﻿Лог утилиты random's system information tool 1.09 (автор: random/random)
Run by 13 at 2013-08-23 17:34:00
Microsoft Windows 7 Максимальная  Service Pack 1
Системный раздел C: размер 41 MB (0%) Свободно 36 GB
Total RAM: 4075 MB (1% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:42:01, on 23.08.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Users\13\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\trend micro\13.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 86.57.151.18 retracker.local
O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~2\DOWNLO~1\dmiehlp.dll
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\13\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Блокировать это изображение (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files (x86)\Download Master\dmieall.htm
O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files (x86)\Download Master\dmie.htm
O8 - Extra context menu item: Передать на удаленную закачку DM - C:\Program Files (x86)\Download Master\remdown.htm
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files (x86)\Download Master\dmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files (x86)\Download Master\dmaster.exe
O9 - Extra button: (no name) - {E6846530-6088-4AA3-932F-C6245CE59A4C} - (no file)
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://wustat.windows.com
O15 - Trusted Zone: http://*.download.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{354E73BD-D13E-4539-B20C-82695D90F300}: NameServer = 86.57.160.65 193.232.248.2
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - (no file)
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - (no file)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8389 bytes

======Список процессов======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
\??\C:\Windows\system32\conhost.exe "374771721572332469-32792563442146231913613369055310724052042112096-1293702445
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1864
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Users\13\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Opera x64\opera.exe" 
"C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe" -newprocess "3992 2 0 1 4" -logfolder "C:\Users\13\AppData\Local\Opera\Opera x64\logs"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540 
"taskhost.exe"
"C:\Users\13\Desktop\RSITx64.exe" 
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Папка назначеных зданий======

C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Снимок реестра======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F385C231-605B-4d8f-ACA9-DBFF765BBE17}]
Adblock Pro - C:\Program Files\Adblock Pro\AdblockPro.dll [2010-07-01 709632]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9961627E-4059-41B4-8E0E-A7D6B3854ADF}]
IE 4.x-6.x BHO for Download Master - C:\PROGRA~2\DOWNLO~1\dmiehlp.dll [2013-04-23 168224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F385C231-605B-4d8f-ACA9-DBFF765BBE17}]
Adblock Pro - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll [2010-09-20 462848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-03-29 7174728]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Users\13\AppData\Roaming\uTorrent\uTorrent.exe [2013-08-14 888152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adblock pro]
C:\Program Files\Adblock Pro\abpmain.exe [2010-06-30 602112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^13^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^us.exe]
 []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"AdobeCEPServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [2013-03-13 1039248]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-05 958576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoAddPrinter"=0
"NoDeletePrinter"=0
"NoThemesTab"=0
"NoChangeAnimation"=0
"NoViewContextMenu"=0
"NoDFSTab"=0
"NoToolbarCustomize"=0
"NoDesktop"=0
"NoBandCustomize"=0
"NoFolderOptions"=0
"NoFileAssociate"=0
"NoSetFolders"=0
"NoStartMenuMyGames"=0
"NoCommonGroups"=0
"NoFind"=0
"NoSimpleStartMenu"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"msacm.l3codecp"=l3codecp.acm
"VIDC.LAGS"=lagarith.dll
"msacm.l3acmp"=l3codecp.acm
"VIDC.X264"=x264vfw64.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======Ассоциации файлов======

.exe - open - 
.js - edit - 
.js - open - 

======Список файлов и папок, созданных за последние 3 месяца======

2013-08-23 17:34:23 ----D---- C:\Program Files\trend micro
2013-08-23 17:34:00 ----D---- C:\rsit
2013-08-21 23:17:56 ----D---- C:\Windows\system32\catroot2
2013-08-21 22:24:27 ----D---- C:\Windows\SYSWOW64\catroot2.bak
2013-08-21 21:52:04 ----D---- C:\Windows\SoftwareDistribution
2013-08-21 19:03:40 ----D---- C:\Windows\system32\CatRoot2_2013_8_21
2013-08-21 17:58:21 ----D---- C:\Windows\Temp
2013-08-20 00:11:57 ----D---- C:\Windows\SoftwareDistribution_2013_8_21
2013-08-19 23:48:33 ----A---- C:\Windows\system32\WavesGUILib64.dll
2013-08-19 23:48:33 ----A---- C:\Windows\system32\tossaeapo64.dll
2013-08-19 23:48:33 ----A---- C:\Windows\system32\toseaeapo64.dll
2013-08-19 23:48:33 ----A---- C:\Windows\system32\tosasfapo64.dll
2013-08-19 23:48:32 ----A---- C:\Windows\system32\sltech64.dll
2013-08-19 23:48:32 ----A---- C:\Windows\system32\slprp64.dll
2013-08-19 23:48:31 ----A---- C:\Windows\system32\slcnt64.dll
2013-08-19 23:48:31 ----A---- C:\Windows\system32\sl3apo64.dll
2013-08-19 23:48:31 ----A---- C:\Windows\system32\SFSS_APO.dll
2013-08-19 23:48:29 ----A---- C:\Windows\system32\RtPgEx64.dll
2013-08-19 23:48:29 ----A---- C:\Windows\system32\RTKSMSettingsIPC.dll
2013-08-19 23:48:29 ----A---- C:\Windows\system32\drivers\rtvienna.dat
2013-08-19 23:48:29 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2013-08-19 23:48:28 ----A---- C:\Windows\system32\RTKSMlfx.dll
2013-08-19 23:48:27 ----A---- C:\Windows\system32\RtkAPO64.dll
2013-08-19 23:48:27 ----A---- C:\Windows\system32\RtkApi64.dll
2013-08-19 23:48:27 ----A---- C:\Windows\system32\RtDataProc64.dll
2013-08-19 23:48:27 ----A---- C:\Windows\system32\RTCOM64.dll
2013-08-19 23:48:27 ----A---- C:\Windows\system32\RCoRes64.dat
2013-08-19 23:48:27 ----A---- C:\Windows\system32\RCoInstII64.dll
2013-08-19 23:48:27 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2013-08-19 23:48:26 ----A---- C:\Windows\system32\R4EEP64A.dll
2013-08-19 23:48:26 ----A---- C:\Windows\system32\R4EEL64A.dll
2013-08-19 23:48:26 ----A---- C:\Windows\system32\R4EEG64A.dll
2013-08-19 23:48:26 ----A---- C:\Windows\system32\R4EED64A.dll
2013-08-19 23:48:26 ----A---- C:\Windows\system32\R4EEA64A.dll
2013-08-19 23:48:26 ----A---- C:\Windows\system32\MISS_APO.dll
2013-08-19 23:48:26 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-08-19 23:48:26 ----A---- C:\Windows\system32\MaxxAudioVnA64.dll
2013-08-19 23:48:25 ----A---- C:\Windows\system32\MaxxAudioRealtek64.dll
2013-08-19 23:48:25 ----A---- C:\Windows\system32\MaxxAudioRealtek264.dll
2013-08-19 23:48:25 ----A---- C:\Windows\system32\MaxxAudioEQ64.dll
2013-08-19 23:48:25 ----A---- C:\Windows\system32\MaxxAudioAPOShell64.dll
2013-08-19 23:48:25 ----A---- C:\Windows\system32\MaxxAudioAPO5064.dll
2013-08-19 23:48:25 ----A---- C:\Windows\system32\MaxxAudioAPO4064.dll
2013-08-19 23:48:25 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2013-08-19 23:48:22 ----A---- C:\Windows\system32\FMAPO64.dll
2013-08-19 23:48:22 ----A---- C:\Windows\system32\DTSU2PREC64.dll
2013-08-19 23:48:22 ----A---- C:\Windows\system32\DTSU2PLFX64.dll
2013-08-19 23:48:22 ----A---- C:\Windows\system32\DTSU2PGFX64.dll
2013-08-19 23:48:22 ----A---- C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-08-19 23:48:21 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-08-19 23:48:21 ----A---- C:\Windows\system32\AERTAC64.dll
2013-08-17 17:23:36 ----D---- C:\Program Files (x86)\Proxy Switcher Standard
2013-08-17 17:22:11 ----D---- C:\Program Files (x86)\SMPlayer
2013-08-17 17:04:15 ----D---- C:\Users\13\AppData\Roaming\Media Player Classic
2013-08-17 17:03:14 ----A---- C:\Windows\system32\ff_vfw.dll
2013-08-17 17:03:12 ----A---- C:\Windows\SYSWOW64\xvidcore.dll
2013-08-17 17:03:12 ----A---- C:\Windows\SYSWOW64\x264vfw.dll
2013-08-17 17:03:12 ----A---- C:\Windows\system32\xvidvfw.dll
2013-08-17 17:03:12 ----A---- C:\Windows\system32\xvidcore.dll
2013-08-17 17:03:12 ----A---- C:\Windows\system32\x264vfw64.dll
2013-08-17 17:03:11 ----A---- C:\Windows\SYSWOW64\xvidvfw.dll
2013-08-17 17:03:10 ----A---- C:\Windows\SYSWOW64\ff_vfw.dll
2013-08-17 17:03:07 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2013-08-17 16:49:52 ----D---- C:\Users\13\AppData\Roaming\vlc
2013-08-13 00:04:17 ----D---- C:\MetArt 2013-07-31 Liza B - Nevoj
2013-08-12 21:33:29 ----D---- C:\MA - 2013-08-04 - Sapphira A - Semejanza
2013-07-12 20:46:28 ----A---- C:\Windows\system32\Об оплате труда прокурорских работников, работников системы органов прокуратуры, районных (городских), областных, Минского городского судов, хозяйственных судов областей (города Минска) и работников (гра.lnk
2013-06-21 17:02:36 ----D---- C:\Program Files\Common Files\Adobe
2013-06-20 23:38:11 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-06-20 23:38:02 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-06-20 23:38:02 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-06-20 23:38:02 ----A---- C:\Windows\SYSWOW64\java.exe
2013-06-19 17:06:44 ----D---- C:\Users\13\AppData\Roaming\Transcend Elite
2013-06-15 23:25:09 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-06-15 23:24:51 ----D---- C:\ProgramData\NVIDIA
2013-06-15 23:23:54 ----A---- C:\Windows\system32\nvvsvc.exe
2013-06-15 23:23:54 ----A---- C:\Windows\system32\nvsvcr.dll
2013-06-15 23:23:54 ----A---- C:\Windows\system32\nvsvc64.dll
2013-06-15 23:23:54 ----A---- C:\Windows\system32\nvshext.dll
2013-06-15 23:23:54 ----A---- C:\Windows\system32\nvmctray.dll
2013-06-15 23:23:54 ----A---- C:\Windows\system32\nvcpl.dll
2013-06-15 23:18:21 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2013-06-15 23:17:13 ----D---- C:\Program Files\NVIDIA Corporation
2013-06-15 18:16:45 ----D---- C:\Program Files\Icaros
2013-06-13 00:45:47 ----D---- C:\ProgramData\FastStone
2013-06-10 22:51:33 ----D---- C:\Users\13\AppData\Roaming\AC3Filter
2013-05-26 20:09:11 ----A---- C:\Windows\system32\О порядке назначения (утверждения, освобождения, отстранения) и согласования назначения (освобождения, отстранения) Президентом Республики Беларусь на некоторые должности, включенные в кадровый реестр Гл.lnk
2013-05-24 22:37:49 ----D---- C:\Windows\SYSWOW64\BestPractices
2013-05-24 22:37:43 ----D---- C:\Windows\system32\BestPractices
2013-05-24 20:38:07 ----D---- C:\Windows\SYSWOW64\URTTEMP

======Список файлов и папок, измененных за последние 3 месяца======

2013-08-23 17:41:06 ----D---- C:\Users\13\AppData\Roaming\uTorrent
2013-08-23 17:34:23 ----RD---- C:\Program Files
2013-08-22 19:35:37 ----D---- C:\ProgramData\Norton
2013-08-22 19:35:37 ----D---- C:\Program Files (x86)\Common Files
2013-08-22 19:32:41 ----D---- C:\2011-04-06 Valerie Hot As Hell
2013-08-22 18:27:15 ----D---- C:\Windows\system32\config
2013-08-22 18:21:55 ----AD---- C:\ProgramData\TEMP
2013-08-22 18:21:34 ----RD---- C:\Program Files (x86)
2013-08-22 17:56:35 ----SHD---- C:\System Volume Information
2013-08-22 17:15:12 ----D---- C:\ФИЛЬМЫ
2013-08-22 17:05:44 ----D---- C:\Pink Lagoon
2013-08-22 17:00:32 ----D---- C:\Windows\system32\drivers
2013-08-22 17:00:17 ----D---- C:\Windows\system32\Tasks
2013-08-22 17:00:15 ----D---- C:\Program Files\Common Files
2013-08-21 23:17:56 ----D---- C:\Windows\System32
2013-08-21 23:14:17 ----SHD---- C:\Windows\Installer
2013-08-21 23:14:12 ----D---- C:\Windows\SysWOW64
2013-08-21 21:52:10 ----D---- C:\Windows
2013-08-21 19:43:45 ----D---- C:\Windows\system32\NDF
2013-08-21 18:01:08 ----D---- C:\Windows\Prefetch
2013-08-21 17:08:09 ----D---- C:\Program Files (x86)\Download Master
2013-08-20 20:17:11 ----D---- C:\Windows\registration
2013-08-20 00:17:46 ----D---- C:\Windows\winsxs
2013-08-20 00:17:43 ----D---- C:\Windows\system32\catroot
2013-08-19 23:57:18 ----HD---- C:\Program Files (x86)\Temp
2013-08-19 23:49:33 ----D---- C:\Windows\SYSWOW64\RTCOM
2013-08-19 23:49:24 ----D---- C:\Windows\inf
2013-08-19 23:49:15 ----D---- C:\Windows\system32\DriverStore
2013-08-19 23:34:20 ----D---- C:\Program Files\Microsoft Silverlight
2013-08-19 23:34:14 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-08-19 23:09:37 ----D---- C:\Windows\system32\appmgmt
2013-08-19 18:05:42 ----A---- C:\Windows\ntbtlog.txt
2013-08-19 16:58:27 ----A---- C:\Windows\PSEXESVC.EXE
2013-08-12 15:12:25 ----D---- C:\Tor Browser
2013-08-11 13:55:02 ----D---- C:\Windows\SYSWOW64\directx
2013-08-10 23:18:31 ----D---- C:\Program Files (x86)\uTorrent
2013-08-08 12:27:26 ----D---- C:\videothumbs
2013-08-02 20:29:58 ----A---- C:\Windows\SYSWOW64\unrar.dll
2013-08-02 20:29:58 ----A---- C:\Windows\system32\unrar64.dll
2013-08-01 21:27:16 ----D---- C:\Program Files (x86)\WMR14
2013-07-30 13:56:46 ----D---- C:\Program Files (x86)\FastStone Capture
2013-07-26 21:11:12 ----D---- C:\Windows\Tasks
2013-07-19 01:41:26 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-07-07 11:01:47 ----D---- C:\Program Files\Opera x64
2013-07-07 11:01:47 ----D---- C:\Program Files (x86)\Opera x64
2013-07-05 20:43:06 ----D---- C:\Windows\Minidump
2013-07-04 15:33:41 ----D---- C:\Windows\system32\wfp
2013-07-04 15:33:39 ----D---- C:\Windows\system32\wbem
2013-07-02 01:45:24 ----D---- C:\Windows\system
2013-06-22 19:43:35 ----D---- C:\ProgramData\Adobe
2013-06-21 23:32:44 ----D---- C:\Program Files (x86)\Adobe
2013-06-21 17:16:56 ----D---- C:\Program Files\Adobe
2013-06-21 17:13:15 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-06-21 17:12:59 ----D---- C:\Users\13\AppData\Roaming\Adobe
2013-06-21 17:10:59 ----RSD---- C:\Windows\Fonts
2013-06-20 23:38:01 ----D---- C:\Program Files (x86)\Java
2013-06-20 20:48:41 ----D---- C:\Users\13\AppData\Roaming\VideoReDo-TVSuite4
2013-06-15 23:25:14 ----RD---- C:\Users
2013-06-15 23:24:51 ----HD---- C:\ProgramData
2013-06-15 23:23:45 ----D---- C:\Windows\Help
2013-06-12 21:48:23 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2013-06-12 21:48:17 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2013-06-05 23:59:19 ----D---- C:\Users\13\AppData\Roaming\AIMP
2013-05-26 15:51:18 ----D---- C:\Windows\Microsoft.NET
2013-05-26 14:10:09 ----RSD---- C:\Windows\assembly
2013-05-26 12:21:32 ----SD---- C:\ProgramData\Microsoft
2013-05-26 00:58:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-26 00:57:32 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-05-26 00:54:13 ----D---- C:\Windows\SYSWOW64\en-US
2013-05-26 00:54:13 ----D---- C:\Windows\system32\en-US
2013-05-25 23:14:01 ----D---- C:\Program Files (x86)\Microsoft.NET
2013-05-25 02:22:05 ----SHD---- C:\$Recycle.Bin
2013-05-24 22:37:52 ----D---- C:\Windows\SYSWOW64\migration
2013-05-24 22:37:52 ----D---- C:\Windows\SYSWOW64\inetsrv
2013-05-24 22:37:49 ----D---- C:\Windows\SYSWOW64\ru-RU
2013-05-24 22:37:48 ----D---- C:\Windows\system32\migration
2013-05-24 22:37:48 ----D---- C:\Windows\system32\inetsrv
2013-05-24 22:37:44 ----D---- C:\Windows\system32\ru-RU
2013-05-24 20:44:19 ----D---- C:\Program Files (x86)\Internet Explorer

======Список драйверов (тип запуска: R=Запущен, S=остановлен, 0=Загрузочный, 1=Системный, 2=Автоматически, 3=Вручную, 4=Отключено)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-08-24 13440]
R1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2010-08-03 14464]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-07-26 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-03-29 3379272]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
R3 SrvHsfPCI;SrvHsfPCI; C:\Windows\system32\DRIVERS\VSTBS26.SYS [2009-06-11 411136]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-11 1485312]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-11 740864]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [2012-08-21 30624]
S3 CisUtMonitor;CisUtMonitor; C:\Windows\system32\DRIVERS\CisUtMonitor.sys [2012-11-01 33360]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 E1G60;Драйвер адаптера Intel(R) PRO/1000 NDIS 6; C:\Windows\system32\DRIVERS\E1G6032E.sys [2009-06-10 145792]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver; C:\Windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 tsusbhub;Remote Deskotop USB Hub; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======Список служб (тип запуска: R=Запущена, S=остановлена, 0=Загрузочная, 1=Системная, 2=Автоматически, 3=Вручную, 4=Отключено)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2012-10-06 8192]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 878368]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Служба Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-29 116648]
S2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-31 1259296]
S2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 gupdatem;Служба Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-29 116648]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-28 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------
