﻿Лог утилиты random's system information tool 1.09 (автор: random/random)
Run by Admin at 2014-05-08 21:07:06
Microsoft Windows XP Professional Service Pack 2
Системный раздел C: размер 6 GB (4%) Свободно 153 GB
Total RAM: 1791 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:07:08, on 08.05.2014
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\IePluginService\PluginService.exe
C:\Documents and Settings\All Users\Application Data\WPM\wprotectmanager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Admin\Рабочий стол\AutoLogger\AVZ\avz.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin\Application Data\uTorrent\uTorrent.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\MailRu\MailRuUpdater.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Skymonk2\skymonk2.bin
C:\Documents and Settings\Admin\Local Settings\Application Data\Amigo\Application\amigo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATLAS V14\ATLIECOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\KaraokeSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\PCDApp\dgen.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\WiseEnhance\updateWiseEnhance.exe
C:\WINDOWS\system32\uphclean.exe
C:\Program Files\WiseEnhance\bin\utilWiseEnhance.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Amigo\Application\amigo.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Amigo\Application\amigo.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Amigo\Application\amigo.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Amigo\Application\amigo.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Amigo\Application\amigo.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Amigo\Application\amigo.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Amigo\Application\amigo.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Amigo\Application\amigo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Рабочий стол\AutoLogger\RSIT\RSIT.exe
C:\Documents and Settings\Admin\Рабочий стол\AutoLogger\RSIT\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1398533537&from=cor&uid=WDCXWD1600AAJS-00Z4A0_WD-WCAT2745445354453&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1398533537&from=cor&uid=WDCXWD1600AAJS-00Z4A0_WD-WCAT2745445354453&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1398533537&from=cor&uid=WDCXWD1600AAJS-00Z4A0_WD-WCAT2745445354453&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1398533537&from=cor&uid=WDCXWD1600AAJS-00Z4A0_WD-WCAT2745445354453&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
R3 - Default URLSearchHook is missing
O2 - BHO: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V14\ATLIECP.DLL
O2 - BHO: CostMin - {55E4BDE0-D3AF-FDB9-0526-CA512B986818} - C:\Program Files\CostMin\wkRFfR.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O2 - BHO: WiseEnhance - {bc8c4384-d19c-474b-a298-c90b7e5c5204} - C:\Program Files\WiseEnhance\WiseEnhanceBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V14\ATLIECP.DLL
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [NextLive] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Admin\Application Data\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Admin\Application Data\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [MailRuUpdater] C:\Documents and Settings\Admin\Local Settings\Application Data\MailRu\MailRuUpdater.exe
O4 - HKCU\..\Run: [Skymonk2] C:\Documents and Settings\Admin\Local Settings\Application Data\Skymonk2\skymonk2.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LinkDel] linkdel.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2000478354-1844237615-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Translate with ATLAS - C:\Program Files\ATLAS V14\Atlscript.html
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: ATLAS Translation &Editor - C:\Program Files\ATLAS V14\AtlscriptEdit.html
O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V14\Atlscript.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{B50D9B9C-2940-4D65-9165-907E8B3138E3}: NameServer = 80.251.112.80 80.251.112.81
O20 - AppInit_DLLs: c:\progra~1\suppor~1\suppor~1.dll
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Supporter (40030ae4) - Корпорация Майкрософт - C:\WINDOWS\system32\rundll32.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\Documents and Settings\All Users\Application Data\IePluginService\PluginService.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\Program Files\PCDApp\StartHelp.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Update WiseEnhance - Unknown owner - C:\Program Files\WiseEnhance\updateWiseEnhance.exe
O23 - Service: Util WiseEnhance - Unknown owner - C:\Program Files\WiseEnhance\bin\utilWiseEnhance.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Wpm Service (Wpm) - Cherished Technololgy LIMITED - C:\Documents and Settings\All Users\Application Data\WPM\wprotectmanager.exe

--
End of file - 10854 bytes

======Папка назначеных зданий======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\8qts7udg.default

prefs.js - "browser.search.useDBForOrder" -  true

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/AuthorwarePlayer]
"Description"=Adobe Authorware Player
"Path"=C:\WINDOWS\system32\Macromed\AUTHORWA\np32asw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll


C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\8qts7udg.default\extensions\
itapp@ip-life.org
i_rpx@rgpqsvcpg.org
xplceiuu@ly.com
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

======Снимок реестра======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C6301ED-0F78-4AF2-8150-D9C052361A8E}]
ATLAS Toolbar - C:\Program Files\ATLAS V14\ATLIECP.DLL [2007-10-04 296288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55E4BDE0-D3AF-FDB9-0526-CA512B986818}]
CostMin - C:\Program Files\CostMin\wkRFfR.dll [2013-04-26 371200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-05 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc8c4384-d19c-474b-a298-c90b7e5c5204}]
WiseEnhance - C:\Program Files\WiseEnhance\WiseEnhanceBHO.dll [2014-04-24 249632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-05 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3C6301ED-0F78-4AF2-8150-D9C052361A8E} - ATLAS Toolbar - C:\Program Files\ATLAS V14\ATLIECP.DLL [2007-10-04 296288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2012-06-08 41122448]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2013-01-31 15517472]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2013-01-31 1982312]
"mobilegeni daemon"=C:\Program Files\Mobogenie\DaemonProcess.exe []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"amva"=C:\WINDOWS\system32\amvo.exe [2008-02-03 102459]
"NextLive"=C:\Documents and Settings\Admin\Application Data\newnext.me\nengine.dll [2013-11-14 1283584]
"uTorrent"=C:\Documents and Settings\Admin\Application Data\uTorrent\uTorrent.exe [2014-04-26 1266520]
"MailRuUpdater"=C:\Documents and Settings\Admin\Local Settings\Application Data\MailRu\MailRuUpdater.exe [2014-04-19 2069536]
"Skymonk2"=C:\Documents and Settings\Admin\Local Settings\Application Data\Skymonk2\skymonk2.exe [2014-04-25 520336]

C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\suppor~1\suppor~1.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Admin\Application Data\uTorrent\uTorrent.exe"="C:\Documents and Settings\Admin\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\PCDApp\dgen.exe"="C:\Program Files\PCDApp\dgen.exe:*:Enabled:MProxy"
"C:\Program Files\PCDApp\cudaminer.exe"="C:\Program Files\PCDApp\cudaminer.exe:*:Enabled:NProxy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======Список файлов и папок, созданных за последние 1 месяц======

2014-05-08 21:07:06 ----D---- C:\rsit
2014-05-08 20:52:18 ----A---- C:\WINDOWS\system32\drivers\utexmtm2.sys
2014-05-08 20:32:41 ----D---- C:\Program Files\Happy22Save
2014-05-08 20:25:33 ----RSH---- C:\2ifetri.cmd
2014-05-08 20:20:58 ----D---- C:\WINDOWS\pss
2014-05-08 20:02:30 ----D---- C:\Program Files\FinalWire
2014-05-05 23:12:28 ----A---- C:\WINDOWS\system32\kbdkor.dll
2014-05-05 23:12:28 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2014-05-05 23:12:28 ----A---- C:\WINDOWS\system32\kbd106.dll
2014-05-05 23:12:28 ----A---- C:\WINDOWS\system32\kbd103.dll
2014-05-05 23:12:28 ----A---- C:\WINDOWS\system32\kbd101c.dll
2014-05-05 23:12:27 ----A---- C:\WINDOWS\system32\kbd101b.dll
2014-05-05 23:11:50 ----D---- C:\Documents and Settings\Admin\Application Data\Fujitsu
2014-05-05 23:08:55 ----D---- C:\Program Files\ATLAS V14
2014-05-05 22:58:52 ----D---- C:\Documents and Settings\Admin\Application Data\NVIDIA
2014-05-05 22:58:24 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2014-05-05 22:58:23 ----D---- C:\Program Files\Common Files\Java
2014-05-05 22:58:15 ----A---- C:\WINDOWS\system32\javaws.exe
2014-05-05 22:58:09 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-05-05 22:58:09 ----A---- C:\WINDOWS\system32\javaw.exe
2014-05-05 22:58:09 ----A---- C:\WINDOWS\system32\java.exe
2014-05-05 22:57:48 ----D---- C:\Program Files\Java
2014-05-05 22:02:08 ----D---- C:\Documents and Settings\Admin\Application Data\Sun
2014-05-05 18:03:10 ----A---- C:\WINDOWS\system32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gt.sys
2014-05-04 16:32:11 ----D---- C:\Program Files\ESET
2014-05-03 19:14:20 ----D---- C:\Documents and Settings\All Users\Application Data\Happy22Save
2014-04-27 20:41:43 ----A---- C:\WINDOWS\system32\amvo0.bak
2014-04-26 20:38:33 ----D---- C:\Program Files\CCleaner
2014-04-26 20:33:01 ----D---- C:\Documents and Settings\Admin\Application Data\1H1Q
2014-04-26 20:32:57 ----D---- C:\Program Files\SupTab
2014-04-26 20:32:57 ----D---- C:\Documents and Settings\All Users\Application Data\IePluginService
2014-04-26 20:32:57 ----D---- C:\Documents and Settings\Admin\Application Data\SupTab
2014-04-26 20:32:51 ----D---- C:\Documents and Settings\All Users\Application Data\WPM
2014-04-26 20:32:24 ----D---- C:\Program Files\WiseEnhance
2014-04-26 20:32:24 ----D---- C:\Documents and Settings\Admin\Application Data\sweet-page
2014-04-26 20:32:10 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-04-26 20:32:02 ----D---- C:\Program Files\Mozilla Firefox
2014-04-26 18:55:46 ----D---- C:\Program Files\PCDApp
2014-04-26 18:55:23 ----D---- C:\Program Files\smic
2014-04-26 18:54:03 ----D---- C:\Program Files\Supporter
2014-04-26 18:53:45 ----D---- C:\Documents and Settings\All Users\Application Data\CostMin
2014-04-26 18:53:45 ----D---- C:\Documents and Settings\All Users\Application Data\4614cf34dc6f7d2f
2014-04-26 18:53:44 ----D---- C:\Program Files\CostMin
2014-04-26 18:50:10 ----D---- C:\Program Files\MediaBuzzV1

======Список файлов и папок, измененных за последние 1 месяц======

2014-05-08 21:05:41 ----D---- C:\Documents and Settings\Admin\Application Data\newnext.me
2014-05-08 21:05:09 ----D---- C:\Documents and Settings\Admin\Application Data\uTorrent
2014-05-08 21:04:53 ----D---- C:\WINDOWS\Temp
2014-05-08 21:04:53 ----AD---- C:\WINDOWS\system32
2014-05-08 21:04:45 ----D---- C:\WINDOWS\system32\drivers
2014-05-08 21:04:20 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-08 21:02:02 ----A---- C:\WINDOWS\win.ini
2014-05-08 20:34:28 ----RD---- C:\Program Files
2014-05-08 20:26:14 ----AD---- C:\WINDOWS
2014-05-08 20:24:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-08 20:23:34 ----AHD---- C:\WINDOWS\inf
2014-05-08 20:23:27 ----SHD---- C:\WINDOWS\Installer
2014-05-06 07:22:43 ----D---- C:\WINDOWS\Prefetch
2014-05-05 23:12:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-05-05 22:58:23 ----D---- C:\Program Files\Common Files
2014-05-04 16:31:37 ----A---- C:\WINDOWS\NeroDigital.ini
2014-04-30 19:27:20 ----D---- C:\Video
2014-04-30 15:23:49 ----D---- C:\Documents and Settings\Admin\Application Data\VKDJ
2014-04-30 14:49:04 ----D---- C:\VkontakteDJ
2014-04-30 14:38:28 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-26 19:16:10 ----D---- C:\Documents and Settings\Admin\Application Data\SwvUpdater
2014-04-26 19:16:06 ----SD---- C:\WINDOWS\Tasks
2014-04-26 18:53:43 ----D---- C:\Documents and Settings
2014-04-16 20:53:16 ----D---- C:\Program Files\KMPlayer

======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)======

R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472]
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2010-04-09 168040]
R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gt;{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gt; C:\WINDOWS\system32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gt.sys [2014-05-02 55232]
R1 AmdPPM;Драйвер AMD HwPState процессора; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-12-26 138752]
R3 hidusb;Драйвер класса HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2013-05-23 43800]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2013-05-23 37528]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2013-05-23 28312]
R3 mouhid;Драйвер мыши HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-19 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-01-31 12648960]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2010-03-04 70912]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2010-03-04 13824]
R3 utexmtm2;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utexmtm2.sys []
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2012-05-04 2551664]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 AMBFilt;AMBFilt; C:\WINDOWS\system32\drivers\AMBFilt.sys [2009-06-26 1656960]
S3 MonFilt;MonFilt; C:\WINDOWS\system32\drivers\MonFilt.sys [2008-12-02 1389056]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-28 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]

======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)======

R2 40030ae4;Supporter; c:\progra~1\suppor~1\SupporterSvc.dll [2014-04-26 178000]
R2 IePluginService;IePlugin Service; C:\Documents and Settings\All Users\Application Data\IePluginService\PluginService.exe [2014-04-11 705136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-05-05 182696]
R2 KaraokeService;VIA Karaoke digital mixer Service; C:\WINDOWS\system32\KaraokeSer.exe [2012-05-04 88688]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2013-01-31 156448]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-31 1259296]
R2 UMWdf;Компонент драйверов пользовательского режима Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Update WiseEnhance;Update WiseEnhance; C:\Program Files\WiseEnhance\updateWiseEnhance.exe [2014-05-07 316704]
R2 UPHClean;User Profile Hive Cleanup; C:\WINDOWS\system32\uphclean.exe [2006-01-16 241725]
R2 Util WiseEnhance;Util WiseEnhance; C:\Program Files\WiseEnhance\bin\utilWiseEnhance.exe [2014-05-07 316704]
R2 Wpm;Wpm Service; C:\Documents and Settings\All Users\Application Data\WPM\wprotectmanager.exe [2014-04-26 566272]
S2 gupdate;Служба Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-08 116648]
S2 ProtectMonitor;Protect Monitor; C:\Program Files\PCDApp\StartHelp.exe [2014-04-10 97007]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Служба Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-08 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-15 119408]

-----------------EOF-----------------
