Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:31:38, on 02.02.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0
(11.00.9600.17937)
FIREFOX: 43.0.4 (x86 ru)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\AI Suite II
\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+
VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II
\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS
Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS
Mobilink\Simulator\EC Simulator.exe
C:\Program Files (x86)\NVIDIA Corporation
\Update Core\NvBackend.exe
C:\Users\игорь\AppData\Local
\MediaGet2\mediaget.exe
C:\Users\игорь\AppData\Local\Mail.Ru
\MailRuUpdater.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU
\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI
Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II
\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Common Files\Java\Java
Update\jusched.exe
C:\Program Files (x86)\4G Hostless Modem
\USB-modem Beeline\CheckNDISPort_df.exe
C:\Program Files (x86)\4G Hostless Modem
\USB-modem Beeline\CancelAutoPlay_df.exe
C:\Program Files (x86)\Common Files\Adobe
\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Total Commander
\Totalcmd.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Windows Media Player
\wmplayer.exe
C:\Users\игорь\Downloads\KVRT.exe
C:\Users\игорь\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome
\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome
\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome
\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome
\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome
\Application\chrome.exe
D:\Пароли\avz4\avz.exe
C:\Program Files (x86)\Google\Chrome
\Application\chrome.exe
C:\Users\игорь\Downloads\HijackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://yamdex.net/?zm
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://yamdex.net/?
searchid=1&l10n=ru&fromsearch=1&imsid=a8fe956
1d7f251063bdfc714c558bd2e&text={searchTerms}
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://yamdex.net/?
searchid=1&l10n=ru&fromsearch=1&imsid=a8fe956
1d7f251063bdfc714c558bd2e&text={searchTerms}
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.apeha.ru
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/p/?
LinkId=255141
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page = about
:newtab
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://yamdex.net/?
searchid=1&l10n=ru&fromsearch=1&imsid=a8fe956
1d7f251063bdfc714c558bd2e&text=
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
http://yamdex.net/?
searchid=1&l10n=ru&fromsearch=1&imsid=a8fe956
1d7f251063bdfc714c558bd2e&text=
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows
\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0633EE93-
D776-472f-A0FF-E1416B8B2E3D} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: (no name) - {00e71626-0bef-11dc-
8314-0800200c9a66} - (no file)
O2 - BHO: Weatherbar - {17177FAA-3830-43D3-
A70B-FDE532676B1E} - (no file)
O2 - BHO: advPlugin - {1FE48F08-A2AC-44AC-
A21C-0556D91C50DA} - (no file)
O2 - BHO: VK Downloader - {3C6CF3C0-D800-
4B4D-A3D8-8ADE406523B6} - (no file)
O2 - BHO: costmin - {4BC4CBE1-2827-2107-E4B3
-2DA00A936E70} - (no file)
O2 - BHO: (no name) - {51420F88-4D4A-4042-
9509-8D4E1307910E} - (no file)
O2 - BHO: VKSmile - {5E37FEF9-EC6F-484F-98E3
-04B1A5B3D6EA} - (no file)
O2 - BHO: I Like It Extension - {5F50F845-
0528-401D-85D5-999E20B13DF5} - (no file)
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:
\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
\Program Files (x86)\Java\jre1.8.0_51\bin
\ssv.dll
O2 - BHO: WebBars - {79E1CFFB-E2E0-436C-
B82A-9902BBEA6391} - (no file)
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-
8601-11AC1FDF8126} - C:\Program Files
(x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-
4ED4-8F7B-F1F7851A4497} - C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer
\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21
-4959-BA22-42B3008E02FF} - C:
\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Hotspot Shield - {c95a4e8e-816d-
4655-8c79-d736da1adb6d} - (no file)
O2 - BHO: (no name) - {D5FEC983-01DB-414a-
9456-AF95AC9ED7B5} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:
\Program Files (x86)\Java\jre1.8.0_51\bin
\jp2ssv.dll
O3 - Toolbar: (no name) - {c95a4e8e-816d-
4655-8c79-d736da1adb6d} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:
\Program Files (x86)\Common Files\Java\Java
Update\jusched.exe"
O4 - HKLM\..\Run: [CheckNDISPortF0acAB] C:
\Program Files (x86)\4G Hostless Modem\USB-
modem Beeline\CheckNDISPort_df.exe
O4 - HKLM\..\Run: [CancelAutoPlay_df] "C:
\Program Files (x86)\4G Hostless Modem\USB-
modem Beeline\CancelAutoPlay_df.exe" run
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program
Files (x86)\Common Files\Adobe\ARM
\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [{D744D1DF-2199-4AB9-
BC41-C6A04F23930A}] cmd.exe /C start /D "C:
\Users\6D9F~1\AppData\Local\Temp" /B
{D744D1DF-2199-4AB9-BC41-C6A04F23930A}.cmd
O4 - HKCU\..\Run: [MediaGet2] C:\Users\игорь
\AppData\Local\MediaGet2\mediaget.exe --
minimized
O4 - HKCU\..\Run: [MailRuUpdater] C:\Users
\игорь\AppData\Local\Mail.Ru
\MailRuUpdater.exe
O4 - HKCU\..\Run: [VkontakteDJ] C:\Program
Files\VkontakteDJ\VKontakteDJ.exe /H
O4 - HKCU\..\Run: [GameCenterMailRu] "C:
\Users\игорь\AppData\Local\Mail.Ru
\GameCenter\
[email protected]" -
autostart
O4 - HKCU\..\Run: [EADM] "D:\Origin
\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [AlcoholAutomount] "C:
\Program Files (x86)\Alcohol Soft\Alcohol
120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar]
%ProgramFiles%\Windows Sidebar\Sidebar.exe
/autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:
\Windows\System32\mctadmin.exe (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar]
%ProgramFiles%\Windows Sidebar\Sidebar.exe
/autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:
\Windows\System32\mctadmin.exe (User 'NETWORK
SERVICE')
O4 - Global Startup: McAfee Security Scan
Plus.lnk = C:\Program Files\McAfee Security
Scan\3.11.266\SSScheduler.exe
O8 - Extra context menu item: &Экспорт в
Microsoft Excel - res://C:
\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {7815BE26-
237D-41A8-A98F-F7BD75F71086} - C:\Program
Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by
Bluetooth to - {7815BE26-237D-41A8-A98F-
F7BD75F71086} - C:\Program Files
(x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Currency Converter -
{7CE987D5-11B3-44FC-9C3D-03069360D462} - (no
file)
O9 - Extra button: Skype Click to Call
settings - {898EA8C8-E7FF-479B-8935-
AEC46303B9E5} - C:\Program Files (x86)\Skype
\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {8DAE90AD-
4583-4977-9DD4-4360F7A45C74} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS]
Accelerated graphics
O13 - DefaultPrefix:
http://yamdex.net/?
searchid=1&l10n=ru&fromsearch=1&imsid=a8fe956
1d7f251063bdfc714c558bd2e&text=
O17 - HKLM\System\CCS\Services\Tcpip\..
\{8D8EE518-AA0D-4048-94E6-A396E3BC0CD7}:
NameServer = 188.162.1.74 94.25.128.74
O18 - Protocol: skypec2c - {91774881-D725-
4E58-B298-07617B9B86A8} - C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer
\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-
5146-11D5-A672-00B0D022E945} - C:\Program
Files (x86)\Common Files\Microsoft Shared
\OFFICE14\MSOXMLMF.DLL
O23 - Service: 3G Wi-Fi Beeline - Unknown
owner - C:\ProgramData\MobileBrServ
\mbbservice.exe
O23 - Service: Adobe Acrobat Update Service
(AdobeARMservice) - Adobe Systems
Incorporated - C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update
Service (AdobeFlashPlayerUpdateSvc) - Adobe
Systems Incorporated - C:\Windows
\SysWOW64\Macromed\Flash
\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%
\system32\Alg.exe,-112 (ALG) - Unknown owner
- C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service -
Apple Inc. - C:\Program Files\Common Files
\Apple\Mobile Device Support
\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) -
Unknown owner - C:\Program Files (x86)\ASUS
\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASDR - Unknown owner - C:
\Windows\SysWOW64\ASDR.exe
O23 - Service: ASUS HM Com Service
(asHmComSvc) - Unknown owner - C:\Program
Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service
(AsSysCtrlService) - Unknown owner - C:
\Program Files (x86)\ASUS\AsSysCtrlService
\1.00.11\AsSysCtrlService.exe
O23 - Service: AtherosSvc - Atheros
Commnucations - C:\Program Files
(x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATK Fast User Switch Service
(ATKFUSService) - Unknown owner - C:\Windows
\system32\ATKFUSService.exe (file missing)
O23 - Service: Alcohol Virtual Drive Auto-
mount Service (AxAutoMntSrv) - Alcohol Soft
Development Team - C:\Program Files
(x86)\Alcohol Soft\Alcohol
120\AxAutoMntSrv.exe
O23 - Service: Служба Bonjour (Bonjour
Service) - Apple Inc. - C:\Program Files
\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Log Rotator Service
(BstHdLogRotatorSvc) - BlueStack Systems,
Inc. - C:\Program Files (x86)\BlueStacks\HD-
LogRotatorService.exe
O23 - Service: BlueStacks Updater Service
(BstHdUpdaterSvc) - BlueStack Systems, Inc. -
C:\Program Files (x86)\BlueStacks\HD-
UpdaterService.exe
O23 - Service: Microsoft .NET Framework NGEN
v1.0 (clr_optimization_v1.0) - Unknown owner
- C:\Users\игорь\AppData\Roaming\nssm.exe
O23 - Service: @%SystemRoot%
\system32\efssvc.dll,-100 (EFS) - Unknown
owner - C:\Windows\System32\lsass.exe (file
missing)
O23 - Service: ESET Service (ekrn) - ESET -
C:\Program Files\ESET\ESET Smart Security
\x86\ekrn.exe
O23 - Service: @%systemroot%
\system32\fxsresm.dll,-118 (Fax) - Unknown
owner - C:\Windows\system32\fxssvc.exe (file
missing)
O23 - Service: NVIDIA GeForce Experience
Service (GfExperienceService) - NVIDIA
Corporation - C:\Program Files\NVIDIA
Corporation\GeForce Experience Service
\GfExperienceService.exe
O23 - Service: Служба Google Update (gupdate)
(gupdate) - Google Inc. - C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Служба Google Update
(gupdatem) (gupdatem) - Google Inc. - C:
\Program Files (x86)\Google\Update
\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe -
Unknown owner - C:\ProgramData
\DatacardService\HWDeviceService64.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation - C:
\Program Files (x86)\Common Files
\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: @%SystemRoot%
\system32\ieetwcollectorres.dll,-1000
(IEEtwCollectorService) - Unknown owner - C:
\Windows\system32\IEEtwCollector.exe (file
missing)
O23 - Service: Сервис iPod (iPod Service) -
Apple Inc. - C:\Program Files\iPod\bin
\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) -
Unknown owner - C:\Windows\system32\lsass.exe
(file missing)
O23 - Service: KMService - Unknown owner -
C:\Windows\system32\srvany.exe
O23 - Service: McAfee Security Scan Component
Host Service (McComponentHostService) -
McAfee, Inc. - C:\Program Files\McAfee
Security Scan\3.11.266\McCHSvc.exe
O23 - Service: MegaFon Modem. OUC (MegaFon
Modem. RunOuc) - Unknown owner - D:\MegaFon
Modem\UpdateDog\ouc.exe (file missing)
O23 - Service: MobileService - Unknown owner
- C:\Program Files (x86)\Beeline
\MobileService.exe
O23 - Service: Mozilla Maintenance Service
(MozillaMaintenance) - Mozilla Foundation -
C:\Program Files (x86)\Mozilla Maintenance
Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) -
Unknown owner - C:\Windows\System32\msdtc.exe
(file missing)
O23 - Service: @%SystemRoot%
\System32\netlogon.dll,-102 (Netlogon) -
Unknown owner - C:\Windows\system32\lsass.exe
(file missing)
O23 - Service: NVIDIA Network Service
(NvNetworkService) - NVIDIA Corporation - C:
\Program Files (x86)\NVIDIA Corporation
\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network
Service (NvStreamNetworkSvc) - NVIDIA
Corporation - C:\Program Files\NVIDIA
Corporation\NvStreamSrv
\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service
(NvStreamSvc) - NVIDIA Corporation - C:
\Program Files\NVIDIA Corporation
\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service
(NVSvc) - Unknown owner - C:\Windows
\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%
\system32\psbase.dll,-300 (ProtectedStorage)
- Unknown owner - C:\Windows
\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%
\system32\Locator.exe,-2 (RpcLocator) -
Unknown owner - C:\Windows
\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%
\system32\samsrv.dll,-1 (SamSs) - Unknown
owner - C:\Windows\system32\lsass.exe (file
missing)
O23 - Service: FrontLine Drivers Auto Removal
(v2) (sfrem02) - Unknown owner - C:\Windows
\system32\sfrem02.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) -
Skype Technologies - C:\Program Files
(x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%
\system32\snmptrap.exe,-3 (SNMPTRAP) -
Unknown owner - C:\Windows
\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%
\system32\spoolsv.exe,-1 (Spooler) - Unknown
owner - C:\Windows\System32\spoolsv.exe (file
missing)
O23 - Service: @%SystemRoot%
\system32\sppsvc.exe,-101 (sppsvc) - Unknown
owner - C:\Windows\system32\sppsvc.exe (file
missing)
O23 - Service: StarWind AE Service
(StarWindServiceAE) - StarWind Software - C:
\Program Files (x86)\Alcohol Soft\Alcohol
120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver
Service (Stereo Service) - NVIDIA Corporation
- C:\Program Files (x86)\NVIDIA Corporation
\3D Vision\nvSCPAPISvr.exe
O23 - Service: Updater.Mail.Ru - Mail.Ru -
C:\Program Files (x86)\Mail.Ru\MailRuUpdater
\MailRuUpdater.exe
O23 - Service: @%SystemRoot%
\system32\vaultsvc.dll,-1003 (VaultSvc) -
Unknown owner - C:\Windows\system32\lsass.exe
(file missing)
O23 - Service: @%SystemRoot%
\system32\vds.exe,-100 (vds) - Unknown owner
- C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%
\system32\vssvc.exe,-102 (VSS) - Unknown
owner - C:\Windows\system32\vssvc.exe (file
missing)
O23 - Service: @%SystemRoot%\system32\Wat
\WatUX.exe,-601 (WatAdminSvc) - Unknown owner
- C:\Windows\system32\Wat\WatAdminSvc.exe
(file missing)
O23 - Service: @%systemroot%
\system32\wbengine.exe,-104 (wbengine) -
Unknown owner - C:\Windows
\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem
\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner
- C:\Windows\system32\wbem\WmiApSrv.exe (file
missing)
O23 - Service: @%PROGRAMFILES%\Windows Media
Player\wmpnetwk.exe,-101 (WMPNetworkSvc) -
Unknown owner - C:\Program Files
(x86)\Windows Media Player\wmpnetwk.exe (file
missing)
--
End of file - 15801 bytes
Скрыть