Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:43:50, on 12.01.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
C:\Users\1\AppData\Roaming\cppredistx86.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
C:\Users\1\AppData\Roaming\ssleas.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Temp\Temp2_setup.zip\setup.exe
C:\Users\1\AppData\Local\Temp\Temp2_setup.zip\setup.exe
C:\Users\1\Desktop\setup.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\1\AppData\Local\Temp\P31r1uxNkiXJ.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://yandex.ru/?clid=2101081
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yandex.ru/yandsearch?clid=2101082&text={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://yandex.ru/?clid=2101081
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://yandex.ru/yandsearch?clid=2101082&text={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yandex.ru/?clid=2101081
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://webalta.ru/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 195.88.208.10 ru-minecraft.ru
O1 - Hosts: 195.88.208.11 minezone.pro
O1 - Hosts: 195.88.208.10 minecraft-official.ru
O1 - Hosts: 195.88.208.11 minecrraft.ru
O1 - Hosts: 195.88.208.10 minecraft.ru
O1 - Hosts: 195.88.208.11 minecraftlive.net
O1 - Hosts: 195.88.208.10 minecrafterov.net
O1 - Hosts: 195.88.208.11 minecraft.diablo1.ru
O1 - Hosts: 195.88.208.10 about-minecraft.com
O1 - Hosts: 195.88.208.11 minecraftoru.ru
O1 - Hosts: 195.88.208.10 downloadmods.ru
O1 - Hosts: 195.88.208.11 minecraft-best-game.ru
O1 - Hosts: 195.88.208.10 minecraft-zone.ru
O1 - Hosts: 195.88.208.11 minecraft-zone.su
O1 - Hosts: 195.88.208.10 ust-minecraft.ru
O1 - Hosts: 195.88.208.11 minecraft-video.ru
O1 - Hosts: 195.88.208.10 mainecraft.ru
O1 - Hosts: 195.88.208.11 minecraftink.ru
O1 - Hosts: 195.88.208.10 minecraftclient.ru
O1 - Hosts: 195.88.208.11 entercraft.ru
O1 - Hosts: 195.88.208.10 minecraft-s.ru
O1 - Hosts: 195.88.208.11 minecrafting.ru
O1 - Hosts: 195.88.208.10 minecraft-m.ru
O1 - Hosts: 195.88.208.11 minecraftplanet.ru
O1 - Hosts: 195.88.208.10 minecraft4me.com
O1 - Hosts: 195.88.208.11 base-minecraft.ru
O1 - Hosts: 195.88.208.10 world-minecraft.pp.ua
O1 - Hosts: 195.88.208.11 mine-craft.ws
O1 - Hosts: 195.88.208.10 all-mods.ru
O1 - Hosts: 195.88.208.11 minecraft.my1.ru
O1 - Hosts: 195.88.208.10 q-craft.ru
O1 - Hosts: 195.88.208.11 minecrafteram.ru
O1 - Hosts: 195.88.208.10 mir-craft.com
O1 - Hosts: 195.88.208.11 o-minecraft.ru
O1 - Hosts: 195.88.208.10 minecraft-cheat.ru
O1 - Hosts: 195.88.208.11 minecraftcheat.ru
O1 - Hosts: 195.88.208.10 minecraft-guru.ru
O1 - Hosts: 195.88.208.11 minecraft-365.ru
O1 - Hosts: 195.88.208.10 minecft.ru
O1 - Hosts: 195.88.208.11 minecraft-cheats.ru
O1 - Hosts: 195.88.208.10 xn--1-8sba9afjjztt.xn--p1ai
O1 - Hosts: 195.88.208.11 voiceminecraft.ru
O1 - Hosts: 195.88.208.10 1minecrafter.ru
O1 - Hosts: 195.88.208.11 minecraft15.info
O1 - Hosts: 195.88.208.10 isminecrafting.ru
O1 - Hosts: 195.88.208.11 igra-minecraft.pp.ua
O1 - Hosts: 195.88.208.10 onminecraft.ru
O1 - Hosts: 195.88.208.11 crafthero.net
O1 - Hosts: 195.88.208.10 minefan.ru
O1 - Hosts: 195.88.208.11 minecraftonly.ru
O1 - Hosts: 195.88.208.10 minepage.ru
O1 - Hosts: 195.88.208.11 minecraft-ua.ru
O1 - Hosts: 195.88.208.10 minecraft-skins.ru
O1 - Hosts: 195.88.208.11 minecraftskins.com
O1 - Hosts: 195.88.208.10 mineskin.tom.ru
O1 - Hosts: 195.88.208.11 minecraft-pro.net
O1 - Hosts: 195.88.208.10 minecraft-fox.ru
O1 - Hosts: 195.88.208.11 mineskins.ru
O1 - Hosts: 195.88.208.10 skincraft.ru
O1 - Hosts: 195.88.208.11 wikikraft.ru
O1 - Hosts: 195.88.208.10 minecraft-loads.ru
O1 - Hosts: 195.88.208.11 minecraft-modification.ru
O1 - Hosts: 195.88.208.10 minecraft-build.ru
O1 - Hosts: 195.88.208.11 minecrafte.ru
O1 - Hosts: 195.88.208.10 exe-craft.ru
O1 - Hosts: 195.88.208.11 minecraft-all-news.ru
O1 - Hosts: 195.88.208.10 wg-minecraft.ru
O1 - Hosts: 195.88.208.11 1minecraftmods.ru
O1 - Hosts: 195.88.208.10 minecraft-box.ru
O1 - Hosts: 195.88.208.11 atminecraft.ru
O1 - Hosts: 195.88.208.10 minecraftreal.ru
O1 - Hosts: 195.88.208.11 minecraft-go.ru
O1 - Hosts: 195.88.208.10 mc-zone.ru
O1 - Hosts: 195.88.208.11 minecraftsteve.ru
O1 - Hosts: 195.88.208.10 servminecraft.ru
O1 - Hosts: 195.88.208.11 voiceminecraft.ru
O1 - Hosts: 195.88.208.10 minecraftsite.ru
O1 - Hosts: 195.88.208.11 m1necraft.ru
O1 - Hosts: 195.88.208.10 mine.locb.su
O1 - Hosts: 195.88.208.11 games-craft.ru
O1 - Hosts: 195.88.208.10 minecraft-cafe.ru
O1 - Hosts: 195.88.208.11 dominecraft.ru
O1 - Hosts: 195.88.208.10 minecraft-box.ru
O1 - Hosts: 195.88.208.11 you-mc.ru
O1 - Hosts: 195.88.208.10 leprecon.by
O1 - Hosts: 195.88.208.11 minecraft.by
O1 - Hosts: 195.88.208.10 mmods.net
O1 - Hosts: 195.88.208.11 9minecraft.net
O1 - Hosts: 195.88.208.10 forminecraft.ru
O1 - Hosts: 195.88.208.11 craftland.com.ua
O1 - Hosts: 195.88.208.10 mineview.ru
O1 - Hosts: 195.88.208.11 mine-news.ru
O1 - Hosts: 195.88.208.10 minecraft-house.ru
O1 - Hosts: 195.88.208.11 minecraftdl.com
O1 - Hosts: 195.88.208.10 minecraft7.ru
O1 - Hosts: 195.88.208.11 minecraftdl.su
O1 - Hosts: 195.88.208.10 forminecrafters.ru
O1 - Hosts: 195.88.208.11 modsforminecraft.ru
O1 - Hosts: 195.88.208.10 forum-minecraft.ru
O1 - Hosts: 195.88.208.11 s-pro-minecraft.ru
O1 - Hosts: 195.88.208.10 sanboxs.ru
O2 - BHO: (no name) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - (no file)
O2 - BHO: (no name) - {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} - (no file)
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [Client Server Runtime Subsystem] "C:\Users\1\AppData\Local\Temp\59AA.tmp"
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_MegaFon | Modem] "C:\Program Files (x86)\MegaFon Modem\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [reg_svr] "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\1\AppData\Roaming\gleam\nvm.dll"
O4 - HKCU\..\Run: [Microsoft Visual C++ 2010] C:\Users\1\AppData\Roaming\cppredistx86.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: ddzmkFWODfsJastTcIamfUB1te9oVpN5PwbFF2vsMg0=.xtbl
O8 - Extra context menu item: &Отправить в OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O17 - HKLM\System\CCS\Services\Tcpip\..\{00AB1E2D-0DC0-410A-A4F7-0B5EA3B4CBD3}: NameServer = 10.163.182.9 10.163.182.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{426639C4-2F20-41D9-8515-004251D949D8}: NameServer = 10.163.182.8 10.163.182.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{52A98D46-A280-480B-8C52-B6645E898B13}: NameServer = 10.163.182.8 10.163.182.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{71AE7F15-0A16-4F9C-90D5-3EEE4CECAC29}: NameServer = 10.163.182.9 10.163.182.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E31B90B-F273-45F4-94D4-9B160C080521}: NameServer = 10.163.182.8 10.163.182.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC12828E-427C-4528-A8B8-28B6853268E7}: NameServer = 10.163.182.10 10.163.182.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{00AB1E2D-0DC0-410A-A4F7-0B5EA3B4CBD3}: NameServer = 10.163.182.9 10.163.182.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{00AB1E2D-0DC0-410A-A4F7-0B5EA3B4CBD3}: NameServer = 10.163.182.9 10.163.182.8
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Служба Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MegaFon Modem. OUC (MegaFon Modem. RunOuc) - Unknown owner - C:\Program Files (x86)\MegaFon Modem\UpdateDog\ouc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Overwolf LTD - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service2 - Unknown owner - C:\Windows\System32\SUPDSvc2.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14960 bytes
Скрыть