Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Two issues


  • Please log in to reply

#1
Nemisa

Nemisa

    New Member

  • Member
  • Pip
  • 1 posts

As I already stated in title, my computer is now suffering two issues. I ran complete checks from Dr. Web and Kaspersky, both found nothing remotely harmful, but...

   First, something is eating down C:/ drive space. It wasn't just downloads or temporary files because I cleared the drive several times and every time I log in, I find a chunk of space eaten. it went down from 18 gb to 0 (I think it took a couple of days), now I removed some stuff and still have about 30 gb left, although it's decreasing.

   Second, I have hiberfil.sys and pagefile.sys files in there. I know they're standard system files, but they weren't in there before (Yes, I always had my option "show hidden and system files" on). And both are huge. Maybe those are related, maybe I'm overreacting, I just want to make sure.

Thanks in advance.

 

P.S. I ran OTL as was said:

OTL logfile created on: 08.06.2014 8:19:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nemesis\Dwnloads
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 35,15% Memory free
5,97 Gb Paging File | 3,60 Gb Available in Paging File | 60,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140,95 Gb Total Space | 31,60 Gb Free Space | 22,42% Space Free | Partition Type: NTFS
Drive D: | 141,04 Gb Total Space | 62,03 Gb Free Space | 43,98% Space Free | Partition Type: NTFS
 
Computer Name: 1-PC | User Name: Nemesis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.06.08 08:18:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Немезис\Videos\OTL.exe
PRC - [2014.05.15 09:21:44 | 001,268,560 | ---- | M] (BitTorrent Inc.) -- C:\Users\Немезис\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014.05.08 20:19:08 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014.04.24 18:17:10 | 001,590,584 | R--- | M] (ООО Яндекс) -- C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
PRC - [2014.04.22 03:50:58 | 000,168,224 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\Yandex\YandexDisk\wow64\YandexDiskStarter.exe
PRC - [2014.03.31 12:42:32 | 004,650,008 | ---- | M] (ООО ДубльГИС) -- C:\Program Files (x86)\2gis\3.0\2GISTrayNotifier.exe
PRC - [2014.01.30 15:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013.12.19 00:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.11.06 22:49:54 | 001,968,704 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2013.11.06 22:49:54 | 000,233,144 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwarkdaemon.exe
PRC - [2013.09.12 10:54:14 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe
PRC - [2013.05.13 17:56:02 | 002,245,232 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2013.05.13 17:55:30 | 004,001,376 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2012.12.30 20:53:20 | 004,686,848 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe
PRC - [2012.12.26 23:17:14 | 000,087,552 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2012.12.07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.02.29 18:13:48 | 003,413,368 | ---- | M] () -- C:\Program Files (x86)\STerra\SafeTerra.exe
PRC - [2011.04.01 11:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.03.01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.01.27 21:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010.02.02 00:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010.01.29 05:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.08.28 15:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.06.08 07:53:07 | 001,157,120 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_ssl.pyd
MOD - [2014.06.08 07:53:07 | 000,805,888 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._gdi_.pyd
MOD - [2014.06.08 07:53:07 | 000,712,192 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_hashlib.pyd
MOD - [2014.06.08 07:53:07 | 000,110,080 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\pywintypes27.dll
MOD - [2014.06.08 07:53:07 | 000,026,624 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_multiprocessing.pyd
MOD - [2014.06.08 07:53:06 | 000,811,008 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._windows_.pyd
MOD - [2014.06.08 07:53:06 | 000,087,040 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_ctypes.pyd
MOD - [2014.06.08 07:53:06 | 000,070,656 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._html2.pyd
MOD - [2014.06.08 07:53:06 | 000,035,840 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32process.pyd
MOD - [2014.06.08 07:53:06 | 000,024,064 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32pipe.pyd
MOD - [2014.06.08 07:53:05 | 001,062,400 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._controls_.pyd
MOD - [2014.06.08 07:53:05 | 000,686,080 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\unicodedata.pyd
MOD - [2014.06.08 07:53:05 | 000,525,640 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\windows._lib_cacheinvalidation.pyd
MOD - [2014.06.08 07:53:05 | 000,127,488 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\pyexpat.pyd
MOD - [2014.06.08 07:53:05 | 000,119,808 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32file.pyd
MOD - [2014.06.08 07:53:05 | 000,108,544 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32security.pyd
MOD - [2014.06.08 07:53:05 | 000,038,912 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32inet.pyd
MOD - [2014.06.08 07:53:05 | 000,025,600 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32pdh.pyd
MOD - [2014.06.08 07:53:05 | 000,018,432 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32event.pyd
MOD - [2014.06.08 07:53:05 | 000,017,408 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32profile.pyd
MOD - [2014.06.08 07:53:05 | 000,010,240 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\select.pyd
MOD - [2014.06.08 07:53:04 | 001,175,040 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._core_.pyd
MOD - [2014.06.08 07:53:04 | 000,735,232 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._misc_.pyd
MOD - [2014.06.08 07:53:04 | 000,557,056 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\pysqlite2._sqlite.pyd
MOD - [2014.06.08 07:53:04 | 000,364,544 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\pythoncom27.dll
MOD - [2014.06.08 07:53:04 | 000,320,512 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32com.shell.shell.pyd
MOD - [2014.06.08 07:53:04 | 000,128,512 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_elementtree.pyd
MOD - [2014.06.08 07:53:04 | 000,122,368 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._wizard.pyd
MOD - [2014.06.08 07:53:04 | 000,098,816 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32api.pyd
MOD - [2014.06.08 07:53:04 | 000,044,032 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_socket.pyd
MOD - [2014.06.08 07:53:04 | 000,022,528 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32ts.pyd
MOD - [2014.06.08 07:53:04 | 000,011,264 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32crypt.pyd
MOD - [2014.05.14 05:40:54 | 000,414,536 | ---- | M] () -- C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
MOD - [2014.05.14 05:40:50 | 004,217,672 | ---- | M] () -- C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014.05.14 05:40:45 | 000,716,616 | ---- | M] () -- C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014.05.14 05:40:44 | 000,126,280 | ---- | M] () -- C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014.05.14 05:40:43 | 001,732,424 | ---- | M] () -- C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014.04.22 03:50:58 | 000,168,224 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\Yandex\YandexDisk\wow64\YandexDiskStarter.exe
MOD - [2014.04.22 03:50:57 | 000,354,592 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\Yandex\YandexDisk\wow64\YandexDiskHooks-3998.dll
MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012.02.29 18:13:48 | 003,413,368 | ---- | M] () -- C:\Program Files (x86)\STerra\SafeTerra.exe
MOD - [2011.06.21 19:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011.06.20 19:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011.06.20 17:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011.06.20 17:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011.06.20 17:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011.06.20 17:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011.05.26 15:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011.05.26 15:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2011.03.30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010.10.20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.05.20 16:25:57 | 005,270,896 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\DrWeb\dwservice.exe -- (DrWebAVService)
SRV:64bit: - [2014.03.06 14:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.11.06 22:49:54 | 001,968,704 | ---- | M] (Doctor Web, Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine)
SRV:64bit: - [2013.08.13 23:44:37 | 001,871,256 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\DrWeb\frwl_svc.exe -- (DrWebFwSvc)
SRV:64bit: - [2013.07.25 18:06:04 | 005,435,648 | ---- | M] (Doctor Web, Ltd.) [On_Demand | Running] -- C:\Program Files\DrWeb\dwnetfilter.exe -- (DrWebNetFilter)
SRV:64bit: - [2013.05.27 11:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.02.25 16:07:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.01.29 05:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014.05.14 07:53:32 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.03.31 12:42:38 | 003,818,352 | ---- | M] (ООО ДубльГИС) [On_Demand | Stopped] -- C:\Program Files (x86)\2gis\3.0\2GISUpdateService.exe -- (2GISUpdateService)
SRV - [2013.12.19 00:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.12 10:54:14 | 000,577,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe -- (UDisk Monitor Z5 Phone)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.05.13 17:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012.12.26 23:17:14 | 000,087,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012.12.07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.13 15:15:08 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.04.01 11:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.01.27 21:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.02.02 00:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.16 03:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.28 15:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.14 07:16:20 | 000,010,752 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009.06.11 03:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.08.22 14:49:06 | 000,075,424 | ---- | M] (Doctor Web, Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dw_wfp.sys -- (DrWebWfp)
DRV:64bit: - [2013.08.13 23:44:36 | 000,247,024 | ---- | M] (Doctor Web, Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DrWebLwf.sys -- (DrWebLwf)
DRV:64bit: - [2013.07.25 18:06:06 | 000,255,672 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dwprot.sys -- (DwProt)
DRV:64bit: - [2013.04.27 10:34:22 | 000,234,168 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\spiderg3.sys -- (SpiderG3)
DRV:64bit: - [2013.02.12 10:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013.01.05 17:40:29 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.03.01 12:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011.04.01 11:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.04.01 11:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.11 12:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 12:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 19:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 17:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.03.04 19:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.25 16:22:38 | 006,369,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.02.25 15:12:10 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.28 07:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.06 13:26:06 | 000,235,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.08.23 15:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.14 07:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 07:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 07:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 06:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.11 02:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.11 02:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.11 02:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.11 02:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 08:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 08:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 08:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.07.14 07:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2653012
IE - HKLM\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yan...t={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...46v085w4681v310
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://lk.domru.ru/
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\Software\Microsoft\Internet Explorer\SearchURL\y, = http://yandex.ru/yan...2073741&text=%s
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://yandex.ru/yan...t={searchTerms}
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/pe...ms}&submitted=1
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\SearchScopes\Yandex: "URL" = http://www.google.co...1I7ACAW_ruRU414
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT2653012.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Яндекс"
FF - prefs.js..browser.search.selectedEngine: "Яндекс"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.yandex.ru...6&clid=2073737"
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.0.0.10201
FF - prefs.js..extensions.enabledAddons: [email protected]:7.9.1
FF - prefs.js..extensions.enabledAddons: [email protected]:2.7.2
FF - prefs.js..extensions.enabledAddons: [email protected]:1.7.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@alawar.com/npapi: C:\Windows\npapi.dll (Alawar)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Немезис\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Немезис\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Немезис\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.02 11:50:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.05.31 14:47:31 | 000,000,000 | ---D | M]
 
[2012.02.06 17:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Немезис\AppData\Roaming\mozilla\Extensions
[2014.01.25 16:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Немезис\AppData\Roaming\mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2013.05.12 09:49:16 | 000,000,000 | ---D | M] (Veoh Web Player) -- C:\Users\Немезис\AppData\Roaming\mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2014.01.08 12:57:26 | 000,000,000 | ---D | M] (Візуальныя закладкі) -- C:\Users\Немезис\AppData\Roaming\mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected]
[2014.01.08 12:57:29 | 000,000,000 | ---D | M] (Кампанент "Элементы Яндекса") -- C:\Users\Немезис\AppData\Roaming\mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected]
[2014.01.25 16:56:39 | 000,348,260 | ---- | M] () (No name found) -- C:\Users\Немезис\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\extensions\[email protected]
[2013.01.18 00:17:18 | 000,001,060 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\searchplugins\veoh-web-player-customized-web-search.xml
[2014.01.07 00:45:08 | 000,007,861 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\searchplugins\yandex.ru-004508.xml
[2011.09.16 21:23:19 | 000,001,472 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\searchplugins\yasearch.xml
[2012.01.29 20:32:55 | 000,001,719 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\searchplugins\yqs-barff-yandex.xml
[2013.03.23 08:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.06.05 23:24:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\РЌРΜРЈРΜР·РЁСЃ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAHD6HA2.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\РЌРΜРЈРΜР·РЁСЃ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAHD6HA2.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\РЌРΜРЈРΜР·РЁСЃ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAHD6HA2.DEFAULT\EXTENSIONS\[email protected]
[2012.05.13 15:15:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 21:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.01.29 20:32:55 | 000,002,549 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mailru.xml
[2012.01.29 20:32:55 | 000,005,568 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ozonru.xml
[2012.01.29 20:32:55 | 000,001,133 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\priceru.xml
[2012.01.29 20:32:55 | 000,001,304 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ru.xml
[2012.01.29 20:32:55 | 000,001,548 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-slovari.xml
[2012.01.29 20:32:55 | 000,001,719 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows LiveВ™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Bejeweled = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Nordic Forest = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\amekpplpfocpmaimnmgfjoibodpjedie\1_0\
CHR - Extension: Диск Google = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Snake Deluxe = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfhoniooaffgjaegjealpafgmjjepch\1.0.0_0\
CHR - Extension: Flow Colors Bridges = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgjgepioclaangaicgmecejjcebppik\1.2_0\
CHR - Extension: Google Кошелек = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Codecv = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnkkfjdnhgkjefnnohgfackfninikjo\1.0_0\
CHR - Extension: Gmail = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2011.08.29 22:44:20 | 000,000,022 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost 
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik_x64.dll File not found
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (directguide) - {024B69A8-FF19-4D63-A03D-6927828B82DE} - C:\PROGRA~2\DIRECT~1\DIRECT~1.DLL File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SmartPopBHO Class) - {7AE8CE5B-53AE-4824-84EF-800A0EC46BB8} - C:\Program Files\SmartPop\SmartPop.dll (IPO Communication)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (ExplorerManager Class) - {AA4E73CB-0853-41F1-98FF-8425F1FAF463} - C:\Program Files\micro_sponsor19\wt.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik_x64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - Locked - Reg Error: Value error. File not found
O3:64bit: - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\Toolbar\WebBrowser: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik_x64.dll File not found
O3:64bit: - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [Firewall] C:\Program Files\DrWeb\frwl_notify.exe (Doctor Web, Ltd.)
O4:64bit: - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\spideragent.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [2Gis Update Notifier] C:\Program Files (x86)\2gis\3.0\2GISTrayNotifier.exe (ООО ДубльГИС)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SmartPopUpdater] C:\Program Files\SmartPop\SmartPopUpt.exe ()
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX430" File not found
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [S169113134] C:\Users\Немезис\0.5237816988780626.exe File not found
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [sponsorkeyword] C:\Program Files (x86)\sponsorkeyword\sponsorkeyword.exe File not found
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [SyncManPath] C:\Users\Немезис\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe ()
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [uTorrent] C:\Users\Немезис\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Eerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk =  File not found
O4 - Startup: C:\Users\Eerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk = C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс)
O4 - Startup: C:\Users\Немезис\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk = C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс)
O4 - Startup: C:\Users\Немезис\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-349440971-2601779756-269653931-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-349440971-2601779756-269653931-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-349440971-2601779756-269653931-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97072EA5-9568-412C-8297-B0CE7505ABB7}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-349440971-2601779756-269653931-1003 Winlogon: Shell - (C:\Users\Немезис\0.5237816988780626.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ea0248a3-d5aa-11e1-ae14-90fba68ac5c0}\Shell - "" = AutoRun
O33 - MountPoints2\{ea0248a3-d5aa-11e1-ae14-90fba68ac5c0}\Shell\AutoRun\command - "" = L:\Autorun.exe
O33 - MountPoints2\{f3240220-d60c-11e1-8617-90fba68ac5c0}\Shell - "" = AutoRun
O33 - MountPoints2\{f3240220-d60c-11e1-8617-90fba68ac5c0}\Shell\AutoRun\command - "" = M:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.06.07 18:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2014.06.07 18:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014.06.07 12:22:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014.05.27 10:08:40 | 000,000,000 | ---D | C] -- C:\Users\Немезис\Desktop\quo
[2014.05.15 21:39:07 | 000,000,000 | ---D | C] -- C:\Users\Немезис\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс.Диск
[2014.05.15 05:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.06.08 08:24:33 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.06.08 08:05:00 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1002UA.job
[2014.06.08 08:00:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.08 08:00:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.08 07:54:53 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.06.08 07:53:35 | 000,001,125 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk
[2014.06.08 07:53:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.06.08 07:52:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.08 07:51:58 | 2403,147,776 | -HS- | M] () -- C:\hiberfil.sys
[2014.06.08 00:05:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1002Core.job
[2014.06.07 23:46:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1004UA.job
[2014.06.07 23:40:00 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1003UA.job
[2014.06.07 12:34:04 | 613,227,378 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.06.07 08:40:51 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1003Core.job
[2014.06.05 21:49:18 | 001,657,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.06.05 21:49:18 | 000,727,622 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2014.06.05 21:49:18 | 000,657,212 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.06.05 21:49:18 | 000,151,878 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2014.06.05 21:49:18 | 000,123,024 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.06.05 16:47:01 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1004Core.job
[2014.05.31 16:27:34 | 000,297,414 | ---- | M] () -- C:\Users\Немезис\Desktop\Ignatova_Anna_Perm.jpg
[2014.05.27 09:19:09 | 000,059,812 | ---- | M] () -- C:\Users\Немезис\Desktop\Bog7Se2CUAA5f0T.jpg
[2014.05.22 20:43:01 | 009,931,750 | ---- | M] () -- C:\Users\Немезис\Desktop\Kamyu_A_-_Sobranie_sochineny_v_5_tomakh_t_4_19.djvu
[2014.05.21 21:03:37 | 036,916,142 | ---- | M] () -- C:\Users\Немезис\Desktop\Larousse_-_Grammaire.pdf
[2014.05.15 09:19:17 | 000,000,632 | RHS- | M] () -- C:\Users\Немезис\ntuser.pol
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.06.07 12:22:28 | 613,227,378 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.05.31 16:27:32 | 000,297,414 | ---- | C] () -- C:\Users\Немезис\Desktop\Ignatova_Anna_Perm.jpg
[2014.05.27 09:19:08 | 000,059,812 | ---- | C] () -- C:\Users\Немезис\Desktop\Bog7Se2CUAA5f0T.jpg
[2014.05.22 20:42:57 | 009,931,750 | ---- | C] () -- C:\Users\Немезис\Desktop\Kamyu_A_-_Sobranie_sochineny_v_5_tomakh_t_4_19.djvu
[2014.05.21 21:01:43 | 036,916,142 | ---- | C] () -- C:\Users\Немезис\Desktop\Larousse_-_Grammaire.pdf
[2014.01.06 22:55:58 | 000,005,095 | ---- | C] () -- C:\ProgramData\xpbthzbm.qqq
[2013.03.29 15:55:16 | 000,007,609 | ---- | C] () -- C:\Users\Немезис\AppData\Local\Resmon.ResmonCfg
[2012.11.30 17:28:53 | 000,000,632 | RHS- | C] () -- C:\Users\Немезис\ntuser.pol
[2012.11.22 21:04:22 | 000,000,088 | ---- | C] () -- C:\Windows\Antidote7.ini
[2011.12.08 16:05:03 | 000,017,408 | ---- | C] () -- C:\Users\Немезис\AppData\Local\WebpageIcons.db
[2011.09.17 02:36:43 | 000,003,584 | ---- | C] () -- C:\Users\Немезис\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.29 23:25:30 | 000,000,031 | ---- | C] () -- C:\Users\Немезис\AppData\Roaming\Days5.ini
[2010.04.21 16:36:38 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 10:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 08:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 08:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 07:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 18:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 07:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.08.21 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\DAEMON Tools Pro
[2012.12.01 11:37:10 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Druide
[2012.05.12 12:51:10 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Epson
[2011.10.18 23:42:34 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\GHISLER
[2012.05.12 13:28:04 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Grym
[2011.09.03 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\OpenOffice.org
[2011.08.21 21:34:19 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Opera
[2014.06.07 19:14:53 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Opera Software
[2014.01.07 21:33:35 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Origin
[2013.04.22 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\SearchProtect
[2011.08.25 16:49:06 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Yandex
[2014.04.06 19:24:24 | 000,000,000 | ---D | M] -- C:\Users\МАМАА\AppData\Roaming\AlawarEntertainment
[2014.03.13 19:07:19 | 000,000,000 | ---D | M] -- C:\Users\МАМАА\AppData\Roaming\Awem
[2014.03.03 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\МАМАА\AppData\Roaming\Epson
[2014.05.08 20:37:23 | 000,000,000 | ---D | M] -- C:\Users\МАМАА\AppData\Roaming\Opera Software
[2013.04.10 22:57:39 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\AIMP3
[2013.12.18 03:15:25 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\AlawarEntertainment
[2011.01.23 18:29:47 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Artogon
[2013.07.21 20:59:18 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Atari
[2012.12.19 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Audacity
[2011.02.26 21:49:50 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Awem
[2013.10.15 00:54:59 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\DAEMON Tools Lite
[2011.08.12 15:33:40 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\DAEMON Tools Pro
[2011.06.23 21:09:38 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Design-Lib.Com
[2014.01.22 01:06:38 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Doublefine
[2012.03.27 21:01:20 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Epson
[2011.02.08 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\EscapeTheMuseum2
[2013.03.30 09:02:55 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\ExpressFiles
[2011.06.21 23:35:36 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Friday's games
[2012.12.19 21:00:13 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\GHISLER
[2011.01.23 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Grym
[2011.12.25 16:26:43 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\ICQ
[2013.07.27 23:33:38 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Lionhead Studios
[2011.10.19 02:20:54 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\mkvtoolnix
[2011.06.08 23:26:59 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\OpenOffice.org
[2012.06.03 01:55:05 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Opera
[2013.08.02 01:03:33 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Opera Software
[2011.01.25 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\PlayFirst
[2014.01.08 00:41:46 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Rainmeter
[2013.03.07 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\SearchProtect
[2012.05.25 20:25:32 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\SkyMonk
[2012.05.12 18:15:52 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\UauPyNRbzfkJLM1
[2014.06.08 08:29:55 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\uTorrent
[2011.05.03 17:45:52 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\VampireSaga
[2011.01.24 16:09:21 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Vast Studios
[2014.02.26 07:50:16 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Yandex
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014.03.30 17:32:32 | 000,001,397 | ---- | M] ()(C:\Users\Немезис\Desktop\????? - ??? - ??.txt) -- C:\Users\Немезис\Desktop\外人四こま - あの方 - 悪人.txt
[2014.01.29 01:22:45 | 000,001,397 | ---- | C] ()(C:\Users\Немезис\Desktop\????? - ??? - ??.txt) -- C:\Users\Немезис\Desktop\外人四こま - あの方 - 悪人.txt
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
 
< End of report >

Edited by Nemisa, 07 June 2014 - 09:23 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP