Лог утилиты random's system information tool 1.09 (автор: random/random)
Run by UserXP at 2012-10-22 15:35:18
WIN_XP Service Pack 3
Системный раздел C: размер 881 MB (4%) Свободно 20 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:35:21, on 22.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WebMoney Agent\wmagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\UserXP\Application Data\DRPSu\DrvUpdater.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky CRYSTAL\klwtblfs.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\UserXP\Рабочий стол\RSIT.exe
C:\Program Files\trend micro\UserXP.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rambler.ru/?utm_source=r14&utm_medium=distribution&utm_content=e08&utm_campaign=a16
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
R3 - URLSearchHook: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O1 - Hosts: 127.0.0.2 custom-host
O1 - Hosts: 127.0.0.2 www.custom
O1 - Hosts: 127.0.0.2 custom
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky CRYSTAL\ievkbd.dll
O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky CRYSTAL\klwtbbho.dll
O2 - BHO: WebMoneyAdvisor BHO - {E7D2CB77-6E2D-4C1F-B485-D50506B9FA6B} - C:\Program Files\WebMoney Advisor\2.2.4\wmadvisor.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: WebMoney Advisor - {405DFEAE-1D2F-4649-BE08-C92313C3E1CE} - C:\Program Files\WebMoney Advisor\2.2.4\wmadvisor.dll
O3 - Toolbar: Спутник@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrive\vsdrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [CNAP2 Launcher] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky CRYSTAL\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DrvUpdater] C:\Documents and Settings\UserXP\Application Data\DRPSu\DrvUpdater.exe /hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1454471165-2052111302-1801674531-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1454471165-2052111302-1801674531-1003 Startup: Punto Switcher.lnk = C:\Program Files\Yandex\Punto Switcher\punto.exe (User '?')
O4 - Startup: Punto Switcher.lnk = C:\Program Files\Yandex\Punto Switcher\punto.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Виртуальная клавиатура - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky CRYSTAL\klwtbbho.dll
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Проверка ссы&лок - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky CRYSTAL\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Kaspersky CRYSTAL (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky CRYSTAL\avp.exe
O23 - Service: Сервис управления системы CryproStorage (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 8822 bytes

======Папка назначеных зданий======

C:\WINDOWS\tasks\1-Click Maintenance.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\UserXP\Application Data\Mozilla\Firefox\Profiles\maeh47gq.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "http://www.mail.ru/cnt/5087"
prefs.js - "extensions.enabledItems" -  "imglikeopera@imfo.ru:0.6.18, {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2, fastdial@telega.phpnet.us:3.4, toolbar@netpromoter.ru:4.0.8, firebug@software.joehewitt.com:1.7.3, {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17, plugin@yontoo.com:1.20.00, {81514210-E22A-4e69-93D5-E1EFD45B4620}:0.3.10.01.23, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6"
prefs.js - "keyword.URL" -  "http://go.mail.ru/search?utf8in=1&fr=fftbUFix&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

C:\Program Files\Mozilla Firefox\extensions\
linkfilter@kaspersky.ru
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppl3260.dll
nprpjplug.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
mailru.xml
ozonru.xml
priceru.xml
wikipedia-ru.xml
yandex-slovari.xml

C:\Documents and Settings\UserXP\Application Data\Mozilla\Firefox\Profiles\maeh47gq.default\extensions\
fastdial@telega.phpnet.us
player@zaycev.fm
plugin@yontoo.com
toolbar@netpromoter.ru
yasearch@yandex.ru
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}(2)
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}(3)
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

C:\Documents and Settings\UserXP\Application Data\Mozilla\Firefox\Profiles\maeh47gq.default\searchplugins\
daemon-search.xml
mailru---.xml
qip-search.xml
ybqs-yandex.xml

======Снимок реестра======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [2009-04-17 68936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky CRYSTAL\ievkbd.dll [2010-03-25 68184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll [2012-10-21 1590336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky CRYSTAL\klwtbbho.dll [2010-03-25 268888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7D2CB77-6E2D-4C1F-B485-D50506B9FA6B}]
WebMoneyAdvisorBHO - C:\Program Files\WebMoney Advisor\2.2.4\wmadvisor.dll [2011-07-20 288224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-04-17 211272]
{405DFEAE-1D2F-4649-BE08-C92313C3E1CE} - WebMoney Advisor - C:\Program Files\WebMoney Advisor\2.2.4\wmadvisor.dll [2011-07-20 288224]
{09900DE8-1DCA-443F-9243-26FF581438AF} - Спутник@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll [2012-10-21 1590336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-10-06 18750976]
"Vistadrv"=C:\Program Files\VistaDrive\vsdrv.exe [2006-07-30 121089]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"wmagent.exe"=C:\Program Files\WebMoney Agent\wmagent.exe [2009-10-19 210400]
"CNAP2 Launcher"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [2010-01-11 226784]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky CRYSTAL\avp.exe [2010-03-25 340520]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-04-07 111208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-04-07 13891176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2010-02-01 37376]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17420464]
"DrvUpdater"=C:\Documents and Settings\UserXP\Application Data\DRPSu\DrvUpdater.exe [2012-10-21 195256]

C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\UserXP\Главное меню\Программы\Автозагрузка
Punto Switcher.lnk - C:\Program Files\Yandex\Punto Switcher\punto.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=",C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2010-03-25 219736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoThumbnailCache"=1
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\hasplms.exe"="C:\WINDOWS\system32\hasplms.exe:*:Enabled:HASP License Manager"
"C:\Documents and Settings\UserXP\Рабочий стол\uTorrent.exe"="C:\Documents and Settings\UserXP\Рабочий стол\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"wave1"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3acm"=ac3acm.acm
"divxdec"=divxdec.ax
"xvid"=xvid.ax
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======Ассоциации файлов======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======Список файлов и папок, созданных за последние 3 месяца======

2012-10-22 15:35:18 ----D---- C:\rsit
2012-10-22 15:35:18 ----D---- C:\Program Files\trend micro
2012-10-22 07:43:03 ----D---- C:\Program Files\Mozilla Firefox
2012-10-21 21:39:49 ----D---- C:\Documents and Settings\UserXP\Application Data\iSendSMS
2012-10-21 21:39:47 ----D---- C:\Program Files\iSendSMS
2012-10-21 03:00:37 ----D---- C:\Documents and Settings\UserXP\Application Data\DRPSu
2012-10-21 02:41:55 ----D---- C:\Program Files\Punto Switcher
2012-10-21 02:41:46 ----D---- C:\Program Files\WinDjView
2012-10-21 02:41:37 ----D---- C:\Program Files\Foxit Software
2012-10-21 02:41:28 ----D---- C:\Program Files\7-Zip
2012-10-21 02:40:08 ----D---- C:\Program Files\NVIDIA Corporation
2012-10-21 02:40:03 ----A---- C:\WINDOWS\system32\OpenCL.dll
2012-10-21 02:40:01 ----A---- C:\WINDOWS\system32\nvgenco322060.dll
2012-10-21 02:40:01 ----A---- C:\WINDOWS\system32\nvdispco3220140.dll
2012-10-21 02:39:59 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2012-10-21 02:39:22 ----A---- C:\WINDOWS\system32\drivers\Rtlh86.sys
2012-10-21 02:39:21 ----A---- C:\WINDOWS\system32\RTNUninst32.dll
2012-10-21 01:08:32 ----SHD---- C:\Config.Msi
2012-10-21 01:03:46 ----D---- C:\Documents and Settings\All Users\Application Data\Ask
2012-10-21 00:46:54 ----D---- C:\Documents and Settings\UserXP\Application Data\PC Cleaners
2012-10-21 00:46:49 ----A---- C:\WINDOWS\uninst.exe
2012-10-21 00:46:47 ----D---- C:\Documents and Settings\UserXP\Application Data\PCPro
2012-10-21 00:46:47 ----D---- C:\Documents and Settings\All Users\Application Data\PC1Data
2012-10-19 17:59:03 ----D---- C:\Program Files\xerox
2012-10-19 17:41:01 ----A---- C:\WINDOWS\system32\drivers\klin.dat
2012-10-19 17:41:01 ----A---- C:\WINDOWS\system32\drivers\klick.dat
2012-10-19 17:40:32 ----A---- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys
2012-10-19 17:40:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-10-19 17:40:31 ----A---- C:\WINDOWS\system32\drivers\CSCrySec.sys
2012-10-19 17:39:57 ----D---- C:\Program Files\Common Files\InfoWatch
2012-10-19 17:39:56 ----D---- C:\Program Files\Kaspersky Lab
2012-10-19 17:39:56 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2012-10-19 17:39:38 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2012-10-19 17:38:18 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2012-10-19 17:00:17 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-10-15 04:25:32 ----D---- C:\Program Files\MVBet
2012-10-11 19:27:36 ----D---- C:\Documents and Settings\All Users\Application Data\Isolated Storage
2012-10-06 17:09:09 ----A---- C:\Documents and Settings\UserXP\Application Data\prio.ini
2012-10-06 14:01:01 ----D---- C:\Program Files\OpenVPN
2012-09-23 19:34:22 ----D---- C:\Program Files\SecretsLine EasyVPN
2012-09-23 18:37:38 ----D---- C:\Documents and Settings\UserXP\Application Data\kebrum
2012-09-23 18:35:01 ----D---- C:\Program Files\GtkSharp
2012-09-19 16:53:29 ----D---- C:\Program Files\Common Files\Skype
2012-09-17 14:31:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-09-17 14:13:29 ----D---- C:\Documents and Settings\UserXP\Application Data\SecretsLine EasyVPN
2012-09-01 16:56:14 ----D---- C:\Program Files\Mozilla Maintenance Service

======Список файлов и папок, измененных за последние 3 месяца======

2012-10-22 15:35:21 ----D---- C:\WINDOWS\Temp
2012-10-22 15:35:18 ----RD---- C:\Program Files
2012-10-22 15:33:58 ----D---- C:\WINDOWS\system32\drivers
2012-10-22 14:53:39 ----D---- C:\Documents and Settings\UserXP\Application Data\Skype
2012-10-22 14:51:52 ----D---- C:\WINDOWS
2012-10-22 14:50:06 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-22 13:52:16 ----D---- C:\Program Files\QIP 2010
2012-10-22 02:06:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-10-22 02:06:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2012-10-22 02:05:56 ----AD---- C:\WINDOWS\system32
2012-10-22 02:05:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-10-22 02:05:44 ----D---- C:\WINDOWS\system32\wbem
2012-10-22 02:05:14 ----D---- C:\WINDOWS\security
2012-10-22 00:38:31 ----D---- C:\Documents and Settings\UserXP\Application Data\WebMoney
2012-10-21 18:36:53 ----D---- C:\Program Files\Mail.Ru
2012-10-21 13:55:29 ----A---- C:\WINDOWS\system32\OEMINFO.INI
2012-10-21 13:49:44 ----HD---- C:\WINDOWS\inf
2012-10-21 02:55:52 ----D---- C:\Documents and Settings\UserXP\Application Data\Yandex
2012-10-21 02:41:44 ----SHD---- C:\WINDOWS\Installer
2012-10-21 02:40:50 ----D---- C:\WINDOWS\Help
2012-10-21 01:08:38 ----RSD---- C:\WINDOWS\assembly
2012-10-21 01:04:14 ----SD---- C:\WINDOWS\Tasks
2012-10-20 23:41:01 ----D---- C:\WINDOWS\Prefetch
2012-10-20 23:23:34 ----D---- C:\WINDOWS\system32\config
2012-10-19 18:48:56 ----D---- C:\Program Files\SafeSurf
2012-10-19 17:55:41 ----D---- C:\Program Files\Unlocker
2012-10-19 17:43:59 ----SHD---- C:\System Volume Information
2012-10-19 17:39:57 ----D---- C:\Program Files\Common Files
2012-10-11 20:42:59 ----D---- C:\WINDOWS\Microsoft.NET
2012-10-11 19:26:26 ----D---- C:\WINDOWS\WinSxS
2012-10-11 19:21:58 ----D---- C:\WINDOWS\system32\en-US
2012-10-11 19:19:41 ----D---- C:\Program Files\Microsoft.NET
2012-10-11 17:02:20 ----D---- C:\Documents and Settings\UserXP\Application Data\uTorrent
2012-10-10 11:59:30 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-10-10 11:50:21 ----D---- C:\Documents and Settings\UserXP\Application Data\Adobe
2012-09-23 18:45:40 ----D---- C:\Program Files\Common Files\InstallShield
2012-09-23 18:45:37 ----HD---- C:\Program Files\InstallShield Installation Information
2012-09-19 16:53:31 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2012-09-19 16:53:29 ----RD---- C:\Program Files\Skype
2012-09-17 18:10:59 ----D---- C:\Program Files\Yandex
2012-09-14 19:00:38 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJ

======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)======

R0 amdide;amdide; C:\WINDOWS\system32\DRIVERS\amdide.sys [2007-10-12 9096]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver; C:\WINDOWS\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\klbg.sys [2009-10-14 36880]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-09-03 115680]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-05-26 691696]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver; C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
R1 kbdhid;Драйвер клавиатуры HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-15 14720]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2012-10-19 315408]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aksfridge;aksfridge; \??\C:\WINDOWS\system32\drivers\aksfridge.sys []
R2 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-01-28 133632]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 rspndr;Ответчик обнаружения топологии уровня связи; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-10-11 62848]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 hidusb;Драйвер класса HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-10-06 5922816]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-04-08 12501600]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-06-13 306664]
R3 SAA713x;Behold TV WDM Capture (SAA713x); C:\WINDOWS\system32\DRIVERS\saa713x.sys [2009-05-18 421896]
R3 usbccgp;Драйвер универсального родительского устройства USB (Microsoft); C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]
R3 usbscan;Драйвер USB-сканера; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 aq7swbix;aq7swbix; C:\WINDOWS\system32\drivers\aq7swbix.sys []
S3 CCDECODE;Closed Caption декодер; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MPE;BDA MPE фильтр; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Преобразователь потоков Tee/Sink-to-Sink Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI кодек; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft видео или ТВ подключение; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RTL8169;Realtek 8169 NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlh86.sys [2011-09-08 363112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2011-12-15 26624]
S3 usbprint;Класс принтеров Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext кодек; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-18 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-18 82944]

======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 CSObjectsSrv;Сервис управления системы CryproStorage; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 hasplms;Sentinel HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2010-09-27 4180576]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-04-07 155752]
R2 SimpTcp;Простые службы TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-15 19456]
R2 UPHClean;User Profile Helper Cleanup; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S2 AVP;Kaspersky CRYSTAL; C:\Program Files\Kaspersky Lab\Kaspersky CRYSTAL\avp.exe [2010-03-25 340520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-22 115168]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2011-12-15 14848]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2012-05-25 355584]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-11-02 914944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------