Китайский вирус BaiduAn, Sd

Больше плохого не видно.

Да, спасибо вам огромное!
Теперь наблюдаю, не появится ли вновь.

Добрый день!
вирус и все его файлы опять на моем компьютере. Насколько я понимаю, он залазиет как-то через браузер.
Как все же от него избавиться раз и навсегда?

Опять жрет ресурсы компьютера на 100%.

Делайте новые логи по правилам.

[QUOTE]вирус и все его файлы опять на моем компьютере. Насколько я понимаю, он залазиет как-то через браузер.[/QUOTE]
Нет скорее через установочный файл других программ, которые скачены не с официального сайта или были взломаны.

[QUOTE=mike 1;1141880]Делайте новые логи по правилам.


Нет скорее через установочный файл других программ, которые скачены не с официального сайта или были взломаны.[/QUOTE]
В то время, когда у меня появился вирус, никакого ПО я не скачивал вообще. А последний раз скачивал месяц назад наверное где-то.
В любом случае, что можно с этим сделать и как избавиться от этого вируса?

[COLOR="silver"]- - - Добавлено - - -[/COLOR]

аа, увидел, делаем новые логи.

Ждем

Готово: [url]https://yadi.sk/i/FuIjc79yY7ohu[/url]
[url]https://yadi.sk/d/dzlNcCf3Y7pFE[/url]
[url]https://yadi.sk/d/4_RU0bmQY7pRc[/url]

Добавьте SITLog

Готово: [url]https://yadi.sk/d/uEmFs05sYGYZy[/url]

Закройте все программы, [URL="http://virusinfo.info/showthread.php?t=130828"][B]временно[/B] выгрузите антивирус, файрволл и прочее защитное ПО[/URL].

[B][COLOR="#000080"]Важно![/COLOR][/B] на Windows Vista/7/8 AVZ запускайте через контекстное меню проводника от имени Администратора. [URL="http://virusinfo.info/showthread.php?t=7239"]Выполните скрипт в АВЗ[/URL] (Файл - Выполнить скрипт):

[CODE]
begin
ExecuteAVUpdate;
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.'+#13#10+'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
end;
ClearQuarantine;
TerminateProcessByName('c:\program files (x86)\360\360safe\deepscan\zhudongfangyu.exe');
TerminateProcessByName('c:\program files (x86)\ucbrowser\ucservice.exe');
TerminateProcessByName('c:\program files (x86)\360\360safe\softmgr\sml\softmgrlite.exe');
TerminateProcessByName('c:\program files (x86)\360\360safe\liveupdate360.exe');
TerminateProcessByName('c:\program files (x86)\common files\baidu\bddownload\107\bddownloader.exe');
TerminateProcessByName('c:\program files (x86)\baidu\baiduan\2.1.0.1154\bdaleakfixer.exe');
TerminateProcessByName('c:\program files (x86)\baidu\baidusd\1.8.0.1196\baidusdsvc.exe');
TerminateProcessByName('c:\program files (x86)\common files\baidu\baiduprotect\1.2.0.46\baiduprotect.exe');
TerminateProcessByName('c:\program files (x86)\baidu\baiduan\2.1.0.1154\baiduantray.exe');
TerminateProcessByName('c:\program files (x86)\baidu\baiduan\2.1.0.1154\baiduansvc.exe');
TerminateProcessByName('c:\program files (x86)\360\360safe\safemon\360tray.exe');
SetServiceStart('BDMNetMon', 4);
SetServiceStart('BDArKit', 4);
SetServiceStart('bd0004', 4);
SetServiceStart('bd0003', 4);
SetServiceStart('bd0002', 4);
SetServiceStart('bd0001', 4);
SetServiceStart('BAPIDRV', 4);
SetServiceStart('360netmon', 4);
SetServiceStart('360FsFlt', 4);
SetServiceStart('360Camera', 4);
SetServiceStart('360Box64', 4);
SetServiceStart('360AntiHacker', 4);
SetServiceStart('UCBrowserSvc', 4);
SetServiceStart('BDSGRTP', 4);
SetServiceStart('BDMRTP', 4);
SetServiceStart('BDKVRTP', 4);
StopService('BDMNetMon');
StopService('BDArKit');
StopService('bd0004');
StopService('bd0003');
StopService('bd0002');
StopService('bd0001');
StopService('BAPIDRV');
StopService('360netmon');
StopService('360FsFlt');
StopService('360Camera');
StopService('360Box64');
StopService('360AntiHacker');
StopService('UCBrowserSvc');
StopService('BDSGRTP');
StopService('BDMRTP');
StopService('BDKVRTP');
QuarantineFile('C:\ProgramData\7654\Monitor.exe','');
DeleteFile('c:\program files (x86)\baidu\baiduan\2.1.0.1154\baiduansvc.exe','32');
DeleteFile('c:\program files (x86)\common files\baidu\baiduprotect\1.2.0.46\baiduprotect.exe','32');
DeleteFile('c:\program files (x86)\baidu\baidusd\1.8.0.1196\baidusdsvc.exe','32');
DeleteFile('c:\program files (x86)\baidu\baiduan\2.1.0.1154\bdaleakfixer.exe','32');
DeleteFile('c:\program files (x86)\common files\baidu\bddownload\107\bddownloader.exe','32');
DeleteFile('c:\program files (x86)\360\360safe\liveupdate360.exe','32');
DeleteFile('c:\program files (x86)\360\360safe\softmgr\sml\softmgrlite.exe','32');
DeleteFile('c:\program files (x86)\ucbrowser\ucservice.exe','32');
DeleteFile('c:\program files (x86)\360\360safe\deepscan\zhudongfangyu.exe','32');
DeleteFile('C:\Windows\System32\Drivers\360AntiHacker64.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\360Box64.sys','32');
DeleteFile('C:\Windows\System32\Drivers\360Camera64.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\360FsFlt.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\360netmon.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BAPIDRV64.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0001.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0002.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0003.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\bd0004.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDArKit.sys','32');
DeleteFile('C:\Windows\system32\DRIVERS\BDMNetMon.sys','32');
DeleteFile('C:\Program Files (x86)\360\360Safe\SoftMgr\360SoftMgr.cpl','32');
DeleteFile('C:\Program Files (x86)\360\360Safe\SoftMgr\SoftMgrExt64.dll','32');
DeleteFile('C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe','32');
DeleteFile('C:\Program Files (x86)\Baidu\BaiduAn\2.1.0.1154\BaiduAnTray.exe','32');
DeleteFile('C:\Program Files (x86)\Baidu\BaiduSd\1.8.0.1196\BDShellExt.dll','32');
DeleteFile('C:\Program Files (x86)\Baidu\BaiduSd\1.8.0.1196\BDShellExt64.dll','32');
DeleteFile('C:\Program Files (x86)\Baidu\BaiduSd\1.8.0.1196\BaiduSdTray.exe','32');
DeleteFile('C:\ProgramData\7654\Monitor.exe','32');
DeleteFile('C:\Program Files (x86)\360\360Safe\safemon\safemon.dll','32');
DeleteFile('C:\Windows\Tasks\UCBrowserUpdater{f55be20babdf363bc043f47e776f1d97}.job','64');
DeleteFile('C:\Program Files (x86)\UCBrowser\update_task.exe','32');
DeleteFile('C:\Windows\bdws_1454_7654_9514.exe','32');
DeleteFile('C:\Windows\ucbrowser_7654_9514.exe','32');
DeleteFile('C:\Windows\qhse_7654_9514.exe','32');
DeleteFile('C:\Windows\qhws_7654_9514.exe','32');
DeleteFile('C:\Windows\bdsd_1454_7654_9514.exe','32');
DeleteFile('C:\Windows\gswb_1454_7654_9514.exe','32');
DeleteFile('C:\Windows\System32\bd64_x64.dll','32');
DeleteFile('C:\Windows\System32\bd64_x86.dll','32');
DelBHO('{B69F34DD-F0F9-42DC-9EDD-957187DA688D}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls','360SoftMgr');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved','{5E19C0CE-C02C-46c2-98C3-A2E12EDE0E17}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','360Safetray');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','BaiduAnTray');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','BaiduSdTray');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved','{00890530-6A9F-4be2-B1BB-73F01E2BB986}');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7654');
DeleteService('360Hvm');
DeleteService('BDMNetMon');
DeleteService('BDArKit');
DeleteService('bd0004');
DeleteService('bd0003');
DeleteService('bd0002');
DeleteService('bd0001');
DeleteService('BAPIDRV');
DeleteService('360netmon');
DeleteService('360FsFlt');
DeleteService('360Camera');
DeleteService('360Box64');
DeleteService('360AntiHacker');
DeleteService('UCBrowserSvc');
DeleteService('BDSGRTP');
DeleteService('BDMRTP');
DeleteService('BDKVRTP');
DeleteFileMask('C:\Program Files (x86)\Baidu', '*', true, ' ');
DeleteFileMask('C:\ProgramData\baidu', '*', true, ' ');
DeleteFileMask('C:\Program Files (x86)\Common Files\Baidu', '*', true, ' ');
DeleteFileMask('C:\Program Files (x86)\UCBrowser', '*', true, ' ');
DeleteFileMask('C:\Program Files (x86)\360', '*', true, ' ');
DeleteFileMask('C:\360SANDBOX', '*', true, ' ');
DeleteFileMask('C:\$360Section', '*', true, ' ');
DeleteFileMask('C:\Users\SAM\AppData\Roaming\360safe', '*', true, ' ');
DeleteFileMask('C:\ProgramData\7654', '*', true, ' ');
DeleteFileMask('C:\Users\SAM\AppData\Roaming\Baidu', '*', true, ' ');
DeleteFileMask('C:\Users\SAM\AppData\Roaming\360Quarant', '*', true, ' ');
DeleteDirectory('C:\Users\SAM\AppData\Roaming\Baidu');
DeleteDirectory('C:\Users\SAM\AppData\Roaming\360Quarant');
DeleteDirectory('C:\ProgramData\7654');
DeleteDirectory('C:\$360Section');
DeleteDirectory('C:\Users\SAM\AppData\Roaming\360safe');
DeleteDirectory('C:\Program Files (x86)\Baidu');
DeleteDirectory('C:\ProgramData\baidu');
DeleteDirectory('C:\Program Files (x86)\Common Files\Baidu');
DeleteDirectory('C:\Program Files (x86)\UCBrowser');
DeleteDirectory('C:\Program Files (x86)\360');
DeleteDirectory('C:\360SANDBOX');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(false);
end.

[/CODE]

[B]Внимание![/B] Будет выполнена перезагрузка компьютера. После перезагрузки компьютера [URL="http://virusinfo.info/showthread.php?t=7239"]выполните скрипт[/URL] в АВЗ:

[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]

Пришлите карантин согласно Приложения 2 правил по красной ссылке [B]Прислать запрошенный карантин[/B] вверху темы

Сделайте новые логи

Пришлите карантин согласно Приложения 2 правил по красной ссылке Прислать запрошенный карантин вверху темы

Скрипт не подгружается через форму. Пишет "Ошибка загрузки. Данный файл уже был загружен". Как поступить?

Тогда пропускайте этот шаг.

тогда готово: [url]https://yadi.sk/d/wwQA568wYPqFK[/url]
правда первый скрипт пришлось несколько раз запускать. Компьютер перезагружался, а скрипт до конца не выполнялся. Последняя попытка была из безопасного режима.

Выполните скрипт из 30 сообщения еще раз, но только из безопасного режима. Потом сделайте новые логи.

Новые логи: [url]https://yadi.sk/d/UD-eeE_fYQ8gQ[/url]

Скачайте ComboFix [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]здесь[/url] и сохраните в корень диска С.

1. [color=red]Внимание![/color] Обязательно закройте все браузеры, [URL="http://virusinfo.info/showthread.php?t=130828"]временно выключите антивирус, firewall и другое защитное программное обеспечение[/URL]. Не запускайте других программ во время работы Combofix. Combofix может отключить интернет через некоторое время после запуска, не переподключайте интернет пока Combofix не завершит работу. Если интернет не появился после окончания работы Combofix, перезагрузите компьютер. Во время работы Combofix не нажимайте кнопки мыши, это может стать причиной зависания Combofix.

2. Запустите [b]combofix.exe[/b], когда процесс завершится, скопируйте текст из [b]C:\ComboFix.txt[/b] и вставьте в следующее сообщение или запакуйте файл C:\ComboFix.txt и прикрепите к сообщению.
Примечание: В случае, если ComboFix не запускается, переименуйте combofix.exe. Например: temp.exe

проделал все процедуры. Правда до этого вирус появился еще раз. Было ощущение, что он записывается с какого-то виртуального диска. Потому как вначале появляется окно Касперского, который предлагает проверить съемный диск на наличие вирусов, потом в панели задач (где дата и часы) появляется какая-то иконка флешки (показывет диск Е:) и вирус уже тут как тут.

Проделал процедуру из поста 30 еще раз. Плюс отчет по последнему посту 36 ниже:

[spoiler]
ComboFix 14-07-29.01 - SAM 31.07.2014 17:21:14.2.4 - x64 NETWORK
Microsoft Windows 7 Профессиональная 6.1.7601.1.1251.7.1049.18.8108.7015 [GMT 4:00]
Running from: C:\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
-------\Service_bd0002
-------\Legacy_BD0001
-------\Legacy_BD0002
.
.
((((((((((((((((((((((((( Files Created from 2014-06-28 to 2014-07-31 )))))))))))))))))))))))))))))))
.
.
2014-07-31 13:30 . 2014-07-31 13:30 -------- d-----w- c:\users\Администратор\AppData\Local\temp
2014-07-31 13:30 . 2014-07-31 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-31 11:56 . 2014-07-31 11:59 -------- d-----w- c:\users\SAM\AppData\Local\Adobe
2014-07-31 11:56 . 2014-07-31 11:56 -------- d-----w- c:\program files\Common Files\Adobe
2014-07-31 11:40 . 2014-07-31 11:40 -------- d-----w- c:\users\SAM\AppData\Roaming\360mobilemgr
2014-07-31 10:37 . 2014-07-31 10:37 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2014-07-31 10:37 . 2014-07-31 10:37 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2014-07-31 10:36 . 2014-07-31 10:37 -------- d-----w- c:\users\SAM\AppData\Roaming\DVDVideoSoft
2014-07-29 08:28 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0E5D33F-F7FB-46CC-BE41-B2C3DA8A0EBE}\mpengine.dll
2014-07-28 15:47 . 2014-01-13 10:52 41800 ----a-w- c:\windows\system32\bd64_x64.dll
2014-07-28 15:47 . 2014-01-13 10:52 39056 ----a-w- c:\windows\system32\bd64_x86.dll
2014-07-28 11:56 . 2014-04-12 10:36 64840 ----a-w- c:\windows\system32\drivers\bd0003.sys
2014-07-28 11:52 . 2014-07-28 14:18 -------- d-----w- c:\programdata\360safe
2014-07-28 11:51 . 2014-07-31 11:10 38172096 ----a-w- c:\windows\360sd_7654_9514.exe
2014-07-28 11:50 . 2014-04-21 06:26 39496 ----a-w- c:\windows\system32\drivers\360LanProtect.sys
2014-07-28 11:50 . 2014-04-18 10:36 310856 ----a-w- c:\windows\system32\drivers\360FsFlt.sys
2014-07-28 11:50 . 2014-04-15 07:18 180808 ----a-w- c:\windows\system32\drivers\BAPIDRV64.SYS
2014-07-28 11:50 . 2014-06-16 09:42 103496 ----a-w- c:\windows\system32\drivers\360AntiHacker64.sys
2014-07-28 11:50 . 2014-05-14 10:28 181320 ----a-w- c:\windows\system32\drivers\360Hvm64.sys
2014-07-28 11:50 . 2014-04-18 08:30 40520 ----a-w- c:\windows\system32\drivers\360Camera64.sys
2014-07-28 11:50 . 2014-07-31 13:12 -------- d-----r- C:\360SANDBOX
2014-07-28 11:50 . 2014-05-27 13:23 311368 ----a-w- c:\windows\system32\drivers\360Box64.sys
2014-07-28 11:50 . 2014-04-17 10:32 162120 ----a-w- c:\windows\SysWow64\360SoftMgr.cpl
2014-07-28 11:50 . 2014-07-03 11:49 69192 ----a-w- c:\windows\system32\drivers\360netmon.sys
2014-07-28 11:49 . 2014-07-31 10:59 -------- d-----w- c:\program files (x86)\360
2014-07-28 11:41 . 2014-01-13 10:52 168264 ----a-w- c:\windows\system32\drivers\bd0004.sys
2014-07-28 11:41 . 2014-04-12 10:36 72008 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2014-07-28 11:41 . 2014-04-02 09:41 108872 ----a-w- c:\windows\system32\drivers\BDMNetMon.sys
2014-07-28 11:41 . 2014-04-02 09:41 215880 ----a-w- c:\windows\system32\drivers\bd0002.sys
2014-07-28 11:41 . 2014-04-02 09:41 160080 ----a-w- c:\windows\system32\drivers\bd0001.sys
2014-07-23 21:16 . 2014-07-31 13:14 13312 ----a-w- c:\windows\SysWow64\drivers\vdi1nzgy.sys
2014-07-23 10:10 . 2010-08-30 04:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-23 10:10 . 2014-07-23 10:41 -------- d-----w- C:\AdwCleaner
2014-07-23 07:41 . 2014-07-23 07:41 -------- d-----w- c:\windows\Sun
2014-07-21 07:52 . 2014-07-21 08:15 -------- d-----w- c:\users\SAM\Doctor Web
2014-07-20 17:41 . 2014-07-20 17:41 -------- d-----w- c:\users\SAM\AppData\Roaming\ahelper
2014-07-17 08:20 . 2014-07-17 08:20 -------- d-----w- c:\windows\system32\log
2014-07-16 08:44 . 2014-07-16 08:44 -------- d-----w- c:\program files (x86)\Common Files\GSInput
2014-07-16 08:38 . 2014-07-16 08:38 -------- d-----w- c:\program files (x86)\GSInput
2014-07-16 06:51 . 2014-07-16 06:51 -------- d-----w- c:\users\SAM\AppData\Local\UCBrowser
2014-07-15 13:29 . 2014-07-15 13:29 -------- d-----w- C:\163656fd62ebddf639992a8ea72e5e
2014-07-13 23:25 . 2014-07-31 13:05 -------- d-----w- c:\users\Default\AppData\Local\defend
2014-07-13 16:27 . 2014-07-13 16:27 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-11 15:17 . 2014-07-11 15:17 90112 ----a-w- c:\windows\SysWow64\wemote.dll
2014-07-10 23:09 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-07-10 19:50 . 2014-07-10 19:50 -------- d-----w- c:\users\SAM\AppData\Local\CounterPath Corporation
2014-07-10 19:46 . 2014-07-10 19:46 -------- d-----w- c:\programdata\Package Cache
2014-07-10 15:23 . 2014-07-10 19:49 -------- d-----w- c:\users\SAM\AppData\Local\CounterPath
2014-07-10 15:22 . 2014-07-10 19:48 -------- d-----w- c:\program files (x86)\CounterPath
2014-07-09 14:38 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 14:38 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 14:38 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-07 06:32 . 2014-07-07 06:32 -------- d-----w- c:\programdata\Taxcom
2014-07-03 11:57 . 2014-07-31 11:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-13 16:27 . 2012-04-22 07:57 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-13 16:27 . 2012-02-17 03:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 23:10 . 2012-01-12 19:55 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-20 09:06 . 2012-11-23 08:55 628320 ----a-w- c:\windows\system32\drivers\klif.sys
2014-05-20 09:06 . 2012-11-23 08:55 91008 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-05-09 06:14 . 2014-05-14 09:49 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 09:49 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 09:25 1730264 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 09:25 1730264 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 09:25 1730264 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-13 05:57 463360 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-13 05:57 463360 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-13 05:57 463360 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_MegaFon | Modem"="c:\program files (x86)\MegaFon Modem\UpdateDog\ouc.exe" [2012-08-13 218624]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"SyncManPath"="c:\users\SAM\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" [2013-10-15 21372192]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-06-27 24477056]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21440640]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"X-Lite"="c:\program files (x86)\CounterPath\X-Lite\X-Lite.exe" [2014-07-07 4978016]
"DVSSkypeRecorder"="c:\program files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe" [2014-07-16 1013928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2011-06-20 26624]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2011-05-26 2104456]
"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 10\MMReminderService.exe" [2011-09-14 37728]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-21 343168]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-10 356128]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-08-02 46952]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-02 30568]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2013-03-22 4522496]
.
c:\users\SAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MEGAsync.lnk - c:\users\SAM\AppData\Local\MEGAsync\MEGAsync.exe [2014-4-18 3835392]
Punto Switcher.lnk - c:\program files (x86)\Yandex\Punto Switcher\punto.exe [2013-7-9 1570640]
Отправка в OneNote.lnk - c:\program files\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2014-6-10 222384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Change Settings.LNK - c:\program files (x86)\ZyXEL\OMNI ADSL USB Wizard\Setup.exe -c [2013-3-15 5099520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 wdigest tspkg pku2u livessp cpssl
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 vdi1nzgy;AVZ-BC Kernel Driver;c:\windows\system32\Drivers\vdi1nzgy.sys;c:\windows\SYSNATIVE\Drivers\vdi1nzgy.sys [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MegaFon Modem. RunOuc;MegaFon Modem. OUC;c:\program files (x86)\MegaFon Modem\UpdateDog\ouc.exe;c:\program files (x86)\MegaFon Modem\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZhuDongFangYu;????;c:\program files (x86)\360\360Safe\deepscan\zhudongfangyu.exe;c:\program files (x86)\360\360Safe\deepscan\zhudongfangyu.exe [x]
R3 2GISUpdateService;2GIS UpdateService;c:\program files (x86)\2gis\3.0\2GISUpdateService.exe;c:\program files (x86)\2gis\3.0\2GISUpdateService.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Поддержка сканирования WSD через UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 bd0003;bd0003;c:\windows\system32\DRIVERS\bd0003.sys;c:\windows\SYSNATIVE\DRIVERS\bd0003.sys [x]
R4 bd0004;bd0004;c:\windows\system32\DRIVERS\bd0004.sys;c:\windows\SYSNATIVE\DRIVERS\bd0004.sys [x]
R4 BDMNetMon;BDMNetMon;c:\windows\system32\DRIVERS\BDMNetMon.sys;c:\windows\SYSNATIVE\DRIVERS\BDMNetMon.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 CProCtrl;КриптоПро CSP драйвер;c:\windows\system32\DRIVERS\CProCtrl.sys;c:\windows\SYSNATIVE\DRIVERS\CProCtrl.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 BotkindSyncService;Botkind Service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cpcsp1;КриптоПро CSP KC1;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DMAgent;Служба управления устройствами Intel® PROSet/Wireless WiMAX Red Bend;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe;c:\program files\TrueSuite\TrueSuite.Service.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 KMSEmulator;KMS Server Service;c:\users\All Users\KMSAuto\KMSES.exe 1688 55041-01849-662-662235-03-1049-9200.0000-1692012 KillProcessOnPort;c:\users\All Users\KMSAuto\KMSES.exe 1688 55041-01849-662-662235-03-1049-9200.0000-1692012 KillProcessOnPort [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 WiMAXAppSrv;Служба Intel® PROSet/Wireless WiMAX;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S2 Yota Access Service;Yota Access Service;C:/Program Files/Yota/Yota Access/YotaAccessService.exe;C:/Program Files/Yota/Yota Access/YotaAccessService.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel(R) Centrino(R) WiMAX серии 6050;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;Функциональный драйвер адаптера Intel(R) Centrino(R) WiMAX серии 6050;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Аудио Intel(R) для дисплеев;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2011-09-14 08:52 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-18 16:27]
.
2014-07-31 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-15 08:02]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 10:48]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 10:48]
.
2014-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027461091-669919136-238473217-1000Core.job
- c:\users\SAM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 17:41]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027461091-669919136-238473217-1000UA.job
- c:\users\SAM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 17:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 09:21 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 09:21 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 09:21 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-13 05:57 470016 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-13 05:57 470016 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-13 05:57 470016 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase0Sync]
@="{63D48440-63AB-44D0-B323-4731DFCDE9E9}"
[HKEY_CLASSES_ROOT\CLSID\{63D48440-63AB-44D0-B323-4731DFCDE9E9}]
2013-09-23 12:26 1295648 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase1Modified]
@="{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}"
[HKEY_CLASSES_ROOT\CLSID\{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}]
2013-09-23 12:26 1295648 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase2Error]
@="{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}"
[HKEY_CLASSES_ROOT\CLSID\{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}]
2013-09-23 12:26 1295648 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase3Shared]
@="{AF8D197E-7022-4c3d-BD88-68AD35C9C169}"
[HKEY_CLASSES_ROOT\CLSID\{AF8D197E-7022-4c3d-BD88-68AD35C9C169}]
2013-09-23 12:26 1295648 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-23 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-02-23 2179688]
"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-02-13 421192]
"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2011-02-13 308040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-25 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-25 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-25 417088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://online.taxcom.ru/
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
IE:
IE: &Отправить в OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Send Image To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
IE: Добавить в Анти-Баннер - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Добавить к существующему PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Добавить содержимое по ссылке в существующий файл PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Преобразовать содержимое по ссылке в PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
Trusted Zone: taxcom.ru
Trusted Zone: taxcom.ru\online
TCP: DhcpNameServer = 213.240.240.3
TCP: Interfaces\{A7AEC8EB-FC04-40C3-B433-8D540C8EE311}: DhcpNameServer = 213.240.240.3
TCP: Interfaces\{BF9822D2-3E62-44CF-81F0-E4AC6C472E22}: NameServer = 10.77.48.49 10.77.48.33
TCP: Interfaces\{C26690E7-7B1C-4926-A6FD-86929F64A990}: NameServer = 10.77.48.33 10.77.48.49
TCP: Interfaces\{FD3F351D-E59D-4FB9-89D8-6D26E4C1401B}: NameServer = 10.77.48.49 10.77.48.33
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: Taxcom CryptoAX Setup - hxxps://online.taxcom.ru/common/cab/TaxcomCryptoAX.CAB
FF - ProfilePath - c:\users\SAM\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: !HIDDEN! 2012-02-22 08:32; [email][email protected][/email]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
------- File Associations -------
.
.txt does not exist!
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
ShellIconOverlayIdentifiers-{CC00F81D-5262-450A-B1FA-D6BEE3406263} - c:\program files (x86)\360\360Safe\safemon\360UDiskGuard64.dll
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-360???? - c:\program files (x86)\360\360Safe\uninst.exe
AddRemove-UC??? - c:\program files (x86)\UCBrowser\Uninstall.exe
AddRemove-WYSIWYG_Web_Builder_8 - c:\windows\iun6002.exe
AddRemove-{25175695-4B20-4298-9F34-C2C57CD277B3} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-{C0357E79-BAED-48F4-8AFE-A5E71AFC2658} - c:\program files (x86)\InstallShield Installation Information\{C0357E79-BAED-48F4-8AFE-A5E71AFC2658}\setup.exe
AddRemove-{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-???? - c:\program files (x86)\Baidu\BaiduAn\2.1.0.1154\uninst.exe
AddRemove-???? - c:\program files (x86)\Baidu\BaiduSd\1.8.0.1196\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\S-1-5-21-2027461091-669919136-238473217-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7765523-6C39-39E6-EBFC-1B26933F4DC5}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\U*C*OmȉhV]
"DisplayIcon"="c:\\Program Files (x86)\\UCBrowser\\UCBrowser.exe"
"DisplayName"="UC???"
"DisplayVersion"="1.0.739.0"
"Publisher"="????????"
"UninstallString"="\"c:\\Program Files (x86)\\UCBrowser\\Uninstall.exe\" \" -Registry \""
"EstimatedSize"=dword:0001f728
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Allway Sync\Bin\SyncService.exe
c:\windows\system32\hasplms.exe
c:\users\All Users\KMSAuto\KMSES.exe
c:\windows\system32\srvany.exe
c:\programdata\OnlineUpdate\ouc.exe
c:\mysql5\bin\mysqld.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\program files (x86)\Sony\VAIO Event Service\WBCBatteryCare.exe
.
**************************************************************************
.
Completion time: 2014-07-31 20:09:46 - machine was rebooted
ComboFix-quarantined-files.txt 2014-07-31 16:09
.
Pre-Run: 23*238*680*576 байт свободно
Post-Run: 22*628*225*024 байт свободно
.
- - End Of File - - 50ED3AD92522DAD4C996D152D96218DE[/spoiler]

Скопируйте текст ниже в Блокнот и [COLOR="#0000CD"]сохраните[/COLOR] как файл с названием [B]CFScript.txt[/B] [COLOR="#0000CD"][B]в корень диска С. [/B][/COLOR]
[code]
KillAll::

File::
c:\windows\system32\bd64_x64.dll
c:\windows\system32\bd64_x86.dll
c:\windows\system32\drivers\bd0003.sys
c:\windows\360sd_7654_9514.exe
c:\windows\system32\drivers\360LanProtect.sys
c:\windows\system32\drivers\360FsFlt.sys
c:\windows\system32\drivers\BAPIDRV64.SYS
c:\windows\system32\drivers\360AntiHacker64.sys
c:\windows\system32\drivers\360Hvm64.sys
c:\windows\system32\drivers\360Camera64.sys
c:\windows\system32\drivers\360Box64.sys
c:\windows\SysWow64\360SoftMgr.cpl
c:\windows\system32\drivers\360netmon.sys
c:\windows\system32\drivers\bd0004.sys
c:\windows\system32\drivers\BDArKit.sys
c:\windows\system32\drivers\BDMNetMon.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\bd0001.sys

Driver::
ZhuDongFangYu
bd0003
bd0004

Folder::
c:\users\SAM\AppData\Roaming\360mobilemgr
c:\programdata\360safe
C:\360SANDBOX
c:\program files (x86)\360
c:\users\SAM\AppData\Local\UCBrowser

RegLockDel::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Uninstall\U*C*OmȉhV]

Registry::

FileLook::

DirLook::

Reboot::
[/code]
После сохранения переместите [B]CFScript.txt[/B] на пиктограмму ComboFix.exe.
[IMG]http://savepic.org/5315621m.gif[/IMG]
Когда сохранится новый отчет [B]ComboFix.txt[/B], прикрепите его к сообщению.

Готово:
[spoiler="лог комбо"]
ComboFix 14-07-29.01 - SAM 31.07.2014 22:01:00.3.4 - x64 NETWORK
Microsoft Windows 7 Профессиональная 6.1.7601.1.1251.7.1049.18.8108.7030 [GMT 4:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\360sd_7654_9514.exe"
"c:\windows\system32\bd64_x64.dll"
"c:\windows\system32\bd64_x86.dll"
"c:\windows\system32\drivers\360AntiHacker64.sys"
"c:\windows\system32\drivers\360Box64.sys"
"c:\windows\system32\drivers\360Camera64.sys"
"c:\windows\system32\drivers\360FsFlt.sys"
"c:\windows\system32\drivers\360Hvm64.sys"
"c:\windows\system32\drivers\360LanProtect.sys"
"c:\windows\system32\drivers\360netmon.sys"
"c:\windows\system32\drivers\BAPIDRV64.SYS"
"c:\windows\system32\drivers\bd0001.sys"
"c:\windows\system32\drivers\bd0002.sys"
"c:\windows\system32\drivers\bd0003.sys"
"c:\windows\system32\drivers\bd0004.sys"
"c:\windows\system32\drivers\BDArKit.sys"
"c:\windows\system32\drivers\BDMNetMon.sys"
"c:\windows\SysWow64\360SoftMgr.cpl"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360SANDBOX
c:\program files (x86)\360
c:\programdata\360safe
c:\programdata\360safe\ScanCache\CIndex_2014_07_28.dat
c:\programdata\360safe\ScanCache\CIndex_2014_07_30.dat
c:\programdata\360safe\ScanCache\CIndex_2014_07_31.dat
c:\programdata\360safe\ScanCache\Data_2014_07_28.dat
c:\programdata\360safe\ScanCache\Data_2014_07_30.dat
c:\programdata\360safe\ScanCache\Data_2014_07_31.dat
c:\programdata\360safe\ScanCache\MIndex.dat
c:\programdata\360safe\softmgr\bootitem.ini
c:\programdata\360safe\softmgr\Proc.dat
c:\programdata\360safe\softmgr\somextrainfo2.ini
c:\programdata\360safe\softmgr\somweather.ini
c:\programdata\360safe\softmgr\svdl.ini
c:\users\SAM\AppData\Local\UCBrowser
c:\users\SAM\AppData\Local\UCBrowser\User Data\chrome_debug.log
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Antiblocking-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Antiblocking
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Archived History-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Archived History
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Bookmarks
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\data_0
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\data_1
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\data_2
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\data_3
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000001
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000002
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000003
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000004
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000005
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000006
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000007
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000008
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000009
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_00000a
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_00000b
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_00000c
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_00000d
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_00000e
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_00000f
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000010
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000011
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000012
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\f_000013
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cache\index
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cookies-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Cookies
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Current Session
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Current Tabs
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extension Cookies-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extension Cookies
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extension State\000003.log
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extension State\CURRENT
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extension State\LOCK
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extension State\LOG
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extension State\MANIFEST-000002
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ar\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\bg\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ca\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\cs\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\da\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\de\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\el\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\en_GB\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\en_US\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\es\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\es_419\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\et\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\eu\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fi\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fil\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fr\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\he\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hi\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hr\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hu\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\id\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\it\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ja\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ko\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\lt\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\lv\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ms\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\nl\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\no\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pl\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pt_BR\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pt_PT\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ro\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ru\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sk\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sl\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sr\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sv\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\th\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\tr\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\uk\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\vi\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\zh_CN\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\zh_TW\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\128.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0\html\background.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0\images\icon.16.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0\images\icon.48.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0\images\icon.64.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0\js\background.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0\js\jquery.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\_locales\en\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\_locales\ru\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\background\event_listener.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\background\lcr.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\background\links_mode.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\background\main.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\background\main.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\content_scripts\content.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\content_scripts\images.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\content_scripts\parse_url.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\images\linkfilter.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\images\logo.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin\npUrlAdvisor.dll
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\_locales\en\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\_locales\ru\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\background\browser_navigator.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\background\cookies_headers_parser.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\background\main.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\background\main.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\background\tabs_watcher.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\images\online_banking_extension_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin\online_banking_npapi.dll
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\css\wow_common.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\html\wow_background.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\images\wow_fb_close.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\images\wow_icon128.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\images\wow_icon16.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\images\wow_icon19.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\images\wow_icon19d.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\images\wow_icon32.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\images\wow_icon48.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\images\wow_loading.gif
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\images\wow_zoom.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\js\wow_affiliate.min.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\js\wow_background.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\js\wow_base64.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\js\wow_common.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\js\wow_jquery.min.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\js\wow_popup.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\js\wow_tools.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\js\wow_tr_advanced.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\js\wow_tr_simple.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\js\wow_zoom.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\plugins\wow_douban.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\plugins\wow_facebook.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\plugins\wow_google.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\plugins\wow_taobao.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\plugins\wow_twitter.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\4.60_0\plugins\wow_weibo.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah\5.0_0\background.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah\5.0_0\indexeddb.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah\5.0_0\jquery.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah\5.0_0\lsdb.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah\5.0_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah\5.0_0\sqlite.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah\5.0_0\worker.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\ar\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\bg\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\cs\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\da\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\de\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\el\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\en\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\es-MX\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\es\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\fi\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\fr\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\hu\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\id\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\it\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\ja\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\ko\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\lt\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\lv\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\nb\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\nl\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\pl\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\pt-BR\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\pt\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\ro\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\ru\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\sr-Cyrl\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\sr-Latn\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\sr\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\sv\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\tr\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\vi\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\zh-hans\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\zh-hant-HK\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\zh-hant\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\_locales\zh\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\background\event_listener.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\background\main.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\background\main.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\content_scripts\content.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\content_scripts\icon_helper.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\content_scripts\icon_injector.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\content_scripts\keypress_emulator.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\content_scripts\keypress_emulator_chrome.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\content_scripts\once_timed_tooltip.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\content_scripts\protectable_element_detector.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\content_scripts\tooltip.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\images\kbrd-mini.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\images\kbrd.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\plugin\npVKPlugin.dll
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\background.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\background.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\browserSpecificScript.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\c2c_128x128.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\c2c_16x16.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\c2c_48x48.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\c2c_options_handler_script.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\c2c_options_menu.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\c2c_options_menu.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\call_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\call_icon_ui1.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\call_skype_logo.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\call_skype_logo_ui1.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\contentscript.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\fpnr.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\gift_icon_ui1.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\jquery-2.1.0.min.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\learnmore_icon_ui1.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\localization.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\menu_handler.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\mutation-summary.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\number_highlighting.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\number_highlighting_builder.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\number_highlighting_chrome.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\number_highlighting_chrome_ui1.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\number_highlighting_ui1.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\plus_icon_ui1.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\pnr.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\skypecredit_icon_ui1.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\telemetry.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_background.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_window.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css\craw_window.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html\craw_window.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\flapper.gif
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_128.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_16.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_close.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_hover.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_maximize.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_pressed.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0\background.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0\npwebsitelogon.dll
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0\websiteLogon.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\oiokdoppleiafjmfmggefbkghfblaplo\1.0_0\websiteLogonBG.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\css\style.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\html\background.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\images\back.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\images\icon.128.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\images\icon.16.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\images\icon.48.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\images\icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\images\loader.gif
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\images\logo.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\js\context.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\js\ex.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\js\jquery.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\js\zoom.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\_locales\en\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\_locales\ru\messages.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\background\main.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\background\main.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\images\kavab.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin\npABPlugin.dll
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\FZLTCXHJW.TTF
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_add_device.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_adv_close.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_apps_command_1st.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_apps_command_2nd.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_apps_command_3rd.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_apps_command_apps.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_apps_command_apps_selected.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_apps_command_games.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_apps_command_games_selected.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_apps_command_normal.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_apps_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_apps_icon_selected.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_apps_nodata.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_ask_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_battery_base.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_bg.jpg
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_bubble_close.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_checkbox_check.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_checkmark.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_checkmark_hover.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_close.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_close_hover.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_close_white.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_close_white_hover.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_confirm_on_phone.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_create_bg.jpg
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_create_ul.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_default.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_default_check.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_fail_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_fail_mobile.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_phone_icon_check.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_popup_tab_current.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_popup_tab_hover.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_setting_1.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_setting_2.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_setting_3.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_tips_img.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_tips_ing.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_usb.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_usb_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_usb2.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_usb2_check.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_confirm.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_fail.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_free.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_free_1.jpg
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_free_2.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_install.jpg
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_install.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_mobile.jpg
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_refusal.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_step.jpg
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi_step.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi2.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_connect_wifi2_check.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_disconnect_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_disconnected_animation.gif
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_export_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_export_icon_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_help_icon_hover.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_help_icon_normal.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_home.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_home_selected.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_how_connect_usb.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_icon_phone.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_icon_scan.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_install_help.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_kuaping.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_kuaping_favicon_128.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_kuaping_favicon_16.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_kuaping_favicon_48.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_kuaping_favicon_72.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_new_app_add.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_no_wifi.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_phone_common.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_phone_shadow.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_pic_selected.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_pics_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_pics_icon_selected.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_picsort_catalog.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_picsort_catalog_selected.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_picsort_list.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_picsort_list_selected.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_picsort_timeline.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_picsort_timeline_selected.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_picview_close_hover.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_picview_close_normal.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_picview_close_press.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_play.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_product_logo_16.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_progress_loading.gif
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_qrcode_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_qrdemo.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_radiobox.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_radiobox_check.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_refuse_on_phone.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_rolling_center.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_screen_wifi.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_screenshot_capture.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_screenshot_capture_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_screenshot_menu.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_screenshot_menu_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_screenshot_refresh.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_screenshot_refresh_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_searchbar_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_send_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_send_icon_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_send_result_bg.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_send_result_error.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_send_result_ok.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_sent_mobile_device.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_setting_icon_hover.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_setting_icon_normal.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_setting_no_device.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_sort_desc.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_sort_insc.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_storge_phone_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_storge_sd_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_delete.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_delete_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_icon_arrow.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_icon_base.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_icon_going.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_icon_going_animation.gif
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_icon_on.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_pause.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_pause_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_start.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_task_start_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_tophone_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_tophone_icon_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_tosd_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_tosd_icon_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_type_app.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_type_apps32.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_type_apps36.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_type_file.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_type_floder.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_type_image.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_type_music.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_type_text.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_type_video.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_ucapps_checkbox_check.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_ucapps_checkbox_uncheck.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_uninstall_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_uninstall_icon_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_up.gif
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_update_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_update_icon_disable.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_update_icon_white.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_update_info.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_upgrade_1.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_upgrade_2.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_upgrade_3.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_upload_document_hover.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_upload_document_normal.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_upload_floder_arrow_off.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_upload_floder_arrow_on.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_upload_floder_off.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_upload_floder_on.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_upload_folder_hover.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_upload_folder_normal.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_warn_icon.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_white_close_btn.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\images\wow_white_close_btn_hover.png
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\jquery-2.0.3.min.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\jquery.lazyload.min.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\manifest.json
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_background.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_background.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_common.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_common.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_create.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_create.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_frame.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_frame.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_usb.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_usb.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_usb_fail.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_usb_fail.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_usb_ing.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_usb_ing.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_usb_setting.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_usb_setting.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_wifi.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_wifi.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_wifi_fail.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_wifi_fail.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_wifi_guide.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_wifi_guide.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_wifi_install.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_wifi_install.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_wifi_mode.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_connect_wifi_mode.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_content.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_content.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_content_frame.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_content_frame.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_dialog_setting.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_dialog_setting.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_dialog_setting.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_dialog_tips_phone.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_dialog_tips_phone.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_dialog_tips_wifi.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_dialog_tips_wifi.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_index.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_index.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_index.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_manager_app.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_manager_app.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_manager_img.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_manager_img.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_manager_music.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_manager_music.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_manager_video.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_manager_video.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_msg_box.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_msg_box.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_msg_box.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_page_action.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_popup.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_popup.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_popup.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_reset.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_task_center.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_task_center.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_task_center.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_welcome.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_welcome.html
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Extensions\plbaklpililaojlcljbbgljhpkafgpgd\1.0.26_0\wow_welcome.js
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Favicons-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Favicons
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Google Profile.ico
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\History-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\History Provider Cache
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\History
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Image accelerate-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Image accelerate
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\JumpListIcons\FD16.tmp
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\JumpListIcons\FD17.tmp
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\JumpListIcons\FD18.tmp
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\JumpListIcons\FD4A.tmp
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\JumpListIconsOld\FBCA.tmp
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\JumpListIconsOld\FBDB.tmp
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\JumpListIconsOld\FBDC.tmp
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_aghkjmggeafjglfpdaeefaploljaljno_0.localstorage-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_aghkjmggeafjglfpdaeefaploljaljno_0.localstorage
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_hdgdpmpallofembldhflnlkcfappghhc_0.localstorage-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_hdgdpmpallofembldhflnlkcfappghhc_0.localstorage
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_hjakmojkcnhgipgkkbiempkfdndcnlah_0.localstorage-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_hjakmojkcnhgipgkkbiempkfdndcnlah_0.localstorage
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_pfmopbbadnfoelckkcmjjeaaegjpjjbk_0.localstorage-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_pfmopbbadnfoelckkcmjjeaaegjpjjbk_0.localstorage
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome_newtab_0.localstorage-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome_newtab_0.localstorage
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\http_www.uc123.com_0.localstorage-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Local Storage\http_www.uc123.com_0.localstorage
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\MobileAgentDB-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\MobileAgentDB
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Network Action Predictor-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Network Action Predictor
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Origin Bound Certs-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Origin Bound Certs
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Preferences
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Top Sites-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Top Sites
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\UC Login Data-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\UC Login Data
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\User StyleSheets\Custom.css
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Visited Links
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Web Data-journal
c:\users\SAM\AppData\Local\UCBrowser\User Data\Default\Web Data
c:\users\SAM\AppData\Local\UCBrowser\User Data\First Run
c:\users\SAM\AppData\Local\UCBrowser\User Data\Local State
c:\users\SAM\AppData\Roaming\360mobilemgr
c:\users\SAM\AppData\Roaming\360mobilemgr\cache\1406806859.tmp
c:\windows\360sd_7654_9514.exe
c:\windows\system32\bd64_x64.dll
c:\windows\system32\bd64_x86.dll
c:\windows\system32\drivers\360AntiHacker64.sys
c:\windows\system32\drivers\360Box64.sys
c:\windows\system32\drivers\360Camera64.sys
c:\windows\system32\drivers\360FsFlt.sys
c:\windows\system32\drivers\360Hvm64.sys
c:\windows\system32\drivers\360LanProtect.sys
c:\windows\system32\drivers\360netmon.sys
c:\windows\system32\drivers\BAPIDRV64.SYS
c:\windows\system32\drivers\bd0001.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\bd0003.sys
c:\windows\system32\drivers\bd0004.sys
c:\windows\system32\drivers\BDArKit.sys
c:\windows\system32\drivers\BDMNetMon.sys
c:\windows\SysWow64\360SoftMgr.cpl
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0003
-------\Legacy_BD0004
-------\Service_bd0003
-------\Service_bd0004
-------\Service_ZhuDongFangYu
.
.
((((((((((((((((((((((((( Files Created from 2014-06-28 to 2014-07-31 )))))))))))))))))))))))))))))))
.
.
2014-07-31 18:09 . 2014-07-31 18:09 -------- d-----w- c:\users\Администратор\AppData\Local\temp
2014-07-31 18:09 . 2014-07-31 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-31 11:56 . 2014-07-31 16:46 -------- d-----w- c:\users\SAM\AppData\Local\Adobe
2014-07-31 11:56 . 2014-07-31 11:56 -------- d-----w- c:\program files\Common Files\Adobe
2014-07-31 10:37 . 2014-07-31 10:37 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2014-07-31 10:37 . 2014-07-31 10:37 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2014-07-31 10:36 . 2014-07-31 10:37 -------- d-----w- c:\users\SAM\AppData\Roaming\DVDVideoSoft
2014-07-29 08:28 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0E5D33F-F7FB-46CC-BE41-B2C3DA8A0EBE}\mpengine.dll
2014-07-23 21:16 . 2014-07-31 13:14 13312 ----a-w- c:\windows\SysWow64\drivers\vdi1nzgy.sys
2014-07-23 10:10 . 2010-08-30 04:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-23 10:10 . 2014-07-23 10:41 -------- d-----w- C:\AdwCleaner
2014-07-23 07:41 . 2014-07-23 07:41 -------- d-----w- c:\windows\Sun
2014-07-21 07:52 . 2014-07-21 08:15 -------- d-----w- c:\users\SAM\Doctor Web
2014-07-20 17:41 . 2014-07-20 17:41 -------- d-----w- c:\users\SAM\AppData\Roaming\ahelper
2014-07-17 08:20 . 2014-07-17 08:20 -------- d-----w- c:\windows\system32\log
2014-07-16 08:44 . 2014-07-16 08:44 -------- d-----w- c:\program files (x86)\Common Files\GSInput
2014-07-16 08:38 . 2014-07-16 08:38 -------- d-----w- c:\program files (x86)\GSInput
2014-07-15 13:29 . 2014-07-15 13:29 -------- d-----w- C:\163656fd62ebddf639992a8ea72e5e
2014-07-13 23:25 . 2014-07-31 16:17 -------- d-----w- c:\users\Default\AppData\Local\defend
2014-07-13 16:27 . 2014-07-13 16:27 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-11 15:17 . 2014-07-11 15:17 90112 ----a-w- c:\windows\SysWow64\wemote.dll
2014-07-10 23:09 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-07-10 19:50 . 2014-07-10 19:50 -------- d-----w- c:\users\SAM\AppData\Local\CounterPath Corporation
2014-07-10 19:46 . 2014-07-10 19:46 -------- d-----w- c:\programdata\Package Cache
2014-07-10 15:23 . 2014-07-10 19:49 -------- d-----w- c:\users\SAM\AppData\Local\CounterPath
2014-07-10 15:22 . 2014-07-10 19:48 -------- d-----w- c:\program files (x86)\CounterPath
2014-07-09 14:38 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 14:38 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 14:38 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-07 06:32 . 2014-07-07 06:32 -------- d-----w- c:\programdata\Taxcom
2014-07-03 11:57 . 2014-07-31 11:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-13 16:27 . 2012-04-22 07:57 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-13 16:27 . 2012-02-17 03:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 23:10 . 2012-01-12 19:55 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-20 09:06 . 2012-11-23 08:55 628320 ----a-w- c:\windows\system32\drivers\klif.sys
2014-05-20 09:06 . 2012-11-23 08:55 91008 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-05-09 06:14 . 2014-05-14 09:49 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 09:49 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 09:25 1730264 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 09:25 1730264 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 09:25 1730264 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-13 05:57 463360 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-13 05:57 463360 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-13 05:57 463360 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_MegaFon | Modem"="c:\program files (x86)\MegaFon Modem\UpdateDog\ouc.exe" [2012-08-13 218624]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"SyncManPath"="c:\users\SAM\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" [2013-10-15 21372192]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-06-27 24477056]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21440640]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"X-Lite"="c:\program files (x86)\CounterPath\X-Lite\X-Lite.exe" [2014-07-07 4978016]
"DVSSkypeRecorder"="c:\program files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe" [2014-07-16 1013928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2011-06-20 26624]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2011-05-26 2104456]
"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 10\MMReminderService.exe" [2011-09-14 37728]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-21 343168]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-10 356128]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2011-08-02 46952]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2011-08-02 30568]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2013-03-22 4522496]
.
c:\users\SAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MEGAsync.lnk - c:\users\SAM\AppData\Local\MEGAsync\MEGAsync.exe [2014-4-18 3835392]
Punto Switcher.lnk - c:\program files (x86)\Yandex\Punto Switcher\punto.exe [2013-7-9 1570640]
Отправка в OneNote.lnk - c:\program files\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2014-6-10 222384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Change Settings.LNK - c:\program files (x86)\ZyXEL\OMNI ADSL USB Wizard\Setup.exe -c [2013-3-15 5099520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 wdigest tspkg pku2u livessp cpssl
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 vdi1nzgy;AVZ-BC Kernel Driver;c:\windows\system32\Drivers\vdi1nzgy.sys;c:\windows\SYSNATIVE\Drivers\vdi1nzgy.sys [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MegaFon Modem. RunOuc;MegaFon Modem. OUC;c:\program files (x86)\MegaFon Modem\UpdateDog\ouc.exe;c:\program files (x86)\MegaFon Modem\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 2GISUpdateService;2GIS UpdateService;c:\program files (x86)\2gis\3.0\2GISUpdateService.exe;c:\program files (x86)\2gis\3.0\2GISUpdateService.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 WatAdminSvc;Служба технологий активации Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Поддержка сканирования WSD через UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 BDMNetMon;BDMNetMon;c:\windows\system32\DRIVERS\BDMNetMon.sys;c:\windows\SYSNATIVE\DRIVERS\BDMNetMon.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 CProCtrl;КриптоПро CSP драйвер;c:\windows\system32\DRIVERS\CProCtrl.sys;c:\windows\SYSNATIVE\DRIVERS\CProCtrl.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 BotkindSyncService;Botkind Service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cpcsp1;КриптоПро CSP KC1;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DMAgent;Служба управления устройствами Intel® PROSet/Wireless WiMAX Red Bend;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe;c:\program files\TrueSuite\TrueSuite.Service.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 KMSEmulator;KMS Server Service;c:\users\All Users\KMSAuto\KMSES.exe 1688 55041-01849-662-662235-03-1049-9200.0000-1692012 KillProcessOnPort;c:\users\All Users\KMSAuto\KMSES.exe 1688 55041-01849-662-662235-03-1049-9200.0000-1692012 KillProcessOnPort [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 WiMAXAppSrv;Служба Intel® PROSet/Wireless WiMAX;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S2 Yota Access Service;Yota Access Service;C:/Program Files/Yota/Yota Access/YotaAccessService.exe;C:/Program Files/Yota/Yota Access/YotaAccessService.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel(R) Centrino(R) WiMAX серии 6050;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;Функциональный драйвер адаптера Intel(R) Centrino(R) WiMAX серии 6050;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Аудио Intel(R) для дисплеев;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2011-09-14 08:52 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-18 16:27]
.
2014-07-31 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-15 08:02]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 10:48]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 10:48]
.
2014-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027461091-669919136-238473217-1000Core.job
- c:\users\SAM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 17:41]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027461091-669919136-238473217-1000UA.job
- c:\users\SAM\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 17:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 09:21 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 09:21 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 09:21 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-13 05:57 470016 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-13 05:57 470016 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-13 05:57 470016 ----a-w- c:\users\SAM\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase0Sync]
@="{63D48440-63AB-44D0-B323-4731DFCDE9E9}"
[HKEY_CLASSES_ROOT\CLSID\{63D48440-63AB-44D0-B323-4731DFCDE9E9}]
2013-09-23 12:26 1295648 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase1Modified]
@="{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}"
[HKEY_CLASSES_ROOT\CLSID\{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}]
2013-09-23 12:26 1295648 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase2Error]
@="{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}"
[HKEY_CLASSES_ROOT\CLSID\{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}]
2013-09-23 12:26 1295648 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase3Shared]
@="{AF8D197E-7022-4c3d-BD88-68AD35C9C169}"
[HKEY_CLASSES_ROOT\CLSID\{AF8D197E-7022-4c3d-BD88-68AD35C9C169}]
2013-09-23 12:26 1295648 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\360UDiskGuard Icon Overlay]
@="{CC00F81D-5262-450A-B1FA-D6BEE3406263}"
[HKEY_CLASSES_ROOT\CLSID\{CC00F81D-5262-450A-B1FA-D6BEE3406263}]
c:\program files (x86)\360\360Safe\safemon\360UDiskGuard64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\SAM\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 10:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-23 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-02-23 2179688]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-02-13 421192]
"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2011-02-13 308040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-25 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-25 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-25 417088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://online.taxcom.ru/
uDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
IE:
IE: &Отправить в OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Send Image To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
IE: Добавить к существующему PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Добавить содержимое по ссылке в существующий файл PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Преобразовать содержимое по ссылке в PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
Trusted Zone: taxcom.ru
Trusted Zone: taxcom.ru\online
TCP: DhcpNameServer = 213.240.240.3
TCP: Interfaces\{A7AEC8EB-FC04-40C3-B433-8D540C8EE311}: DhcpNameServer = 213.240.240.3
TCP: Interfaces\{BF9822D2-3E62-44CF-81F0-E4AC6C472E22}: NameServer = 10.77.48.49 10.77.48.33
TCP: Interfaces\{C26690E7-7B1C-4926-A6FD-86929F64A990}: NameServer = 10.77.48.33 10.77.48.49
TCP: Interfaces\{FD3F351D-E59D-4FB9-89D8-6D26E4C1401B}: NameServer = 10.77.48.49 10.77.48.33
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: Taxcom CryptoAX Setup - hxxps://online.taxcom.ru/common/cab/TaxcomCryptoAX.CAB
FF - ProfilePath - c:\users\SAM\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: !HIDDEN! 2012-02-22 08:32; [email][email protected][/email]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-360???? - c:\program files (x86)\360\360Safe\uninst.exe
AddRemove-UC??? - c:\program files (x86)\UCBrowser\Uninstall.exe
AddRemove-WYSIWYG_Web_Builder_8 - c:\windows\iun6002.exe
AddRemove-{25175695-4B20-4298-9F34-C2C57CD277B3} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-{C0357E79-BAED-48F4-8AFE-A5E71AFC2658} - c:\program files (x86)\InstallShield Installation Information\{C0357E79-BAED-48F4-8AFE-A5E71AFC2658}\setup.exe
AddRemove-{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-???? - c:\program files (x86)\Baidu\BaiduAn\2.1.0.1154\uninst.exe
AddRemove-???? - c:\program files (x86)\Baidu\BaiduSd\1.8.0.1196\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="UCHTML"
.
[HKEY_USERS\S-1-5-21-2027461091-669919136-238473217-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7765523-6C39-39E6-EBFC-1B26933F4DC5}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\U*C*OmȉhV]
"DisplayIcon"="c:\\Program Files (x86)\\UCBrowser\\UCBrowser.exe"
"DisplayName"="UC???"
"DisplayVersion"="1.0.739.0"
"Publisher"="????????"
"UninstallString"="\"c:\\Program Files (x86)\\UCBrowser\\Uninstall.exe\" \" -Registry \""
"EstimatedSize"=dword:0001f728
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Allway Sync\Bin\SyncService.exe
c:\windows\system32\hasplms.exe
c:\users\All Users\KMSAuto\KMSES.exe
c:\windows\system32\srvany.exe
c:\programdata\OnlineUpdate\ouc.exe
c:\mysql5\bin\mysqld.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
.
**************************************************************************
.
Completion time: 2014-08-01 00:05:43 - machine was rebooted
ComboFix-quarantined-files.txt 2014-07-31 20:05
ComboFix2.txt 2014-07-31 16:09
.
Pre-Run: 22*602*080*256 байт свободно
Post-Run: 21*608*333*312 байт свободно
.
- - End Of File - - 386A413528EA3F8355D7AF70DBBAABF7
[/spoiler]

Скопируйте текст ниже в Блокнот и [COLOR="#0000CD"]сохраните[/COLOR] как файл с названием [B]CFScript.txt[/B] [COLOR="#0000CD"][B]в корень диска С. [/B][/COLOR]
[code]
KillAll::

File::

Driver::

Folder::

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Uninstall\U*C*OmȉhV]

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Uninstall\U*C*OmȉhV]

RegLockDel::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Uninstall\U*C*OmȉhV]

FileLook::
c:\windows\system32\browserchoice.exe

DirLook::
c:\users\SAM\AppData\Roaming\ahelper
c:\program files (x86)\GSInput

Reboot::
[/code]
После сохранения переместите [B]CFScript.txt[/B] на пиктограмму ComboFix.exe.
[IMG]http://savepic.org/5315621m.gif[/IMG]
Когда сохранится новый отчет [B]ComboFix.txt[/B], прикрепите его к сообщению.