ComboFix 14-01-22.01 - Артем 23.01.2014 13:25:37.1.4 - x64
Microsoft Windows 7 Максимальная 6.1.7601.1.1251.7.1049.18.7871.5904 [GMT 4:00]
Running from: c:\users\LЁЄхь\Downloads\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Персональный файервол ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Артем\111.dem
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DCService.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-12-23 to 2014-01-23 )))))))))))))))))))))))))))))))
.
.
2014-01-20 18:02 . 2008-03-17 07:58 117120 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2014-01-20 18:02 . 2008-03-17 07:06 115328 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2014-01-20 18:02 . 2008-03-16 10:47 1003008 ----a-w- c:\windows\system32\drivers\mod7700.sys
2014-01-20 18:02 . 2008-01-22 11:11 119296 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2014-01-20 18:02 . 2007-08-09 00:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2014-01-20 18:02 . 2014-01-20 18:02 -------- d-----w- c:\program files (x86)\MegaFon Internet
2014-01-19 17:25 . 2014-01-19 17:25 -------- d-----w- c:\users\Артем\AppData\Local\Opera Software
2014-01-19 17:25 . 2014-01-19 17:25 -------- d-----w- c:\program files (x86)\Opera
2014-01-19 06:23 . 2014-01-19 06:23 -------- d-----w- c:\users\Артем\AppData\Roaming\Malwarebytes
2014-01-19 06:23 . 2014-01-19 06:23 -------- d-----w- c:\programdata\Malwarebytes
2014-01-19 06:23 . 2014-01-19 06:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-19 06:23 . 2013-04-04 10:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-17 13:11 . 2014-01-17 13:11 -------- d-----w- c:\users\Артем\AppData\Roaming\Sikuli
2014-01-16 08:17 . 2014-01-16 08:17 -------- d-----w- c:\program files\ATI Technologies
2014-01-16 07:49 . 2014-01-16 07:49 43342848 ----a-w- c:\windows\system32\RCoRes64.dat
2014-01-16 07:49 . 2014-01-16 07:49 3771352 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-01-16 07:49 . 2014-01-16 07:49 1958616 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-01-16 07:49 . 2014-01-16 07:49 153304 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-01-16 05:32 . 2014-01-16 16:18 -------- d-----w- C:\AdwCleaner
2014-01-15 09:25 . 2014-01-15 09:26 -------- d-----w- c:\programdata\Doctor Web
2014-01-15 09:25 . 2014-01-15 09:41 -------- d-----w- c:\users\Артем\Doctor Web
2014-01-15 08:26 . 2014-01-15 08:26 -------- d-----w- c:\programdata\Oracle
2014-01-15 08:26 . 2014-01-15 08:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-15 08:26 . 2014-01-15 08:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 08:26 . 2014-01-15 08:26 -------- d-----w- c:\program files (x86)\Java
2014-01-14 14:18 . 2014-01-14 14:18 -------- d--h--w- c:\programdata\CanonIJSIP
2014-01-12 11:03 . 2014-01-12 11:03 -------- d-----w- c:\users\Артем\AppData\Roaming\Boomzap
2014-01-12 10:01 . 2014-01-12 15:19 -------- d-----w- c:\program files (x86)\ShopperPro
2014-01-12 09:00 . 2014-01-12 09:01 -------- d-----w- c:\users\Артем\AppData\Local\Installer
2014-01-12 09:00 . 2014-01-12 09:00 -------- d-----w- c:\program files\DCE
2014-01-12 08:59 . 2014-01-12 08:59 -------- d-----w- c:\users\Артем\AppData\Local\CrashRpt
2014-01-10 11:44 . 2014-01-10 11:45 -------- d-----w- c:\program files (x86)\SpeedFan
2014-01-10 08:33 . 2014-01-10 08:33 -------- d-----w- c:\users\Артем\AppData\Local\Intel_Corporation
2014-01-10 07:52 . 2014-01-10 07:52 64624 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2014-01-10 07:45 . 2014-01-10 07:45 4067328 ----a-w- c:\windows\system32\MetroIntelGenericUIFramework.dll
2014-01-10 06:14 . 2013-12-15 21:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94952049-CFCA-4141-A01F-C023D857CF7A}\mpengine.dll
2014-01-10 06:12 . 2014-01-10 06:12 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-01-10 06:12 . 2014-01-10 06:12 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-10 06:12 . 2014-01-10 06:12 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-10 06:12 . 2014-01-10 06:12 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-01-10 06:12 . 2014-01-10 06:12 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-10 06:12 . 2014-01-10 06:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-01-10 06:12 . 2014-01-10 06:12 2048 ----a-w- c:\windows\system32\tzres.dll
2014-01-10 06:10 . 2014-01-10 06:10 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-01-10 06:10 . 2014-01-10 06:10 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-01-10 06:10 . 2014-01-10 06:10 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-01-10 06:10 . 2014-01-10 06:10 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-01-10 06:09 . 2014-01-10 06:09 197120 ----a-w- c:\windows\system32\credui.dll
2014-01-10 06:09 . 2014-01-10 06:09 1930752 ----a-w- c:\windows\system32\authui.dll
2014-01-10 06:09 . 2014-01-10 06:09 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-01-10 06:09 . 2014-01-10 06:09 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2014-01-10 06:09 . 2014-01-10 06:09 168960 ----a-w- c:\windows\SysWow64\credui.dll
2014-01-10 06:09 . 2014-01-10 06:09 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2014-01-10 06:08 . 2014-01-10 06:08 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-01-10 06:08 . 2014-01-10 06:08 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-01-10 06:08 . 2014-01-10 06:08 1474048 ----a-w- c:\windows\system32\crypt32.dll
2014-01-10 06:08 . 2014-01-10 06:08 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-01-10 06:05 . 2014-01-10 06:05 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2014-01-10 06:03 . 2014-01-10 06:03 185344 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2014-01-10 06:03 . 2014-01-10 06:03 109824 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2014-01-10 06:03 . 2014-01-10 06:03 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys
2014-01-10 06:03 . 2014-01-10 06:03 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-01-10 05:49 . 2014-01-10 05:49 424448 ----a-w- c:\windows\system32\KernelBase.dll
2014-01-10 05:48 . 2014-01-10 05:48 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-01-10 05:46 . 2014-01-10 05:46 197120 ----a-w- c:\windows\system32\shdocvw.dll
2014-01-10 05:46 . 2014-01-10 05:46 14172672 ----a-w- c:\windows\system32\shell32.dll
2014-01-10 05:45 . 2014-01-10 05:45 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-01-10 05:29 . 2014-01-10 05:29 751104 ----a-w- c:\windows\system32\win32spl.dll
2014-01-10 05:29 . 2014-01-10 05:29 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2014-01-10 05:27 . 2014-01-10 05:27 70144 ----a-w- c:\windows\system32\appinfo.dll
2014-01-10 05:27 . 2014-01-10 05:27 111448 ----a-w- c:\windows\system32\consent.exe
2014-01-10 05:26 . 2014-01-10 05:26 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-01-10 05:26 . 2014-01-10 05:26 230400 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-10 05:21 . 2014-01-10 05:21 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2014-01-10 05:21 . 2014-01-10 05:21 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2014-01-10 05:21 . 2014-01-10 05:21 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-01-10 05:21 . 2014-01-10 05:21 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-01-10 05:20 . 2014-01-10 05:20 70656 ----a-w- c:\windows\system32\nlaapi.dll
2014-01-10 05:20 . 2014-01-10 05:20 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2014-01-10 05:20 . 2014-01-10 05:20 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2014-01-10 05:20 . 2014-01-10 05:20 303104 ----a-w- c:\windows\system32\nlasvc.dll
2014-01-10 05:20 . 2014-01-10 05:20 216576 ----a-w- c:\windows\system32\ncsi.dll
2014-01-10 05:20 . 2014-01-10 05:20 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2014-01-10 05:20 . 2014-01-10 05:20 18944 ----a-w- c:\windows\system32\netevent.dll
2014-01-10 05:20 . 2014-01-10 05:20 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-01-10 05:20 . 2014-01-10 05:20 246272 ----a-w- c:\windows\system32\netcorehc.dll
2014-01-10 05:20 . 2014-01-10 05:20 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2014-01-10 05:20 . 2014-01-10 05:20 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2014-01-10 05:19 . 2014-01-10 05:19 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2014-01-10 05:19 . 2014-01-10 05:19 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-01-10 05:19 . 2014-01-10 05:19 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-01-10 05:16 . 2014-01-10 05:16 -------- d-----w- c:\windows\SysWow64\Wat
2014-01-10 05:16 . 2014-01-10 05:16 -------- d-----w- c:\windows\system32\Wat
2014-01-10 05:15 . 2013-06-27 14:05 27456 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2014-01-10 05:08 . 2014-01-10 05:08 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-01-10 05:08 . 2014-01-17 17:25 -------- d-----w- c:\programdata\ProductData
2014-01-10 05:08 . 2014-01-12 08:57 -------- d-----w- c:\program files (x86)\IObit Uninstaller
2014-01-10 05:08 . 2014-01-10 08:22 -------- d-----w- c:\program files (x86)\IObit
2014-01-10 05:08 . 2014-01-11 15:10 -------- d-----w- c:\programdata\IObit
2014-01-10 05:08 . 2014-01-10 08:19 -------- d-----w- c:\users\Артем\AppData\Roaming\IObit
2014-01-10 05:07 . 2014-01-23 09:32 -------- d-----w- c:\program files (x86)\Advanced SystemCare 7
2014-01-09 22:29 . 2011-07-01 06:46 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2014-01-09 22:29 . 2014-01-09 22:30 -------- d-----w- c:\program files\SecurityKISS Tunnel
2014-01-09 20:32 . 2014-01-09 20:32 -------- d-----w- c:\users\Артем\AppData\Roaming\BinarySense
2014-01-09 20:32 . 2014-01-09 20:32 -------- d-----w- c:\programdata\Licenses
2014-01-09 20:32 . 2014-01-09 20:32 -------- d-----w- c:\program files (x86)\Common Files\BinarySense
2014-01-09 20:32 . 2014-01-09 20:32 -------- d-----w- c:\program files (x86)\BinarySense
2014-01-09 12:01 . 2014-01-09 12:01 -------- d-----w- c:\users\Артем\AppData\Local\VirtualRouterPlus
2014-01-09 12:01 . 2014-01-09 12:01 -------- d-----w- c:\program files (x86)\Virtual Router Plus
2014-01-09 11:59 . 2014-01-09 11:59 -------- d-----w- c:\users\Артем\AppData\Local\Downloaded Installations
2014-01-07 13:33 . 2014-01-07 13:33 -------- d-----w- c:\users\Артем\AppData\Local\Overwolf
2014-01-07 12:58 . 2014-01-09 21:40 -------- d-----w- c:\users\Артем\AppData\Roaming\TS3Client
2014-01-07 12:56 . 2014-01-07 12:56 -------- d-----w- c:\program files\TeamSpeak 3 Client
2014-01-04 09:59 . 2014-01-04 09:59 -------- d-----w- C:\Загрузки
2014-01-04 09:06 . 2014-01-04 09:07 -------- d-----w- c:\program files\TAP-Windows
2014-01-04 09:06 . 2014-01-04 09:07 -------- d-----w- c:\program files\OpenVPN
2014-01-02 17:30 . 2014-01-02 17:30 -------- d-----w- c:\programdata\FanXpert2
2014-01-02 17:06 . 2014-01-02 17:06 4700560 ----a-w- c:\windows\PE_File.dll
2014-01-02 08:27 . 2014-01-02 08:27 -------- d-----w- c:\users\Артем\AppData\Roaming\MAXON
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-23 09:32 . 2012-08-28 13:25 1048576 ----a-w- c:\windows\PE_Rom.dll
2014-01-16 08:02 . 2011-05-24 19:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2014-01-16 08:02 . 2011-05-24 18:59 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2014-01-16 08:02 . 2011-05-24 18:19 58880 ----a-w- c:\windows\system32\coinst.dll
2014-01-16 08:02 . 2011-05-24 19:00 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2014-01-16 08:02 . 2013-11-28 13:37 423424 ----a-w- c:\windows\system32\atipdl64.dll
2014-01-16 08:02 . 2011-05-24 19:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2014-01-16 08:02 . 2011-05-24 19:01 59392 ----a-w- c:\windows\system32\atiedu64.dll
2014-01-16 08:02 . 2013-11-28 13:37 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-01-16 08:02 . 2011-05-24 19:01 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2014-01-16 07:47 . 2013-11-28 13:37 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-01-16 07:47 . 2013-11-28 13:37 9753752 ----a-w- c:\windows\system32\atidxx64.dll
2014-01-16 07:47 . 2013-11-28 13:37 1318552 ----a-w- c:\windows\system32\aticfx64.dll
2014-01-10 07:45 . 2012-08-28 12:54 66560 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-01-10 07:45 . 2012-08-28 12:54 224256 ----a-w- c:\windows\system32\hccutils.dll
2014-01-10 06:05 . 2014-01-10 06:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-01-10 05:26 . 2014-01-10 05:26 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2014-01-10 05:26 . 2014-01-10 05:26 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2014-01-10 05:26 . 2014-01-10 05:26 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2014-01-10 05:26 . 2014-01-10 05:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2014-01-10 05:26 . 2014-01-10 05:26 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2014-01-10 05:26 . 2014-01-10 05:26 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2014-01-02 16:02 . 2011-09-20 04:25 46152 ----a-w- c:\windows\SysWow64\drivers\ASUSFILTER.sys
2014-01-02 16:02 . 2012-09-16 18:02 929844 ------w- c:\windows\SysWow64\drivers\MFDLL\MFC42D.DLL
2014-01-02 16:02 . 2012-09-16 18:02 385100 ------w- c:\windows\SysWow64\drivers\MFDLL\MSVCRTD.DLL
2014-01-02 16:02 . 2012-09-16 18:02 343040 ------w- c:\windows\SysWow64\drivers\MFDLL\msvcrt.dll
2014-01-02 16:02 . 2012-09-16 18:02 1028096 ------w- c:\windows\SysWow64\drivers\MFDLL\MFC42.DLL
2014-01-02 16:02 . 2012-08-28 12:59 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2014-01-02 16:02 . 2008-01-04 05:34 10216 ------w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-12-12 11:25 . 2012-08-30 22:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 11:25 . 2012-08-30 22:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-12 11:25 . 2013-12-12 11:25 9293192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 08:25 . 2012-08-28 11:39 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-24 14:58 . 2013-11-24 14:58 45056 ----a-r- c:\users\Артем\AppData\Roaming\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
2013-11-24 14:58 . 2013-11-24 14:58 45056 ----a-r- c:\users\Артем\AppData\Roaming\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
2013-11-24 14:58 . 2013-11-24 14:58 45056 ----a-r- c:\users\Артем\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2013-11-24 14:58 . 2013-11-24 14:58 45056 ----a-r- c:\users\Артем\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2013-11-12 10:37 . 2012-08-30 19:12 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-19 17:49 220632 ----a-w- c:\users\Артем\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-19 17:49 220632 ----a-w- c:\users\Артем\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-19 17:49 220632 ----a-w- c:\users\Артем\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_Connect Manager"="c:\program files (x86)\Connect Manager\UpdateDog\ouc.exe" [2009-07-27 110592]
"Advanced SystemCare 7"="c:\program files (x86)\Advanced SystemCare 7\ASCTray.exe" [2013-12-18 2285344]
"uTorrent"="c:\users\Артем\AppData\Roaming\uTorrent\uTorrent.exe" [2014-01-12 1340496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"autodetect"="c:\windows\SysWOW64\SupportAppXL\AutoDect.exe" [2010-03-15 129872]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2012-08-20 550272]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2013-12-13 1573184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Артем\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HDDlife.lnk - c:\program files (x86)\BinarySense\HDDlife 4\HDDlifePro.exe [2013-2-14 4647176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MegaFon Modem. RunOuc;MegaFon Modem. OUC;c:\program files (x86)\MegaFon Modem\UpdateDog\ouc.exe;c:\program files (x86)\MegaFon Modem\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 2GISUpdateService;2GIS UpdateService;c:\program files (x86)\2gis\3.0\2GISUpdateService.exe;c:\program files (x86)\2gis\3.0\2GISUpdateService.exe [x]
R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
R3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\DRIVERS\ASUSstpt.sys;c:\windows\SYSNATIVE\DRIVERS\ASUSstpt.sys [x]
R3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\DRIVERS\ASUSumsc.sys;c:\windows\SYSNATIVE\DRIVERS\ASUSumsc.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 atillk64;atillk64;c:\users\328F~1\AppData\Local\Temp\RarSFX0\atillk64.sys;c:\users\328F~1\AppData\Local\Temp\RarSFX0\atillk64.sys [x]
R3 C7xxUSB;Samsung CMC7xx USB Network Driver;c:\windows\system32\DRIVERS\C7xUSB76.sys;c:\windows\SYSNATIVE\DRIVERS\C7xUSB76.sys [x]
R3 esihdrv;esihdrv;c:\users\328F~1\AppData\Local\Temp\esihdrv.sys;c:\users\328F~1\AppData\Local\Temp\esihdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 iusb3hcs;Драйвер хост-контроллера и коммутатора Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\Advanced SystemCare 7\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [x]
S2 DCE;Distributed Computing Experiment;c:\program files\DCE\dce.exe;c:\program files\DCE\dce.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys;SysWow64\drivers\AiChargerPlus.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 IntcDAud;Аудио Intel(R) для дисплеев;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Драйвер концентратора Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Драйвер расширяемого хост-контроллера Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 11:25]
.
2014-01-23 c:\windows\Tasks\Driver Booster Update.job
- c:\program files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-01-10 10:16]
.
2014-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 12:48]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 12:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-01-10 05:08 2486592 ----a-w- c:\program files (x86)\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-19 17:49 244696 ----a-w- c:\users\Артем\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-19 17:49 244696 ----a-w- c:\users\Артем\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-19 17:49 244696 ----a-w- c:\users\Артем\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-01-16 7506136]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-01-10 1368792]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-10 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-10 771056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-10 770032]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
Trusted Zone: 4game.com
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{26E7FD80-CAF4-4E33-B364-2715CC4E997B}: NameServer = 213.87.1.1 213.87.0.1
TCP: Interfaces\{3C4A7097-5850-4DA7-9E51-9A8AE78C9D4D}: NameServer = 213.87.1.1 213.87.0.1
TCP: Interfaces\{44D6320A-8BF4-4148-80F5-4B99C6A104A2}: NameServer = 213.87.1.1 213.87.0.1
TCP: Interfaces\{5E7ED6D5-E26F-4757-B084-8337306548B9}: NameServer = 213.87.1.1 213.87.0.1
TCP: Interfaces\{6CBA2F43-DC81-4065-9BF4-FCB20B607D69}: NameServer = 213.87.1.1 213.87.0.1
TCP: Interfaces\{EC321D9D-F5FC-4A87-AD27-DBEFBF729968}: NameServer = 213.87.1.1 213.87.0.1
FF - ProfilePath - c:\users\Артем\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - prefs.js: browser.search.selectedEngine - Яндекс
FF - prefs.js: browser.startup.homepage - hxxp://1homepage.biz/?company=5
FF - ExtSQL: 2013-12-15 15:20; {746505DC-0E21-4667-97F8-72EA6BCF5EEF}; c:\users\Артем\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
FF - ExtSQL: 2014-01-10 13:08;
[email protected]; c:\users\Артем\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\
[email protected]
FF - ExtSQL: 2014-01-15 19:44;
[email protected]; c:\users\Артем\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\
[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
AddRemove-Music Converter - c:\program files (x86)\MusicConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{FE704BF8-384B-44E1-8CF2-8DBEB3637A8A}"=hex:51,66,7a,6c,4c,1d,38,12,96,48,63,
fa,79,76,8f,01,f3,e4,ce,fe,b6,3d,3e,9e
"{91397D20-1446-11D4-8AF4-0040CA1127B6}"=hex:51,66,7a,6c,4c,1d,38,12,4e,7e,2a,
95,74,5a,ba,54,f5,e2,43,00,cf,4f,63,a2
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{95289393-33EA-4F8D-B952-483415B9C955}"=hex:51,66,7a,6c,4c,1d,38,12,fd,90,3b,
91,d8,7d,e3,0a,c6,44,0b,74,10,e7,8d,41
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}"=hex:51,66,7a,6c,4c,1d,38,12,ed,ca,ed,
d1,e9,4f,24,04,eb,40,ec,d5,a9,c0,93,a1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\programdata\MegaFon Modem\OnlineUpdate\ouc.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\users\c:\users\c:\program files (x86)\BinarySense\HDDlife 4\HDDlifePro.exe
c:\program files (x86)\Common Files\BinarySense\hldasvc.exe
c:\program files (x86)\Common Files\BinarySense\hldasvc.exe
c:\program files (x86)\IObit\Driver Booster\DriverBooster.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-01-23 13:37:48 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-23 09:37
.
Pre-Run: 54*364*065*792 байт свободно
Post-Run: 53*714*927*616 байт свободно
.
- - End Of File - - C4CE352EC589BED1E69A4BAAC5C4FF99
A36C5E4F47E84449FF07ED3517B43A31
Скрыть