Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:01:55, on 06.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
CHROME: 37.0.2062.103
FIREFOX: 11.0 (ru)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
C:\Program Files (x86)\Nonoh.net\Nonoh\nonoh.exe
C:\Program Files (x86)\Zona\Zona.exe
C:\Users\777\AppData\Local\Amigo\Application\amigo.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\777\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\777\AppData\Local\Amigo\Application\amigo.exe
C:\Users\777\AppData\Local\Amigo\Application\amigo.exe
C:\Users\777\AppData\Local\Amigo\Application\amigo.exe
C:\Users\777\AppData\Local\Amigo\Application\amigo.exe
C:\Users\777\AppData\Local\BitMaster\bitmaster.bin
C:\Users\777\AppData\Local\Amigo\Application\amigo.exe
C:\Users\777\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\777\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\777\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\777\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\777\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\777\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\777\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\777\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\777\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\777\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\777\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\777\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://yandex.ru/?clid=2101081
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yandex.ru/yandsearch?clid=2101082&text={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://mail.ru/cnt/10445
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://yandex.ru/?clid=2101081
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about
:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: (no name) - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [SpybotDeletingC3862] cmd.exe /c del "C:\Users\777\AppData\Local\iLivid\Helper.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6678] command.com /c del "C:\Users\777\AppData\Local\iLivid\Uninstall.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC195] cmd.exe /c del "C:\Users\777\AppData\Local\iLivid\Uninstall.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA896] command.com /c del "C:\Users\777\AppData\Roaming\Media Get LLC\MediaGet2.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1485] cmd.exe /c del "C:\Users\777\AppData\Roaming\Media Get LLC\MediaGet2.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5242] command.com /c del "C:\Users\777\AppData\Local\Media Get LLC\MediaGet2\cookies_search.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5725] cmd.exe /c del "C:\Users\777\AppData\Local\Media Get LLC\MediaGet2\cookies_search.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8503] command.com /c del "C:\Users\777\AppData\Local\Media Get LLC\MediaGet2\geoip\GeoIP.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3867] cmd.exe /c del "C:\Users\777\AppData\Local\Media Get LLC\MediaGet2\geoip\GeoIP.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2676] command.com /c del "C:\Users\777\AppData\Local\Media Get LLC\MediaGet2\geoip\GeoIP.dat.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6102] cmd.exe /c del "C:\Users\777\AppData\Local\Media Get LLC\MediaGet2\geoip\GeoIP.dat.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6911] command.com /c del "C:\Users\777\AppData\Local\Media Get LLC\MediaGet2\network_cache\cache.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6378] cmd.exe /c del "C:\Users\777\AppData\Local\Media Get LLC\MediaGet2\network_cache\cache.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1159] command.com /c del "C:\Users\777\AppData\Local\Media Get LLC\MediaGet2\suggest\search_stop_word"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3328] cmd.exe /c del "C:\Users\777\AppData\Local\Media Get LLC\MediaGet2\suggest\search_stop_word"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1820] command.com /c del "C:\Users\777\AppData\Local\MediaGet2\mediaget-admin-proxy.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2701] cmd.exe /c del "C:\Users\777\AppData\Local\MediaGet2\mediaget-admin-proxy.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6233] command.com /c del "C:\Users\777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2\MediaGet.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5860] cmd.exe /c del "C:\Users\777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2\MediaGet.lnk"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7419] command.com /c del "C:\Users\777\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2254] cmd.exe /c del "C:\Users\777\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2727] command.com /c del "C:\Users\777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8652] cmd.exe /c del "C:\Users\777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4570] command.com /c del "C:\Windows\Tasks\AmiUpdXp.job"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6979] cmd.exe /c del "C:\Windows\Tasks\AmiUpdXp.job"
O4 - HKCU\..\Run: [Nonoh] "C:\Program Files (x86)\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\777\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Zona] C:\Program Files (x86)\Zona\Zona.exe /MINIMIZED
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitMaster] C:\Users\777\AppData\Local\BitMaster\bitmaster.exe -tray
O4 - HKCU\..\Run: [amigo] C:\Users\777\AppData\Local\Amigo\Application\amigo.exe --no-startup-window
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [SpybotDeletingD7346] cmd.exe /c del "C:\Users\777\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB995] command.com /c del "C:\Users\777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5001] cmd.exe /c del "C:\Users\777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7420] command.com /c del "C:\Windows\Tasks\AmiUpdXp.job"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8322] cmd.exe /c del "C:\Windows\Tasks\AmiUpdXp.job"
O4 - HKCU\..\RunOnce: [ClearTemp] del C:\Users\777\AppData\Local\Temp\yupdate.exe-{6EB58C49-3EB1-413D-A22D-DE1DD3A10830}
O4 - HKCU\..\RunOnce: [Suicide] C:\Users\777\AppData\Local\Yandex\Updater\show-dlg.exe.bcp --del
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun (User 'система')
O4 - HKUS\.DEFAULT\..\Run: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun (User 'Default user')
O8 - Extra context menu item: &Отправить в OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Отправить в OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EC6D73B-70E3-4DAD-B0C9-370697417A26}: NameServer = 77.87.97.3 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{5EC6D73B-70E3-4DAD-B0C9-370697417A26}: NameServer = 77.87.97.3 8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Планировщик (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15280 bytes
Скрыть