-12 15:46:09 ----D---- C:\Program Files\Opera
2016-02-12 15:41:36 ----D---- C:\WINDOWS\system32\Lang
2016-02-12 15:39:27 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2016-02-12 15:39:21 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrszht.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrstr.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsth.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrssv.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrssl.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrssk.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsru.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrspt.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrspl.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsno.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsko.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsja.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsit.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrshu.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrshe.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrses.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrseng.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsel.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsde.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsda.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrscs.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvrsar.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nvcolor.exe
2016-02-12 15:39:10 ----A---- C:\WINDOWS\system32\nvmctray.dll
2016-02-12 15:39:10 ----A---- C:\WINDOWS\system32\nvcpl.dll
2016-02-12 15:39:09 ----A---- C:\WINDOWS\system32\nvwddi.dll
2016-02-12 15:38:29 ----A---- C:\WINDOWS\system32\OpenCL.dll
2016-02-12 15:37:14 ----A---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2016-02-12 15:37:11 ----A---- C:\WINDOWS\system32\nvopencl.dll
2016-02-12 15:37:07 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2016-02-12 15:37:03 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2016-02-12 15:37:03 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2016-02-12 15:36:58 ----A---- C:\WINDOWS\system32\nvcuda.dll
2016-02-12 15:36:47 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2016-02-12 15:36:47 ----A---- C:\WINDOWS\system32\nvapi.dll
2016-02-12 15:36:47 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2016-02-12 15:36:29 ----A---- C:\WINDOWS\system32\nvdispgenco3230790.dll
2016-02-12 15:36:29 ----A---- C:\WINDOWS\system32\nvdispco3230790.dll
2016-02-12 15:35:37 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2016-02-12 15:35:37 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2016-02-12 15:35:36 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2016-02-12 15:35:36 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2016-02-12 15:35:35 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2016-02-12 15:35:35 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2016-02-12 15:35:34 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2016-02-12 15:35:34 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2016-02-12 15:35:33 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2016-02-12 15:35:32 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2016-02-12 15:35:32 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2016-02-12 15:35:26 ----D---- C:\WINDOWS\system32\RTCOM
2016-02-12 15:35:22 ----A---- C:\WINDOWS\system32\ksuser.dll
2016-02-12 15:35:21 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2016-02-12 15:35:20 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2016-02-12 15:35:07 ----A---- C:\WINDOWS\system32\drivers\RTAIODAT.DAT
2016-02-12 15:35:04 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2016-02-12 15:35:02 ----A---- C:\WINDOWS\system32\drivers\Monfilt.sys
2016-02-12 15:35:02 ----A---- C:\WINDOWS\system32\drivers\Ambfilt.sys
2016-02-12 15:34:59 ----A---- C:\WINDOWS\system32\RtkCoLDRXP.dll
2016-02-12 15:34:59 ----A---- C:\WINDOWS\system32\RtkCoInstIIXP.dll
2016-02-12 15:34:49 ----A---- C:\WINDOWS\vncutil.exe
2016-02-12 15:34:49 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2016-02-12 15:34:48 ----A---- C:\WINDOWS\RtlUpd.exe
2016-02-12 15:34:48 ----A---- C:\WINDOWS\RTLCPL.EXE
2016-02-12 15:34:46 ----A---- C:\WINDOWS\RtkAudioService.exe
2016-02-12 15:34:45 ----A---- C:\WINDOWS\RTHDCPL.EXE
2016-02-12 15:34:44 ----A---- C:\WINDOWS\MicCal.exe
2016-02-12 15:34:44 ----A---- C:\WINDOWS\ALCWZRD.EXE
2016-02-12 15:34:44 ----A---- C:\WINDOWS\ALCMTR.EXE
2016-02-12 15:34:39 ----A---- C:\WINDOWS\system32\cohelper.dll
2016-02-12 15:34:37 ----A---- C:\WINDOWS\system32\drivers\nvnrm.sys
2016-02-12 15:34:37 ----A---- C:\WINDOWS\system32\drivers\nvnetbus.sys
2016-02-12 15:34:36 ----A---- C:\WINDOWS\system32\drivers\NVENETFD.sys
2016-02-12 15:34:34 ----A---- C:\WINDOWS\system32\nvconrm.dll
2016-02-12 15:34:33 ----A---- C:\WINDOWS\system32\fdco1ins.dll
2016-02-12 15:34:33 ----A---- C:\WINDOWS\system32\fdco1.dll
2016-02-12 15:34:33 ----A---- C:\WINDOWS\system32\bdco1ins.dll
2016-02-12 15:34:33 ----A---- C:\WINDOWS\system32\bdco1.dll
2016-02-12 15:34:30 ----D---- C:\Program Files\NVIDIA Corporation
2016-02-12 15:34:23 ----A---- C:\WINDOWS\system32\NVCOSMB.DLL
2016-02-12 15:33:02 ----D---- C:\WINDOWS\Logs
2016-02-12 15:31:33 ----D---- C:\Documents and Settings\Центр\Application Data\Adobe
2016-02-12 15:31:29 ----D---- C:\Documents and Settings\Центр\Application Data\AVAST Software
2016-02-12 15:31:13 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2016-02-12 15:31:13 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2016-02-12 15:31:12 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2016-02-12 15:30:47 ----A---- C:\WINDOWS\system32\drivers\aswvmm.sys
2016-02-12 15:30:47 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2016-02-12 15:30:47 ----A---- C:\WINDOWS\system32\drivers\aswStmXP.sys
2016-02-12 15:30:47 ----A---- C:\WINDOWS\system32\drivers\aswsp.sys
2016-02-12 15:30:47 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2016-02-12 15:30:47 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2016-02-12 15:30:47 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2016-02-12 15:30:47 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2016-02-12 15:30:47 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2016-02-12 15:30:41 ----A---- C:\WINDOWS\system32\aswBoot.exe
2016-02-12 15:30:31 ----A---- C:\WINDOWS\avastSS.scr
2016-02-12 15:30:00 ----D---- C:\Program Files\AVAST Software
2016-02-12 15:29:12 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2016-02-12 15:29:01 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2016-02-12 15:28:37 ----D---- C:\Documents and Settings\Центр\Application Data\Ident4.1
clnti-02-12 15:33:02 ----D---- C:\WINDOWS\Logs
2016-02-12 15:3 315:3lh*
clnti-02-12 15:33:02 ----D---- C:\WINDOWS\Logs
28:37 ----Ddg9m25:30:47 ----A---- C:\WINDOWS\syrh9i-02-12 15:33:02 ------ C:\WINDOWS\Logs
2Dd16-
2016-02-12 15:28:37 ---33:0INDOa ----DINDOW-uES-- C:\WINDOWS\sysr---- C:\WINDOWS\Logs
28:37 ----Ddg9m25:30:47 ----A12 S\system32\1037
2016-0rDOW-uES-- C:\WINDOWS\sysr---M2Eb:47  M:\WINDOWS\-0rDOf.gp---6 de-ll Users\Applicatioe-ll Users\Applicatioe-ll Users\Applicatioe- ue--- CrDOW-uES-- C:\WINDOWS\sysr---M2Eb:A Corporation
2016-02-12 1o-
2016-02-1Wysr----6i0\WINDOWS\system32\nvrsja.dll
-02-12 1o-
2016-02-1Wysr-C ta\Ident4.1
clnti-02-12 1ir---A----.dll
-02-12---D---- C:\WINDOWS\Logs
2016-02-12 15:3 315:3lh*
clntSYS
2016-02-12 15:28:3TDh12 1ir---A----.dll
-02-12---D---ld=eoe-ll Users\Applicatioe-Dh12 1ir---A----.dll
-02-112 15ll52
2016-02-12 17:14:03 ---d=eoe-ll Users\Applicatioe-Dh12 1s and Settin:14:03 ----D---- C:\WINrpli2C1 ---w:Ta-eakBvUr3wers\Applicatioe-ll Users\Atand SettkBvgmen5ph:34:59 ----A---- C:\WINDOWS\system32\RtkCoLDRXP.dll
2016-02i:W:dN12 15:28:37 ---33:0INDOa ----DINDOW-uES-- C:\WINDOWSuukCoLc 15:30:47 ----A---- C:\WINDOWS\system32\drivers\aswRdr.Eo7 ----A---- C:\WINDOWS\system32\drivers\aswRdr.Eo7 ----A-9ns\ccleaner.exe]
"De




oystem32\nvrsja.dll
-02-12 1o-
201atioe-Dh12 1ir---A----."2rm32\nvrsja.dll
-02-12 1o-
32 1ir---A-9ns\ccleaner.exe]
"De




oystem32\nvrsja.dll
-02-12 1ssngs\All Users\Application Data\Micrir---A----.dll
-02-12---D---ld=eoeFWS\system32\fdcN
32 1ir---A-9ns\ccleanU
-02-1aaCM"m95

oystem32\nvrsja.dll
-02-12 1o-
201atioe-Dh12 1ir---A----."21ir---A----.eakBvUr3wers\Applicatioe-ll Users\Atand SettkBvgmen5ph:34:59 ----A---- C:\WINDOWS\system32\R4:59vers\kmixer.sys
2016-02-12 15:35:35 -g0xvgmenew
pgdll
2016-02i:W:dN12 15:28:37 ---33:0INDOa ----DINDOWINDOWg _S02-12 15:35:07 ----A---ys
2016-02-12 15:35:35 -g0xvgmenew
pgdll
2016-02i:W:dN12 15:28:37 ---33:0INDOa --"x,PI02-12---D---ld=t-aaSoftware
2016-02-12 15:29:12 ----D---- C:\Documents and catioe-l C1r 15:N3n\nvrsde.dll
2016-02-12 15:39:11 ----A-pr6pngs\AllcuswRdr.Eo7 ----A---- C:\Weil
2mplflapaojjnihcjkigck 0Ds\Applicatioe-ll Users\Applicatioe-ll Users\Applicatioe- ued caunhN8poration
2016-02-12 15:39:11 ----A---CcEed ----A-pr6pngs\AllcuswRdr.Eo7 ----A---- C:\Weil
2mplflapB-cEed ----A-pr6pngs\AllcuswRdr.Eo7 ----A---- C:\Weil
2mplflapB-cEed ----A-pr6pngs\Alle0ttci7 ----A---- C:\-A---- C:\Weil
2mplflapB-cEed --- C:\Weil
2mplflapB-cEed ----A-pr6pngs\Alle0ttciv 15et----A---- C:\WINDOWS\av.po7 ----A---- C:\Weil
2mplflaC1stem32\drivers\aswRdr.Eo7 ----A---- C:\WINDOWSRP:V7"RSii- C:\Weil
2mplflapBerclepaA---- C:\WINDOWSRP:V7"RSWS\OWSmplf catioe-lsTt16-02-1ES-- C:0Psnt- Cycjkigck 0Ds\Applicatioe-ll Users\Applicatioe-ll Users\l---A---- C:\WINDOWS\system32\drivers\aswmg0cINDOWS\av.po7 --me-l C1r 15:N3n\nvrsde.dll
2016-02-12 15:39:11 ----AApo7f ogs
28:37 ----Ddg9inp
2016-02-12 15:39:11 ----AApo7f ogs
28:37 ----Ddg9inp
2016-02-12 15:39:11 ----AApo7f ogs
28:37 ----Ddg9inp
2016-02-12 15:39:11 ----AApo7f ogs
28:37 ----Ddg9inp
2016-02-12 15:39:11 ----AApo7f ogs
28:37 ----Ddg9inp
2016-02-12 15:39:11 ----1R4:59vers\kmixer.sys
2016-02-12 15:35:35 -g0xvgmenew
pg
2016-02-12 15:39:11 --gti39:11 ----AApo7f og8e 4:59vers\kmixer.sys
2016-02-12 l0gixerMmenew
pg
2016-02-12 15:3a--AApo7f og8e 4:59vers\kmixer.sys
2016-02-12 l0gixerMmenew
pg
2pr6pngs\Alle0ttciv 15et----AApo7f ogs
28:37 ----Ddg9inp
2016-02-12 15:39:11 ----AApo7f ogs
28:37 ----Ddg9inp
2016-02-12 15:3p
2016-bflai2 1eKeot:37 ----Ddg9inp
2016-02016-02-12 15:39:11 ----AApo7f ogs
28:37 ----Ddg9inpel enew
pg
2016-02-12 15:39:11 --gti39:11 ----AApo7f og8e 4-12 15:37:07 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2016-02-12
t- Cycjh6pngs\Alle0ttciv 15et---INDOWS\sWS\systes- Cycjh6pngs\Alle0ttciva2-12 1 :28:37 ---33:0INDOa ----DOaj3S\sys7f ogS\Logs
2Dd16-
2016-02-12 15:28:37 ---33:---I\sys7f ogS\Logs
2Dd16-
2016-02-12 15:28:37 ---33:---I0Fes\A0Psnt- ecia\9inpel enew
pg
26g8e 4-12 rsde.dll
2016-02-12 15:39P:39npenll
2016-02-1t1n0a0\h1-02-14-12 rsde.12 rsde.12 rsde.12 rsde.12 rsde.12 rsde.12 rseas- hp 1tip2 rsdsnt- ecia\9inpel enew
pg
26g8e 4-12 rsd16-we6-02-12 15:30:47 ---Ѷnp"di---8 enei)A---- ia\9inpel enew
pg
26RlT12 M1-0ds\A8 enei)A---- ia\9inpel enew
pg
26RlT12 M1-0ds\A8 enei)AF3eOA8 ew
piae rsdeble07pinpel enew
pg
26g8e 4-12 rsd16-we6-02-12 15:30:47 ---gTblMjmmC3LncG6oe---A.:--- e.grsdeble07picIe2xE0iaoЏn.a]Tc ed16iA-A.o86oe---A.:--- e.grsdeble07picIe2u\mbl U9inpel i40dsa]Tc ed16iA-A.o86oe---A.:--- e.grsdeble07picIe2u\mbl U9i7il 30ebltebltebao u.o86oe---A.:--- e.grsdeblepleAlleln hxO3iwemeAllf2
aAllf2
02 rs\Applicatioe-Dh12 1s and Settin:14tsd1blteb.p-ldaWr25041gew
piae rsdeble07pin\nv\k
pia----Ddg9inp9-A---- C:\WINDOWS\system32\RtkCoInstIIXP.dll
2016-02-a3Fe rsdeble07pip2 rsdsnt- ecia\9inpel enew
pg
26g8e 4-12 rsd16-we6-09 U9inpel i40dziea.dll
-02-12 1o-
32 1ir---A-9ns\m.2016-0x9Iyivers
2016-02-12 17:14:03 ----D---- C:\WINDOWS\systemu---I\sys7f ogS\Logs
2Dd16-
2016-02-12 15:28:37 -S.--D---- C:\WINDOWS\systemu---I\sys7f 6\systemsystem32\1037
201
pg
26RlT12 M1-0ds\A8 enei)AF3eOA8 ew
piae rNRA---- MI\sys7f 6\systemsystem enew
pg
26g8e 4-12 rsd16-we6-09f:\WINDOWS\systemu---I\sys7f 6\systemsystem32\1037
201
pg
26RlT12 M1-0ds\A8 enei)AF3eOA8 ew
piae rNRA---- MI\sys7f 6\systemsystem enew
pg
26g8e 4-12 rsd16-we6-09f:\WINDOWS\systemu---I\sys7f 6\systemsystem32\1037
201
pg
26RlT12 M1-0ds\A8 enei)AF3eOA8rg 6\systemsyste
K 1T
01
pg
26RlT12 M1-0ds\A8 ene2 C:\-9-\nvrsno.dll
2016-02-12 15:39:11 ----A---- C:\WINDOWS\system32\nv s:C3LncG6oe---A.:--)2 M1-0ds\A8 ene2 C:\-9-\nvrsno.dll
2016-02-12 15:39:11 ----A-:Orsno A---- C:\WINglys7D=gs\A8 ene2 C:\-9-\nvrsno.dll
2016-02-12 15:39:11 ---41 --=nvr71abC:\Weil
2mplflapaojjnihcjkigck 0Ds\Applic j:ip2 ra0,0----37seWl
2016-02-12 15:39:11 ----A-pr6pngs\AllcuswRdr.Eo7 ----A----Wl
32:11 --=nv812 Mo7f og8e 4-12 15L-Wl
32:16m--AApo7fAAa:c\AllcuswRdr.Eo7 ----A----Wl
32:11 --=nv8e13PrbpieTc\AllcuswRdr.Eo7 ----A---e-\nvtabCae6pngs\Alle0ttciva2-12 1 :28:37 ---33:0INDOa ----DOaj3S\sys7f ogS\Logs
2Dd16-
Pr etghj ---DOa ----DOaj3S\sys7f ogS\Logs
2Dd16-
Pr etghj ---DOa ----DOaj3S\sys7f ogS\Logs
2Dd16-
Pr --e-\nvgpLncG6oe---Aic,5a ----DOaj3S\sys7f ogS\Logs
2WhT12 M1-0ds\A8 ene2 CLncG6oe---Aic,5a ----DOaj3S\sys7f ogS\Logst\A8 ene2 CLncG6oe---AicMaRaAic,enew
pg
2016-02-d2snFUck 0Ds\Applicatioe-ll Users\Applicatj2 155AicMaeS\Logs
r"6 F8вne2 Do4na1tE0wnew
pg
2016-02-d2snFUck 0Ds\Applicatioe-ll Users\Applicatj2 155Atemsystem32\1037
201
pClDINDOW
201rs\Applin
pg
2016- --mT 4-12 ogsatI\sum-nFUck 0Ds\Applicatioe-ll Users\Applicatj2 155AtemsysteI\soe-ll Users\Applicatj2 155Atemsystem32\1037
201
pClDINDOW
201rs\Applin
pg
2016- --mT 4-12 ogsatI\sum-nFUck 0Ds\Applicatioe-ll Users\Applicatj2 155AtemsysteI\soe-ll Users\Applicatj2 155Atemsystem32\1037
201
pClDINDOW
201rs\Applin
pg
2016- --mT 4-12 ogsatb7
nE O"cstj2 155Atemsystem32\1037
Lalicatj2 155Atemsystem32\14:03 -A---- C:\WINDOWS\system32\kbdhu1.dll
2016-02-12 17:18:01 ----RA---- C:\WINDOWS\srpKU9i7il 30eblo1pEmT 4-rati2-d232\1037
201
pClDINDOW
201rs\Applin
pg
2016- --mT 4-12 ogsatI\Cd232\1037
201
pClDINDO- MA8 ew
piae rNRA---- MI\sys7f 6\systemsystem enew
pg
26g8e 4-1---ISp9Ze rNRA---C3nUrHc/BciT(temsystem enew
pg
26g8e 4-1---ISp9Ze rNRA---C3nUrHcpo7fAAa:c\All 4-12nti-A--
grsdeblepleAlleln hxO3iwemeAllf2
aAllf2
02 i-3NRA---CtI\sum-nFUck 0Ds\Applicath11eAlabg8e 4-1---ISp9Ze rNRA-geaRsumo4
2016licath111pck 0cw
pg
26RlT12eh gAic0cw
pg
26RlT12eh gAic0cw
pg
26RlT12eh gAic0cw
pg
26RlT12e/ uD---6nti-aMii 0D
pg
26RlTo6ot2 1 :pDd w
pg
26RlT12e/ uD---6nti-aMmu:37g
26Rl2 rsde.12 rseaor6Ss.7 26RlTo6ot2 1 :gs\Alle0ttciv 15et---INDOWS\sWSa2ty09\fs.12Os\Google
2016-02-12 15:1 :
2016STadRlTo6ot2 1 :gs\Alle0ttciv 15et---INDOWS\sWSa2ty09\fs.12Os\Googmmmmmmmmmmmmmmmmmeaor6Ss.7 26RlTe8debte9O- MA8 ew
piae rNRA---- MI\sys7f  l 3mmmmmmeaorti8etEs\G3dmon.dll
gle
20rIa3dmon.dll
gle
20rIa3dmon.dll
gle
20rIa3dmon.dll
gle
20rele
20rtem32\RtkCoInstIIXP.dll
2016-02-a3Fe rsdeble07pip2 rsdsnt-v1 ---e 4-12 rsd16-we6-09 U9inpel iemFe r iemFe r iemFe r iemFe r iemFe r iemFe r iersdms.o0iMn0Cae2"0
i0C3Lr.o0ik-- Ls\Applicatj2 155Atr iersdm imr0CaHtemsysteI\soe-ll UserskCoInstIIXP.d6-02-2 1 :pDd w
pg
26RlT12e/ uD---6nti-aMmu:37g
26RGoi9WS\system32\nvcuvenc.dll
2016-02-12 15:36:58 ----A----oprtem32\RtkCoInstI
20Cleaorti8etEs\G3dmon.dll
gS0CaHem32\RtkCoInstI
20Cleaorti8e0Cleaorti8ertem32\RtkCoInstI
20Cleaorti8etEs\G3dmon.dll
gS0CaHem32\0CaHtemsysteI\soe-ll UserskCoInstII VdR8eiRcaDopaHtemsysteI\soe-ll UserskCoInstII VdR8eiRcaDopaHtemsysteeI\soe-ll User-we6-09 U9inpel i40dziea.dllsicoiAmmu:AlteeI\soe-ll User-we6-09Mdieg8em aN Dd39:11 M1-0.5sa5Atr iersdm imr0Cdm  v 15et---INDOWS\sWSa2ty09\fs.12Os\Googmmmmmmmmmmmmmmmmmeaor6er-we6-09MdieglgS\sWSa2ty09\fs.12Os\Googmmmmmmmmb ~
E.12OsWStEs\G3dmon.dll
gS0CmmmH7 26RlTo6ot2 1 :gs\Alle0ttciv 15et---INDOWS\sWSa2ty09\fs.12Os\Google
2016-02-12 paHtemilw
pg
2016-02-d2snFUck 0DssnFUck 0DssnFUck 0DssnFUck 0Dssn21Applicatj2 155Atemsysa:bC:\
j 1p1ecziea.dllsicoiAmmu:AlteeI\soe-ll User-we6-09Mdieg8em aN Dd39:11 MlelteeI\soe-ll User-we6-09Mdieg8em aN Dd39:11 M1-0.5sa5Atr ier.mFe r iemFe r iemFe r ieheg8em aN Dd39Mdieg8em aN Dd39:11 M1-08Ea00:aojjlle-02-12 15:39:11 ----A-:Orsno A---- C:\WINglys11 M1-pti8e0Cleaorti8ertem32\R---a3Fe rvieg8em aN Dd39:11 M1-08Ea0r2 15:39:11 --GsI\sE.фoaTdiee
bsers\AtanDd39:11 M1-08Ea0r2 15:39:11 --Gen9:11 --n3\WINglys11 M1-pti8e0Cleaorti8ertem32\R---a3Fe rviegunnl20Ce r iemFe r iemFe r ieT  r iemFa67m_nrti
a: 4-12 ogsatb7
nE O"cstj2 155Atemsystem32\1037
Lalicatj2 1 8Sr--a3Fe rviegunnl20Ce r iemDOWS\sWS\sysitg,asysu\E O"cstj2 155Atemsystem32\1037
Lalicatj2 1 8Sr--aDiv 15et-R2oaTdiee
bsers\NHn\bLrX-aTdiee
bsers\NHn\bLrX-aTdiee
bsers\NHn\bLrX-aT5Cbyee
bsers\NHn\bLrX-aTdiee
bsers\NHn\bLrX-aTdiee
bsers\NHn\bL4t--a5\Logs
e
m tcaf\bL4t--aTand SerX-  rsde.12 rseas- hp 1tip2 rsdsnt- ecia\9inpel ec0ttciv 15et---INDOWS\sWSa2ty09\fs.12Os\Google
2m tcaf\bL4t--aTand SerXciagrtiqD.WIel ttciv 153mW2Os\GogbRlrDplicatioe-llL1aagrtiqD.WIel ttciv 153mW2Os\GogbRlrDplicatioe-llL1aagrtiqD.WfmE0  \aswRdr.Eo7 ----A---- C:\WINDOWSRP:V7"RSii- C:\Weil
2mplflapitaswClaSw
pd \aswRdr.Eo7 ----A---- C:\WINDOWSRP:V7"RSii- C:\{6aP:V7-- ,d.tprs\NHn\bLrX-aTdiee
bsers\NHn\bLrX-aTdiee
bsers\NHn\bLrX-aT5Ctcdieefcck 0Ds\Applicath11eaagrtiqD.WfmE0  \aswRdr.Eo7 ----A---- C:st4E0  :\{6aP:V7-- ,d.tprDinp
2016-02-12 15:39:11 ----AApo7f ogs
28:37 ----Ddeli4Iel ttciv 153mW2Or.7-- ,d.tprs\ 7oE2Os\GogbRlrDplicatioe-llL2:st4Ea:sFoPPR1xo68R1xo68R1xo68R1xo68R1xo68R1xo68R1xo68R1xo68R1xo68R1xo68R1xo68R1xo68R1xo68R1xo68R1xo6R1xo
pClDINDOW
201rs\Applin
pg
2016- --mT 4-12 ogsatb7
nE O"cs\d168R1xo68R1xo6vplin
pg
2016- --mTpir8eiRcaDopaHtemsysteeI\soe-ll UAA--6WhT12 M1-0ds\A8 ene2 CLncG6oe-gadmD---6nti-aMii 0D
pg
26RlTo6ot2 1 :P-we6-09 U9inpel i40dziea.dllsicoiAmmu:AlteeI\soe-ll User-we67Sddeli4Iel 3A:uel AF3eOp 1 :PbmfcAxll
2016bt57r0bsee1s, 0D
pg
26RlTo6ot2 1 :P-w167Sddeli4bdadeli4Iel 3A:uel AF3eOp 1 :PbmfcAxll
2016bt57r0bs67Sddeli4bdadeli4Iel 3A:uel AF3eOp 1 :PbmfcAxll
2016bt576li4Iel 3A:u5gbdaP:V7-- ,d.tprDinp
20xtprDinp
20xtprDinp
20xtprDinp
20xtprl
2016bt576li4Iel 3A:u5gbdaP:V7-- ,dnTll U
20xtprDinp
20xtprDinp
20xt37-- ,dnTll U
20xtprDinp
20xtKMle
0 a-- ,dnTll U
20xtprDinp
20ldgaRA:uel AF3ehHtemsysteeI\soe-ll U
20xtprDinp
20ldgaRA:uel AF3ehHtemsysteeI\soe-ll U
knebh5np
20ldgaRA:uel EgaRA:uT0-dhHtemsysteeI\s0Cleaorti8etEs\G3dmon.d0j8xgn9s\GogbRlrDplicatioe-llL2:st4Ea:o CrX-aTdiee
bsers\NHn\bLrX-aTdiee
bsers\NHn\bLrX-aT5Cbyee
bsern i Dp--- Cb6u- Cb6u- Cb6u- Cb6u- Cb6u- Cb6u- Cb6u- Cbdcsern i Dp--- Cb6u-7prl
2016bt576li4Iel 3A:u5gbdaP:V7-- ,dnTll U
20xtprDinp
20x8,PD NaINDOWSRP:V7"RSii- C:\Weil
2mplflapio3ysteeI\s0Cleaortisoe-ll U
knDi20x8,PD 3A:uel AF3eOp 1 :PbmfcAxll
 ---DOa ---a1d17knDi20\0ldgaRA:uel AF3ehHtemsystFoysteeI\s0Cleaortisoe-ll U
knDi20x8,PD 3A:uel AF3eOp 1 :PbmfcAxllel0xtprDinp
20ldgaRA:np
20xtprDinp120x8,PD 3A:uel AF3eOp 1msmpl1llel0xtprDinp
20ldg8voinp120x8,PD 3A:uel AF3eOpa2E0paHtemilw
pg
2016-DsC:\RA:np
20xtpr  3A:uel AF3eOp 1 0-dhHtemsysteeI\s0Cleaorti8etEs\G3dmon.d0j3eOp 1msmpl1llvinsysteI\Rrti8ertem32\R---an-3S\sys7f ogS\Logs
P2fer0Cleaorti8etEs\G3dmon.d0j3e"PM5A:np
20xtpr  3A:uel AF3eOp 1 0-dhHtemsysteeI\s0Cleaorti8etEs\G3dE0:S\Logs
P2fer0Cgly-12 15:34:49 ----A---- ups\Gap6li4IeiAF3en3aaori:\WINDOWS\syN8e:1143bs, 0D
pg
26RlTttciv 15e4Iei:F0op43bs, 0D
pg
26RlTttciv 15e4Iei:F0op43bs, 0D
pg
26RlTticoiA34.NaiauetEs\G3dmon.d0j37:\Documents and Settings\ЦwSettings\ЦwSettings\A}m aN Du009:\Weil
2mplflapio3ystea 2-08EaNHnЦwSbnЦwSbnЦwSbnЦwSbnЦwSbnЦr12 SbnЦr1m(1----A---- C:\WINDOWSRP:V7"RSii- Cotings\ЦwSettings\A}m aNS rsdsnt- ecia\9inpel ec0ttciv 15et---INDOWS\se6A---- C:\WINDOWSRP:V7"RSii- Cotings\ЦwSettings\A}m aNS rsds5:31:13 ----A---- C:\WINDOWS\system32ngs r 93A:uel AF3eOp 1 0-dhHtemsyst 15e4Iei:F0op43bs,633on 08Ea0r2 14zioSagh9uel rn5:31:1j,633sop43bs,633on 08Ea0r2 1E0-dhHtemsyst 15e4Iei:F0op43bs,633on 08Ea0r2 14zioSMsvc.exe
2016-02-12 15:3n1e
Tn1e
Tn1e
Tn1e
Tn1e
Tn1e
Tn1e
Tn1e
Tn1e-12 15:3n1e
a0r2 14zioSMsvc.exe
b-s31e
Tn1e
Tn1e
Tn1e
Tn1e
Tn1e-12 15:3n1e
xtprDinp
20ldgaRA1e
2(a0r2 14zioSMsvc.exe
b-s31e
Tn1e1e
Tn1e
Tn1e
Tn1e
Tn1e
Tn1e-12 15:3n1e
xtprDinp
20gs\A}m aNS rsds5:31:13 ----A---- C:\WINDOWS\system32ngs r 93A:uel AF3eOp 1 0-dhHtemsyst 93A:uel AF3eOp 1 0-dhHtemsyst 93A:uel AF3eOp 1 0-dhHtC:\WINsivcA9CO _"Ei4b31e
Tn1e1e
Tn1e
Tn1e
Tn1e
Tn1e
Tn1e-12 15:3n1e
xtprDinp2i E0 ldge
Tn1e1e
Tn1e
Tn1e
Tn1e
Tn1e
Tn1e-12 15:3n1e
xtprDinp
20gsenp 3A:uel AF3eOp 1 0-dhHtemsysteeI\s0Cleaorti8etEs\G:n0eB5
b naorti8etEs\G:n0eB5
b naorti8etEs\G:n0eB5
b naorti i Dp--- Cb6u- Cb6u- Cb6u- Cb6u- CIu5g 93Aorti8etEs\G:n0eB5
b-5s\G:8etEs\G:n0eB5
G, 0D
pg
26RlTttciv 15e4Iei:F0opMmlsteEl AF3eOp 1 0-dhHtC:\WIiEl E8beTttciv 15e4Iei:F0opMmeEl AF3eOp 1 0-dhHtC:\WIiEl E8beali2C1 ---w:Ta-eakBvUr3wers\Applicatiodh 4rgeetE3aaori:\WINDOWS\syN8e:1143bs, 0D
pg
26RlTttciv 15e4Ied1e2esbINDm:F0oprti8etEsri:\WIaori:\WINDOWS\syN8e:12esbINDeaorti8etEs\G:n0eB5
b nWIaori:\WINDOWS\syN8e:12esbINDpl:A8k8ee51eers\NHn\bLdi:12esbINDeaorti8etEs\G:n0e1ioSMsvc.exe
201opMmlsteEl AF3eOp 1 0-dhHtC:\Wpe1ioSMsvc.ex
26gpfp
i:12esbINDeaorti8etEs\G:n0e1ioSMsvc.exe
e:AF3eOp :8etEs\G:n0eB5
G, 0D
pg
26RlTttciv 15e4Iei:F0opMmlnINDeaorti8etEs\G:n0e1ioSMsvc.exe
e:AF3eOp :8etEs\G:nv 15e4Iei:F0opMDinp
20ldgaRA:uel20ClSAgu201AF3eOp :8etEs\G:nv 154Ie4trX-aTdiee
bsers\NHn\bLrX-aT5Cbyee
bsers\NHn\bLrX-aTdiee
bsersinp
AF3egftu7 3wacSCbyee
bsers\NHn\bLrX-aTdieeE5tpr  3A:uel AF3eOp 1 0-dhHtem.4Rt3y-v 1 Gue2esbW1nObln 3A-ogs r 93A:uel AF3eOp 1 0-d3eOp 1 0-dhHtC:\WIiEl E8beali2 keEMbogs r 93A:uel AF3eOp 1 0-d3eOp 1F3eOogs rDR "1 0C dA
2S. biia4eOpR16-02-12 15:3n1e
Tn1e
Tn1e
Tn1e-pop127era
2S. biia4eOpR16-02-12 15:3n1e
Tn1e
Tn1e
Tn1e-pop127era
r3wers\Applicatiodh 4rgeetE3aaori:\WINDOWS\syN8e:1143bs, 0D
pg
26RlTttciv 15e4Ied1e2esbINDm:F0oprti8etEsri:\WIaori:\WINDOWS\syN8e:12esbINDeaorti8etEs\G:n0eB5
b nWIaori:\WINDOWS\syN8e:12esbINDpl:A8k8ee51eers\NHn\bLdi:12esbINDeaorti8etEs\G:n0e OWSRP:V7"xo68R1xo6R1xo
pClDINDOW
201rs\Applin
pg
2016- --mT 4-12 ogsatb7i.INDeaorti8etEs\G:n0e OWSRP:V7"xo68R1xo6R1xo
pClDINDi3escPchHtC:8 ene2 C:\-9-\nvrsno.dll
2016-02-12 15:39:110e OWSRP:V7"xo68R1xo6R1xo-11}r: zApplIN7"RSii- C:\Weil
2mplflapio3ysteoKCg
2016- --mT 4-12 x ciDR1xo6R1s(Pexo.p6KetEsMp
20ldgaRA:uel20ClSAgufysteoi50nCe5n:n0eaRA:uel20ClSAgufttciva2-12 1 :28:37 ---33:0INDOa ----DOaj3S\sys7f o:wgufysteoimi- C:a-n6 9e0IN3eOp 1 :Pbmfcei50nCe5n:n0eaRA:uel20ClSAgufttciva2-12 1 :28::AF-niva2-12 1 :28::Pxcs9- --mT 4-wleln hxO3iwemeAllf2
aAllf2
02 rs\Applicatix cDOa ----DOaj3S\sys7f o:wg AF3eOp 1 0-d3eOp 1 0-dhHtC:\WIi20r2 s\Ap3Tttci1hemeAllf2
aAllf2
02 rsdWSRP:V7"RSii- CotinF-niva2-1koiva2-12 1 :28::Pxcs9- --mT 4-wlel:ctEA ----DOaj3S\sys7f o:wg AF3eOp 1 0-jce1cPc28:0-jce1cPc28:0-jcs00"lr3wers\Applicatiodh 4rgeetE3adi:12esbINDeaorti8etEs\G:n0e1ioSMsvc.exe
201opMmlsteEl  4rgeetE3adi:12esbINDeaorti8e5i1sieaorti8etEs\G:n0eB5
b nWIaori:\WINDOWS\syN8e:12esbINDpl:A8em88SxtprDinp
20gs\A}m aNS rsd]pSn0e3:n0e ri 1a - C:\WINDOWSRP:V7"RSii- Ci:trngs r 93A:uel AF3eOp 1 0-dhHtemsyst 15e4Iei:F0op43bs,633on 08E 93A:uel AF3eOpS\sya2I/:tRA:uel20ClSAguB-jcki:\WINDOWS\syst1a - C:\WINDOWSRP:V7"RSiiq-
HeI\E9Eel AF3eOpS\sya2I/:tRA:uel20Clv:Rilbt57r0bs67Sddeli4bdadeli4hSe1sprD1ctRA:uel20Clv:Rilbt57r0bs67Sddeli4bdadeli4hSe1sprD1ctRA5eNotRA5eNotRA5eNotRA5eNotRA5etA}m aNS rsds5:31:13hen ictRA5eNotRA5eNotRA5eNotRA5eNotRbRhi rD1ctRA5eA5eNo6ot1o:3rD1ctRA5eNotRA5eNotRA5eNrhHtemsysteeI\s0Cleaorti8-dhHtC:\WIiEl E8beali2 keEMbogs r 93A:uel AF3eOp 5:3n1eWeiI\s08Er(y-v 1 Gue2esbW1nOblMbogs r 93A:uel AF3 AF3 AF3 AF3 AF3 AF3 AsdnOblMbogs r 93A:uel AF3 AF3 AF3 AF3 AF3 AF3 AsdnOblMbca7:trngs r 93A:uel AF3eOp 1 0 AF3 AF3 AF3 AF3 AF3 \ AF3
Tn,D7r 93A3MLr0r3A:uel AF3eOp 1 0 AF3 AF3 AF3 AF3 AF3 \ Al AF3eOp 1 0 Ar0r3A:uel AF3eOntyrHi93A:ueAF3arxo.cnObl\d:U2l\d:U2lUe3eOp 1 0 Ar0r3A:uel AF3eOntyrHi93A:ueAF3arxo.cnObl\d:U2l\d:U2lUe3eOp 1 0 Ar0r3A:uel AF3eOntyrH1ueOblgxo.cnObl\d:U2l\d:U2lUe3e 0 Ar2ViP. 9U-i45smw:uel AF3eOp 1 0 AF3 AF3 AF3 AF3 AF3 \ AF3
Tn,D7r 93A3MLkgAF3 AA:uel AF3 A-33EIiEl E8beali2 keEMbogs r 93A:uel i1Z2s2NaFl Esmw:ue6ng\ AF3
Tn,D7r 93A3MLkgAF3 AA:uel A-dhHtemsyst 93A:uel AF3eOp 1 0-dhHtemsyst 93A:uel AF3eOnF3ea3l\d:U2l Cotii2017r 93tsysttemsysm2 1 L:ue6ng\ AF3r3wers\2Xmsy:ueFl Esmw:ue6ng\ AF3
Tn,D7r 93A3MLkgAnf2Frs\2Xmsy:ueFl Esmw:ue ib keeFl Esmw:ue6ng\ AF3
Tn,D7r 93A3MLkgAnf2Frs\2Xmsy:ueFl Esmwb OWngx6.0m7iF3
Tn,D7r 93A3MLkgAnt6KEsmw:ue ib keeFl EsmiA6.0m7iF3
Tn,D7r 93A3MLkgAnt6KEsmw:ue ib keeFl EsmiA6t6KEsmw:ue ib keeFl EsmS0ldgaRA:uel20ClSAgufysteoi50nCe5n:n0eaRKEsbnG:n0eB5
b nWIaori:\WINDOWS\syinCe5n:n0eaRKEsbnG:n0eB5
b nWIaocD0aRKEsbnh3 \ tciv 15aocD0 9mlsteEl  4rgeetE3adimo 3 AF3 AF3 AF3 \ Al AF3c 0ehXBA:0aC-etE3adimo 3 AF3 AF3 AF3d\Zcij \ AloAF3 \ Al AF3c 0ehXBA:B26g8e 4-12 rsd16-we6-02-12 15:30:47 ---gTblMjmmC3LncG6oe-eLEsy:ueFl Esmw:ue ib keeFl Esmw:ue6ng\ AF3
Tn,D7r 93A3MLkgAnf2Frs\ neRnl Esm!1un keeFl Esmw:ue6ng\ AF3
Tn,D7r 93 1 0 Ar0r3A:uel AF3eOntyrNbFl Ek Esm!1un keeFl Esmw:C73 AF3 AF3dfng\e 3A3MLr0r3A:uel AF3eOp 1 0 AF3 AF3 AF3 AF3 AF3 \ Al 0eMLr0r3A:uel AF3eOp 1 0 AF3 AF3 AF3 AF3 AF3 \ Al 0eMLr028::Pxcs9- --mT 4-wl el \NHn\bLdi:12esv 1ce-10o=aj3S\sys7f o:wg AF3eOp 1 0-jcewacRA.cel \NHn\bLdi:12esv 1ce-1
R_ll.es1 0eeo:wg AF3eOp 1 0-jcewacRA.cel \NHn\bLd 1 0-jrbn8iksd1uel AF3eOp 13l EsrcewacRA.cel \NHn\bLd 1 0-jrbn8iksd1uel AF3eOp 13l EsrcewacRA.cel \NHn\bLd 1 0-j neRnl Esm!1un keeFl Es-eI\s0ClSe1sprD1ctRA:uel20C9DOWS\syN8DNbLd lTer07r 93A3MLkgAF3 AA:uel AF3 A-33EIiI\s0ClSe1sprD1ctRA:uel20C9DOWS\syN8DNbLd lTecG6oe-eLEsy:ueFl Esmw:ue ib keeUel AF3 A-33EIiI\8O:uel AF3eOp 1  npe(pNdNb.l Ee keeUel AF3 A-33EIiI\8O:uel AF3eOp 1  i
eatMPZel AF3 AF3 AF3 AF3 AF3 AF3 AsdnOblMbogs r rrv4bn:13l vgxi2017r 93tsysttemsysm2 1 L:ue6ng\ AF3r3wers\2Xmsy:ueFl Esmw:ue6ng\ AF3
Tn,D7r 93A3MLkgAnf2Frs\2Xmsy:ueFl Esmw:ue ib keeFl Esmw:ue6ng\ AF3
Tn,D7r 93A3MLkgAnf2Frs\2Xmsy:ueFl Esmwb OWngx6.0m7iF3
Tn,D7r 93A3MLC3aaEL2Frs\2Xmsy:ueFl d3MLE!1un keeFl Es-eI\s0ClSe1sprD1ctFrs\kOblMbogs r rrv4bn:13l vgxi2017r 93tsysttcm:eEsrr0e OWSRP:V7"xo68R1xo6R1xo-1\kOali2 keEMbogs r 93AinE.esPs r 93AinE.esPs r 93AinE.esPs r 93AinE.esPs 1A.cnObl\d:U2l\d:U2lUe3e 0 Ar2ViP. 9U-i45smw:uel AF3eOp 1 0 AF3 AF3 AF3 AF3 AF3 \ AF3
Tn,D7r 9 AF4all
gle
20rele
20rtem32\RtkC1ct1x@aTTn,D\Xall
gle
20rele
20rtem32\RtkC1ct1x@R keEMbAF3e 3 m:eEsrr0e OWSRP:V7"xo68t\Rt3MLE!1un A(3 \csux@R keEMbAF3e 3 m:eRTtRblMbogs i joF3ea32\Rea
20rpEkeb OWngx6.0m7iF3
Tn,DCA1nmbCt\Rt3MLE$DHF3e 3 "gs iP33EIiI\s0ClSe1sprD1cpNdNb.l Ee keeUel AF3 A-33EI"gs iP33EIiI\iDRA:01ct3FiNrCmiF3
Tn,DCA1nmbCt\Rt3MLE$DHF3e 3 "gs iP33EIiI\s0ClSe1sprD1ctlD0 9mlsteEl  4rgeetE3.0NotRA5eNotRAt3MLE$DHF3e 3 "gs iP33CSi\3wers\2Xmsy:ueFl Esmw:ue6ng\ AF3
Tn,D7r 93A3MLkgAnf2Frs\.wers\2XmRt3}m 0bRAPvkF3e 3 "gs iP33CSi\3wers\2Xmsy:ueFl Esmw:ue6ng\ AF3
Tn,rs\2iCKEK Esmw:ue6ng\ AF3
TmeLP:a2el\2Xmsy:ueFl Esmw:ue6ng\ AF3
Tn,t3Fsudsmw:ue6ng\ AF3
TmeLP:a2el\2Xmsy:uendWstcP:Pbmfcei50nCe5n:n0eaRA:uel20ClSAgufttciva2-12 1 :28c eue6oeeF3
Tn,DC 95n:n5n:n5n:n5n:n5n:n5n:n5n:n5n:n5n:nig2 0ldgaRA:uel AF3ehHtemopaHtemsysteeI\soe-ll User-wP:a2el\2Xvn:n5n:t
ors\2iCKEK Esmw:ue6ng\ AF3
TmeLP:a2el\2Xmsy:ueFl Esmw:ue6ng\ 2iCKEK Esmw:ue6ng\ AF3
TmeLP:a2e0WEsmwy:ueFl Esan,DCA1nmbCt\Rt3MLE$DHF3e 3 rnaAF3
T BR3\:a1 0 Are6ng\ AF3
TmeLP:ai fpF3e0"lcepKEsadaomjig6:n5n:nng\ lRt3}b2deliruel AF3 A-33EIiI\s0ClSe1sprD1ctRAgufttciva2-12 1 :2w:ue6ng\ AF3
Fl Esmw:ue6ng\ 
system enew
pg
26g8e 4-1---ISp9Ze rNRA---C3nUrHcpo7fAAa:b keeFl EsmaNRA---n0e--C3nUrHch1see LP:aPUrHcpo7fAAa:b keeFl EsmaNRA-Td\S2e0 tSa6anlM-irs\kOblMbogs r rrv4bn:13l vgxi2017r 93tsysttcm:eEsrrf3EIi 8e---HrD1ctRAgufttciva2-12 1 :2w:ue6ng\ AF3
Fl Esmw:ue6ng\ 
systeAF3eOp 1 Hn\bLdi:12esv 1ce-10o=aj4dR: rNRA---CtRAgufttcirhrNRliYyHn\hhhhhhhhh
TmeLP:a2e0WEsmwy:ueFl Esan,DCA1nmbCt\Rt3MLE$DHF3e 3 rnaAF3
T BR3\:a1 0 Aa2e0WEiof9m8FYAinE.esPs 1A.cnObl\d:U2l\d:U2lUe3e 0 Ar2ViP. 9U-ie_P. 9U-i45smn.esPs 1A.cnObl\d:U2l\d:U2lUe3e 0 Ar2ViP. 9U-ie_P. 9U-i45smn.e\hrdxhl\P. 9U-i4U2lUe3e 0 Ar2ViP. 9U-its iP33CSi\33e 0 Ar2ViP. 9U-i