﻿Лог утилиты random's system information tool 1.16(автор: random/random)
Run by Samsung at 2020-09-11 09:48:18
Microsoft Windows 7 Домашняя расширенная  Service Pack 1
Системный раздел C: размер 107 GB (70%) Свободно 154 GB
Total RAM: 3564 MB (61% free)
X64

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:48:19, on 11.09.2020
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\ProgramData\Windows\rutserv.exe
C:\Windows\SysWOW64\cmd.exe
C:\Programdata\RunDLL\rundll.exe
C:\Windows\SysWOW64\cmd.exe
C:\Programdata\RunDLL\system.exe
C:\Users\Samsung\Desktop\autologger\AutoLogger-test.exe
C:\Users\Samsung\Desktop\autologger\AutoLogger\AVZ\avz.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Samsung\Desktop\autologger\AutoLogger\RSIT\Samsung_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yandex.ru/?win=417&clid=2332286
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Отправить в OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: AdobeUpdateService - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (file missing)
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Unknown owner - D:\Alcohol 120\AxAutoMntSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\elevation_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Luminati Net Updater (luminati_net_updater_win_alcohol_soft) - Unknown owner - D:\Alcohol 120\lumsdk\net_updater32.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Microsoft Framework (RManService) - Unknown owner - C:\ProgramData\Windows\rutserv.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8011 bytes

====== Список процессов ======

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
C:\ProgramData\Windows\rutserv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\cmd.exe
\??\C:\Windows\system32\conhost.exe
C:\Programdata\RunDLL\rundll.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\RunDll32.exe" "C:\Windows\system32\WerConCpl.dll", LaunchErcApp -queuereporting
C:\Windows\SysWOW64\cmd.exe
C:\Programdata\RunDLL\system.exe
"C:\Users\Samsung\Desktop\autologger\AutoLogger-test.exe" 
"C:\Users\Samsung\Desktop\autologger\AutoLogger\AVZ\avz.exe" Script=AVZ\GeneralScript.txt HiddenMode=0
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://google.ru/"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Samsung\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Samsung\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=83.0.4103.116 --initial-client-data=0xac,0xb0,0xb4,0x80,0xb8,0x7fef383bd28,0x7fef383bd38,0x7fef383bd48
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://google.ru
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1068,5586308341134268131,9830277848026932827,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1084 /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1068,5586308341134268131,9830277848026932827,131072 --lang=ru --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1324 /prefetch:8
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3056 CREDAT:79873
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1068,5586308341134268131,9830277848026932827,131072 --lang=ru --disable-client-side-phishing-detection --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1068,5586308341134268131,9830277848026932827,131072 --lang=ru --extension-process --disable-client-side-phishing-detection --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2436 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1068,5586308341134268131,9830277848026932827,131072 --lang=ru --extension-process --disable-client-side-phishing-detection --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1068,5586308341134268131,9830277848026932827,131072 --lang=ru --extension-process --disable-client-side-phishing-detection --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1068,5586308341134268131,9830277848026932827,131072 --lang=ru --extension-process --disable-client-side-phishing-detection --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1068,5586308341134268131,9830277848026932827,131072 --lang=ru --disable-client-side-phishing-detection --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1068,5586308341134268131,9830277848026932827,131072 --lang=ru --disable-client-side-phishing-detection --enable-auto-reload --origin-trial-disabled-features=MeasureMemory --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3056 CREDAT:14342
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 
"C:\Users\Samsung\Desktop\autologger\AutoLogger\RSIT\RSITx64.exe" /silent /m3 /autolog /logfolder "C:\Users\Samsung\Desktop\autologger\AutoLogger\RSIT\Log" /hjtp "C:\Users\Samsung\Desktop\autologger\AutoLogger\RSIT\HiJackThis.exe"
C:\Windows\system32\wbem\wmiprvse.exe

====== Папка назначенных заданий ======

C:\Windows\system32\tasks\Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
C:\Windows\system32\tasks\Microsoft\Windows\Wininet\RealtekHDControl - C:\Programdata\RealtekHD\taskhost.exe
C:\Windows\system32\tasks\Microsoft\Windows\Wininet\RealtekHDStartUP - C:\Programdata\RealtekHD\taskhost.exe
C:\Windows\system32\tasks\Microsoft\Windows\Wininet\Taskhost - C:\Programdata\RealtekHD\taskhostw.exe
C:\Windows\system32\tasks\Microsoft\Windows\Wininet\Taskhostw - C:\Programdata\RealtekHD\taskhostw.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification - %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 - %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - sc.exe start sppsvc
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - %SystemRoot%\System32\powercfg.exe -energy -auto
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService - %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks - %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ehDRMInit - %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\InstallPlayReady - %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\mcupdate - %SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURActivate - %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\OCURDiscovery - %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscovery - %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 - %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 - %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry - %windir%\ehome\MCUpdate.exe -pscn 0
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\PvrScheduleTask - %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RecordingRestart - %SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\RegisterSearch - %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot - %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask - %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
C:\Windows\system32\tasks\Microsoft\Windows\Media Center\UpdateRecordPath - %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\AitAgent - aitagent
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\Microsoft\Office\Office 15 Subscription Heartbeat - %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentFallBack - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880
C:\Windows\system32\tasks\Microsoft\Office\OfficeTelemetryAgentLogOn - "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload

=========Google Chrome=========

C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Интернет-магазин Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Документы 0.10
Extension apdfllckaahabafndbhieahigkjlhalf 1 Диск Google 6.2
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0  
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cfhdojbkjhnklbpkdaibdccddilifddb 1 Adblock Plus - бесплатный блокировщик рекламы 3.9.5
Extension emngkmlligggbbiioginlkphcmffbncb 0 AdBlock на YouTube™ 1.7.0
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension gfjocjagfinihkkaahliainflifnlnfc 1 Скачать музыку c VK 2.0.0.6
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Google Документы офлайн 1.13.0
Extension gighmmpiobklfepjocnamgkkbiglidom 1 AdBlock — лучший блокировщик рекламы 4.20.0
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.74
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.15
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Платежная система Интернет-магазина Chrome 1.0.0.5
Extension omimccinlhlkpjaeaocglgmkbelejlhj 0 Flash-HTML5 for YouTube™ 0.1.9
Extension pgjjikdiikihdfpoppgaidccahalehjh 1 Speedtest by Ookla 1.0.9.4
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.2
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 8320.407.0.1
Homepage: 
default_search_provider.search_url: 
C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage: 
default_search_provider.search_url: 

======Снимок реестра ======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-21 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2014-01-21 2333400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2014-01-23 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2014-01-23 1728216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Realtek HD Audio"=C:\ProgramData\RealtekHD\taskhostw.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud]
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-28 558496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeGCInvoker-1.0]
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2020-06-04 3325520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
D:\Alcohol 120\AxAutoMntSrv.exe -automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Discord]
C:\Users\Samsung\AppData\Local\Discord\app-0.0.305\Discord.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_B3BDC43574908AB0A82819190CEF4746]
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2020-06-20 1798640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opera Browser Assistant]
C:\Users\Samsung\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2020-09-08 3126808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtek HD Audio]
C:\ProgramData\RealtekHD\taskhostw.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFAUpdater]
C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [2015-03-27 656656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart File Advisor]
C:\Program Files (x86)\Smart File Advisor\sfa.exe [2017-06-19 282352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Samsung\AppData\Roaming\Spotify\Spotify.exe [2020-09-01 23325416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\steam\steam.exe [2020-09-04 3395360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10 335232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RManService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"DisallowRun"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath" = "C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm

====== Ассоциации файлов ======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

====== Список файлов и папок, созданных за последние 3 месяца ======

2020-09-10 19:40:01 ----A---- C:\ProgramData\temp5.exe
2020-09-10 19:13:54 ----D---- C:\Users\Samsung\AppData\Roaming\JetBrains
2020-09-10 19:02:28 ----D---- C:\Program Files\JetBrains
2020-09-10 18:23:10 ----D---- C:\ProgramData\VS Revo Group
2020-09-10 18:23:09 ----A---- C:\Windows\system32\drivers\revoflt.sys
2020-09-10 18:17:36 ----D---- C:\ProgramData\Martau
2020-09-10 13:59:05 ----SHD---- C:\ProgramData\Windows
2020-09-10 13:58:26 ----A---- C:\Windows\system32\rdpclip.exe
2020-09-10 13:58:22 ----HD---- C:\Program Files\RDP Wrapper
2020-09-10 13:57:24 ----D---- C:\Users\Samsung\AppData\Roaming\Macromedia
2020-09-10 13:47:40 ----SHD---- C:\ProgramData\ESET
2020-09-10 13:47:40 ----SHD---- C:\Program Files (x86)\Panda Security
2020-09-10 13:47:39 ----SHD---- C:\Program Files\ESET
2020-09-10 13:47:39 ----SHD---- C:\Program Files\Common Files\McAfee
2020-09-10 13:47:39 ----SHD---- C:\Program Files (x86)\GRIZZLY Antivirus
2020-09-10 13:47:39 ----D---- C:\ProgramData\Avira
2020-09-10 13:47:38 ----SHD---- C:\ProgramData\McAfee
2020-09-10 13:47:38 ----SHD---- C:\ProgramData\grizzly
2020-09-10 13:47:38 ----SHD---- C:\Program Files\Cezurity
2020-09-10 13:47:38 ----SHD---- C:\Program Files (x86)\Cezurity
2020-09-10 13:47:37 ----SHD---- C:\ProgramData\Doctor Web
2020-09-10 13:47:37 ----SHD---- C:\Program Files (x86)\Kaspersky Lab
2020-09-10 13:47:36 ----SHD---- C:\ProgramData\Kaspersky Lab Setup Files
2020-09-10 13:47:36 ----SHD---- C:\ProgramData\Kaspersky Lab
2020-09-10 13:47:36 ----SHD---- C:\Program Files\Kaspersky Lab
2020-09-10 13:47:35 ----SHD---- C:\ProgramData\Norton
2020-09-10 13:47:35 ----SHD---- C:\ProgramData\AVAST Software
2020-09-10 13:47:35 ----SHD---- C:\Program Files\AVG
2020-09-10 13:47:35 ----SHD---- C:\Program Files (x86)\AVG
2020-09-10 13:47:34 ----SHD---- C:\Program Files\SpyHunter
2020-09-10 13:47:34 ----SHD---- C:\Program Files\AVAST Software
2020-09-10 13:47:34 ----SHD---- C:\Program Files (x86)\AVAST Software
2020-09-10 13:47:33 ----SHD---- C:\Program Files\Enigma Software Group
2020-09-10 13:47:33 ----SHD---- C:\Program Files\COMODO
2020-09-10 13:47:32 ----SHD---- C:\ProgramData\360safe
2020-09-10 13:47:32 ----SHD---- C:\Program Files\Malwarebytes
2020-09-10 13:47:32 ----SHD---- C:\Program Files (x86)\SpyHunter
2020-09-10 13:47:31 ----SHD---- C:\Program Files (x86)\360
2020-09-10 13:47:31 ----SHD---- C:\KVRT_Data
2020-09-10 13:47:30 ----SHD---- C:\Program Files\ByteFence
2020-09-10 13:47:30 ----SHD---- C:\AdwCleaner
2020-09-10 13:47:28 ----SHD---- C:\Program Files (x86)\Microsoft JDX
2020-09-10 13:47:28 ----D---- C:\Windows\speechstracing
2020-09-10 13:47:28 ----D---- C:\Windows\fonts\Mysql
2020-09-10 13:47:28 ----D---- C:\ProgramData\MB3Install
2020-09-10 13:47:28 ----D---- C:\ProgramData\Malwarebytes
2020-09-10 13:47:28 ----D---- C:\ProgramData\Indus
2020-09-10 13:47:19 ----SHD---- C:\ProgramData\WindowsTask
2020-09-10 13:47:19 ----SHD---- C:\ProgramData\RunDLL
2020-09-10 13:47:19 ----SHD---- C:\ProgramData\install
2020-09-10 13:47:19 ----D---- C:\ProgramData\System32
2020-09-10 13:47:16 ----SHD---- C:\ProgramData\Setup
2020-09-09 10:39:25 ----D---- C:\Program Files (x86)\Bandicam
2020-09-07 19:58:46 ----D---- C:\Users\Samsung\AppData\Roaming\Code
2020-09-04 08:00:41 ----D---- C:\Users\Samsung\AppData\Roaming\Zoom
2020-09-01 21:43:59 ----D---- C:\Program Files\Adobe
2020-09-01 21:38:13 ----D---- C:\Program Files (x86)\Adobe
2020-08-31 18:37:16 ----D---- C:\ProgramData\Microsoft Visual Studio
2020-08-18 09:24:26 ----A---- C:\ProgramData\RDPWinst.exe
2020-08-06 20:32:32 ----D---- C:\ProgramData\Wondershare
2020-08-06 20:32:32 ----D---- C:\Program Files (x86)\Wondershare
2020-07-22 19:41:00 ----D---- C:\Users\Samsung\AppData\Roaming\MAGIX
2020-07-20 19:43:41 ----D---- C:\Users\Samsung\AppData\Roaming\Spotify
2020-06-16 18:36:20 ----D---- C:\Users\Samsung\AppData\Roaming\java
2020-06-16 18:36:09 ----D---- C:\Users\Samsung\AppData\Roaming\.tlauncher
2020-06-16 18:36:02 ----D---- C:\ProgramData\Sun
2020-06-16 18:35:53 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2020-06-16 18:35:02 ----D---- C:\ProgramData\Oracle
2020-06-16 18:34:12 ----D---- C:\Users\Samsung\AppData\Roaming\.minecraft

====== Список файлов и папок, измененных за последние 3 месяца ======

2028-03-18 19:17:40 ----D---- C:\Windows\system32\wdi
2028-03-18 09:55:09 ----D---- C:\Users\Samsung\AppData\Roaming\Discord
2020-09-11 09:48:18 ----D---- C:\Windows\Temp
2020-09-11 09:25:33 ----HD---- C:\ProgramData
2020-09-11 09:07:14 ----D---- C:\Windows\Prefetch
2020-09-11 08:57:22 ----SHD---- C:\System Volume Information
2020-09-10 19:51:03 ----SHD---- C:\Windows\Installer
2020-09-10 19:51:03 ----D---- C:\Windows\System32
2020-09-10 19:50:59 ----D---- C:\ProgramData\Package Cache
2020-09-10 19:50:24 ----D---- C:\Windows\SysWOW64
2020-09-10 19:02:28 ----RD---- C:\Program Files
2020-09-10 18:46:57 ----D---- C:\Windows\system32\config
2020-09-10 18:46:52 ----D---- C:\Windows\winsxs
2020-09-10 18:28:46 ----D---- C:\Program Files\Common Files\Microsoft Shared
2020-09-10 18:23:13 ----D---- C:\Windows\system32\drivers
2020-09-10 18:17:36 ----D---- C:\Windows\system
2020-09-10 16:06:41 ----D---- C:\Users\Samsung\AppData\Roaming\Adobe
2020-09-10 16:00:48 ----D---- C:\Program Files\Common Files\Adobe
2020-09-10 13:58:41 ----D---- C:\Windows\system32\catroot2
2020-09-10 13:49:08 ----D---- C:\Windows\system32\Tasks
2020-09-10 13:47:40 ----RD---- C:\Program Files (x86)
2020-09-10 13:47:39 ----D---- C:\Program Files\Common Files
2020-09-10 13:47:28 ----SD---- C:\ProgramData\Microsoft
2020-09-10 13:47:28 ----RSD---- C:\Windows\Fonts
2020-09-10 13:47:28 ----D---- C:\Windows
2020-09-10 13:47:28 ----D---- C:\Program Files\Internet Explorer
2020-09-10 13:47:28 ----D---- C:\Program Files\Common Files\System
2020-09-10 13:10:13 ----D---- C:\Users\Samsung\AppData\Roaming\uTorrent
2020-09-09 22:47:26 ----D---- C:\Windows\SYSWOW64\directx
2020-09-09 07:55:13 ----SD---- C:\Users\Samsung\AppData\Roaming\Microsoft
2020-09-02 13:59:28 ----D---- C:\ProgramData\Microsoft Help
2020-09-02 13:41:03 ----D---- C:\ProgramData\SoftMaker
2020-09-02 13:24:10 ----D---- C:\ProgramData\Adobe
2020-09-01 16:59:26 ----D---- C:\Windows\system32\NDF
2020-08-03 12:46:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2020-08-03 12:46:04 ----D---- C:\Windows\inf
2020-07-14 21:46:24 ----SHD---- C:\$Recycle.Bin
2020-07-14 21:46:17 ----RD---- C:\Users
2020-06-16 18:36:01 ----D---- C:\Program Files (x86)\Common Files

File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\SysWOW64\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\SysWOW64\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\SysWOW64\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\SysWOW64\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed

====== Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено) ======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2019-12-31 393880]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-11-21 18959360]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-11-21 589312]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2014-11-09 4108288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2015-01-15 977624]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 ag3y65zv;ag3y65zv; C:\Windows\system32\drivers\ag3y65zv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2016-12-21 40240]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Адаптер USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

====== Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено) ======

R2 AGMService;Adobe Genuine Monitor Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2020-06-04 3673680]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020-06-04 3406416]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-11-21 244736]
R2 RManService;Microsoft Framework; C:\ProgramData\Windows\rutserv.exe [2016-01-23 1789440]
S2 AdobeUpdateService;AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe []
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; D:\Alcohol 120\AxAutoMntSrv.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 luminati_net_updater_win_alcohol_soft;Luminati Net Updater; D:\Alcohol 120\lumsdk\net_updater32.exe --updater win_alcohol.soft []
S2 StarWindServiceAE;StarWind AE Service; D:\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\elevation_service.exe [2020-08-23 1322992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2014-01-21 5132888]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-05-22 1672992]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 gupdate;Служба Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-12-19 153168]
S4 gupdatem;Служба Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-12-19 153168]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------
