﻿Лог утилиты random's system information tool 1.12(автор: random/random)
Run by Admin at 2015-08-02 12:37:17
Microsoft Windows XP Professional Service Pack 3
Системный раздел C: размер 93 GB (78%) Свободно 119 GB
Total RAM: 2046 MB (64% free)
X86

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:22, on 02.08.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\AutoLogger\AutoLogger\AVZ\avz.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Admin\Рабочий стол\Dr.WebH7\program files\DrWeb\drwebscd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\MailRu\MailRuUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\BlueStacks\HD-UpdaterService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Yandex\YandexBrowser\Application\34.0.1847.18274\crash_service.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\Wbem\wmiprvse.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.exe
C:\WINDOWS\system32\dwwin.exe
C:\AutoLogger\AutoLogger\RSIT\RSIT.exe
C:\WINDOWS\System32\Wbem\wmiprvse.exe
C:\AutoLogger\AutoLogger\RSIT\Admin_RSIT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://inews.pw/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://webalta.ru/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://webalta.ru/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://webalta.ru/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://webalta.ru/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DrWebScheduler] "C:\Documents and Settings\Admin\Рабочий стол\Dr.WebH7\program files\DrWeb\drwebscd.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [MailRuUpdater] C:\Documents and Settings\Admin\Local Settings\Application Data\MailRu\MailRuUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\DOCUME~1\Admin\0016~1\DRC0F8~1.WEB\PROGRA~1\DrWeb\spidernt.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 9020 bytes

======Папка назначеных зданий======

C:\WINDOWS\tasks\AmiUpdXp.job - C:\Documents and Settings\Admin\Application Data\SwvUpdater\Updater.exe 
C:\WINDOWS\tasks\Резервная копия реестра.job - C:\WINDOWS\ERDNT\backup.exe C:\WINDOWS\ERDNT\#Date# sysreg curuser otherusers /noprogresswindow /days:3

=========Google Chrome=========

C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Extension aapbdbdomjkkjkaonfhkkikfgjllcleb 1 NetSecurity 30.2.5
Extension ahfgeienlihckogmohjhadlkjgocpleb  Store 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Google Docs 0.6
Extension apdfllckaahabafndbhieahigkjlhalf 1 Google Drive 6.3
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.6
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Google Search 0.0.0.20
Extension dcnljcpdnpjlpgeinmagnhnjmjmgedoo 1 Media Watch 1.1
Extension eemcgdkfndhakfknompkggombfjjjeno  Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg  Settings 0.2
Extension gfdkimpbcpahaombhbimeihdjnejgicl  Feedback 1.0
Extension mfehgcgbbipciphmccgaenjidiccnmng  Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf  Chrome 0.1
Extension neajdppkdcdipfabeoofebfddakdcjhd  Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome  Hangout Services 1.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Google Wallet 0.0.6.1
Extension pafkbggdmjlpgkdkcbjmhmfcdpncadgh  Google Now 1.2.0.1
Extension piendafmanmgjjoccheiknnjbaifbpof 1 Rich Media View 1.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 7
Extension ppiihojmpkflnhhdfhgkdcgachemnodl 1 Media View 1.1
Homepage: http://inews.pw/
default_search_provider.search_url: http://go.mail.ru/search?q={SearchTerms}&fr=ntg

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dcnljcpdnpjlpgeinmagnhnjmjmgedoo]
"Path"=C:\Program Files\MediaWatchV1\MediaWatchV1home276\ch\MediaWatchV1home276.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\piendafmanmgjjoccheiknnjbaifbpof]
"Path"=C:\Program Files\RichMediaViewV1\RichMediaViewV1release413\ch\RichMediaViewV1release413.crx

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ppiihojmpkflnhhdfhgkdcgachemnodl]
"Path"=C:\Program Files\MediaViewV1\MediaViewV1alpha8414\ch\MediaViewV1alpha8414.crx


======Снимок реестра======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27 550744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27 550744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=RTHDCPL.EXE []
"Alcmtr"=ALCMTR.EXE []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Bing Bar"=C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [2010-04-27 243544]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-11-11 288088]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-03-14 2565520]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"=C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2011-01-15 452016]
""= []
"Reader Application Helper"=C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [2014-03-13 899400]
"BlueStacks Agent"=C:\Program Files\BlueStacks\HD-Agent.exe [2014-05-21 832272]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]
"DrWebScheduler"=C:\Documents and Settings\Admin\Рабочий стол\Dr.WebH7\program files\DrWeb\drwebscd.exe [2010-08-29 283888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-05-08 21441664]
"MailRuUpdater"=C:\Documents and Settings\Admin\Local Settings\Application Data\MailRu\MailRuUpdater.exe [2014-08-20 6204136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallTheme"=%WinDir%\Resources\Themes\OpusOS.Theme
"InstallVisualStyle"=%WinDir%\Resources\Themes\OpusOS\OpusOS.msstyles
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe"="C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:Настройка устройства HP"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\HL2 - Return of the Resistance Chapter 1\SteamApps\User\Half-Life 2\hl2.exe"="C:\Program Files\HL2 - Return of the Resistance Chapter 1\SteamApps\User\Half-Life 2\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
"StubPath"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
"StubPath"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======Список файлов и папок, созданных за последние 3 месяца======

2015-08-02 12:30:56 ----A---- C:\WINDOWS\system32\drivers\utq3mze5.sys
2015-08-02 12:26:57 ----D---- C:\AutoLogger
2015-08-01 20:35:55 ----D---- C:\Documents and Settings\Admin\Application Data\Auslogics
2015-08-01 20:34:31 ----D---- C:\Program Files\Auslogics
2015-08-01 20:15:29 ----D---- C:\Device
2015-08-01 20:01:56 ----A---- C:\bjrmaa2h.exe
2015-08-01 19:09:44 ----D---- C:\Program Files\Total Commander
2015-08-01 18:04:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2015-08-01 18:04:24 ----D---- C:\Documents and Settings\Admin\Application Data\URSoft
2015-08-01 18:04:23 ----D---- C:\Program Files\Your Uninstaller! PRO

======Список файлов и папок, измененных за последние 3 месяца======

2015-08-02 12:36:29 ----D---- C:\WINDOWS\system32\CatRoot2
2015-08-02 12:35:05 ----D---- C:\WINDOWS\Temp
2015-08-02 12:33:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2015-08-02 12:33:30 ----SH---- C:\WINDOWS\desktop.ini
2015-08-02 12:33:30 ----SH---- C:\Program Files\Desktop.ini
2015-08-02 12:30:56 ----D---- C:\WINDOWS\system32\drivers
2015-08-02 12:26:03 ----D---- C:\WINDOWS\ERDNT
2015-08-01 21:16:33 ----RD---- C:\WINDOWS
2015-08-01 20:38:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2015-08-01 20:34:53 ----D---- C:\WINDOWS\Prefetch
2015-08-01 20:34:31 ----RD---- C:\Program Files
2015-08-01 19:33:28 ----D---- C:\Program Files\Mobogenie3
2015-08-01 19:25:57 ----D---- C:\Program Files\Mobogenie
2015-08-01 19:10:03 ----D---- C:\WINDOWS\system32
2015-08-01 18:30:02 ----SHD---- C:\WINDOWS\Installer
2015-08-01 18:29:14 ----SHD---- C:\Config.Msi
2015-08-01 17:50:12 ----D---- C:\Documents and Settings\Admin\Application Data\Skype

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed
======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)======

R0 IaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2012-05-30 471360]
R0 mv61xxmm;mv61xxmm; C:\WINDOWS\system32\drivers\mv61xxmm.sys [2008-04-15 14184]
R0 mvxxmm;mvxxmm; C:\WINDOWS\system32\drivers\mvxxmm.sys [2008-04-15 14184]
R0 ohci1394;Texas Instruments OHCI-совместимый IEEE 1394 хост-контроллер; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-15 61696]
R1 intelppm;Драйвер Intel процессора; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40704]
R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys []
R2 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2008-04-15 133632]
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-04-15 62848]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-11-20 2418688]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2007-11-20 84992]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 HidUsb;Драйвер класса HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-20 4611072]
R3 mouhid;Драйвер мыши HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-19 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-03-04 4202496]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbstor;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-15 20608]
R3 usbvideo;USB-видеоустройство (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
R3 utq3mze5;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utq3mze5.sys []
S1 kbdhid;Драйвер клавиатуры HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S2 SPIDER;SpIDer Guard File System Monitor; \??\C:\DOCUME~1\Admin\0016~1\DRC0F8~1.WEB\PROGRA~1\DrWeb\spider.sys []
S3 Arp1394;Протокол клиента 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
S3 CCDECODE;Closed Caption декодер; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2012-06-04 80824]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;Сетевой драйвер 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-11-20 90880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2012-06-04 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudserd.sys [2012-06-04 181432]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Класс принтеров Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Драйвер USB-сканера; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 WSTCODEC;World Standard Teletext кодек; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-11-20 483328]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [2014-05-21 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service; C:\Program Files\BlueStacks\HD-UpdaterService.exe [2014-05-21 774928]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2014-07-25 182696]
S2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files\BlueStacks\HD-Service.exe [2014-05-21 402192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 SPIDERNT;SpIDer Guard for Windows; C:\DOCUME~1\Admin\0016~1\DRC0F8~1.WEB\PROGRA~1\DrWeb\spidernt.exe [2011-02-10 231816]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [2013-11-26 73728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
