As I already stated in title, my computer is now suffering two issues. I ran complete checks from Dr. Web and Kaspersky, both found nothing remotely harmful, but...
First, something is eating down C:/ drive space. It wasn't just downloads or temporary files because I cleared the drive several times and every time I log in, I find a chunk of space eaten. it went down from 18 gb to 0 (I think it took a couple of days), now I removed some stuff and still have about 30 gb left, although it's decreasing.
Second, I have hiberfil.sys and pagefile.sys files in there. I know they're standard system files, but they weren't in there before (Yes, I always had my option "show hidden and system files" on). And both are huge. Maybe those are related, maybe I'm overreacting, I just want to make sure.
Thanks in advance.
P.S. I ran OTL as was said:
OTL logfile created on: 08.06.2014 8:19:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nemesis\Dwnloads
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy
2,98 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 35,15% Memory free
5,97 Gb Paging File | 3,60 Gb Available in Paging File | 60,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140,95 Gb Total Space | 31,60 Gb Free Space | 22,42% Space Free | Partition Type: NTFS
Drive D: | 141,04 Gb Total Space | 62,03 Gb Free Space | 43,98% Space Free | Partition Type: NTFS
Computer Name: 1-PC | User Name: Nemesis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.06.08 08:18:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Немезис\Videos\OTL.exe
PRC - [2014.05.15 09:21:44 | 001,268,560 | ---- | M] (BitTorrent Inc.) -- C:\Users\Немезис\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014.05.08 20:19:08 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014.04.24 18:17:10 | 001,590,584 | R--- | M] (ООО Яндекс) -- C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
PRC - [2014.04.22 03:50:58 | 000,168,224 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\Yandex\YandexDisk\wow64\YandexDiskStarter.exe
PRC - [2014.03.31 12:42:32 | 004,650,008 | ---- | M] (ООО ДубльГИС) -- C:\Program Files (x86)\2gis\3.0\2GISTrayNotifier.exe
PRC - [2014.01.30 15:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013.12.19 00:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.11.06 22:49:54 | 001,968,704 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2013.11.06 22:49:54 | 000,233,144 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwarkdaemon.exe
PRC - [2013.09.12 10:54:14 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe
PRC - [2013.05.13 17:56:02 | 002,245,232 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2013.05.13 17:55:30 | 004,001,376 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2012.12.30 20:53:20 | 004,686,848 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohWebPlayer.exe
PRC - [2012.12.26 23:17:14 | 000,087,552 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2012.12.07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.02.29 18:13:48 | 003,413,368 | ---- | M] () -- C:\Program Files (x86)\STerra\SafeTerra.exe
PRC - [2011.04.01 11:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.03.01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.01.27 21:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010.02.02 00:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010.01.29 05:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.08.28 15:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
========== Modules (No Company Name) ==========
MOD - [2014.06.08 07:53:07 | 001,157,120 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_ssl.pyd
MOD - [2014.06.08 07:53:07 | 000,805,888 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._gdi_.pyd
MOD - [2014.06.08 07:53:07 | 000,712,192 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_hashlib.pyd
MOD - [2014.06.08 07:53:07 | 000,110,080 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\pywintypes27.dll
MOD - [2014.06.08 07:53:07 | 000,026,624 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_multiprocessing.pyd
MOD - [2014.06.08 07:53:06 | 000,811,008 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._windows_.pyd
MOD - [2014.06.08 07:53:06 | 000,087,040 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_ctypes.pyd
MOD - [2014.06.08 07:53:06 | 000,070,656 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._html2.pyd
MOD - [2014.06.08 07:53:06 | 000,035,840 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32process.pyd
MOD - [2014.06.08 07:53:06 | 000,024,064 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32pipe.pyd
MOD - [2014.06.08 07:53:05 | 001,062,400 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._controls_.pyd
MOD - [2014.06.08 07:53:05 | 000,686,080 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\unicodedata.pyd
MOD - [2014.06.08 07:53:05 | 000,525,640 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\windows._lib_cacheinvalidation.pyd
MOD - [2014.06.08 07:53:05 | 000,127,488 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\pyexpat.pyd
MOD - [2014.06.08 07:53:05 | 000,119,808 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32file.pyd
MOD - [2014.06.08 07:53:05 | 000,108,544 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32security.pyd
MOD - [2014.06.08 07:53:05 | 000,038,912 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32inet.pyd
MOD - [2014.06.08 07:53:05 | 000,025,600 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32pdh.pyd
MOD - [2014.06.08 07:53:05 | 000,018,432 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32event.pyd
MOD - [2014.06.08 07:53:05 | 000,017,408 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32profile.pyd
MOD - [2014.06.08 07:53:05 | 000,010,240 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\select.pyd
MOD - [2014.06.08 07:53:04 | 001,175,040 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._core_.pyd
MOD - [2014.06.08 07:53:04 | 000,735,232 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._misc_.pyd
MOD - [2014.06.08 07:53:04 | 000,557,056 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\pysqlite2._sqlite.pyd
MOD - [2014.06.08 07:53:04 | 000,364,544 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\pythoncom27.dll
MOD - [2014.06.08 07:53:04 | 000,320,512 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32com.shell.shell.pyd
MOD - [2014.06.08 07:53:04 | 000,128,512 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_elementtree.pyd
MOD - [2014.06.08 07:53:04 | 000,122,368 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\wx._wizard.pyd
MOD - [2014.06.08 07:53:04 | 000,098,816 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32api.pyd
MOD - [2014.06.08 07:53:04 | 000,044,032 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\_socket.pyd
MOD - [2014.06.08 07:53:04 | 000,022,528 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32ts.pyd
MOD - [2014.06.08 07:53:04 | 000,011,264 | ---- | M] () -- C:\Users\14B6~1\AppData\Local\Temp\_MEI8282\win32crypt.pyd
MOD - [2014.05.14 05:40:54 | 000,414,536 | ---- | M] () -- C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
MOD - [2014.05.14 05:40:50 | 004,217,672 | ---- | M] () -- C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014.05.14 05:40:45 | 000,716,616 | ---- | M] () -- C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014.05.14 05:40:44 | 000,126,280 | ---- | M] () -- C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014.05.14 05:40:43 | 001,732,424 | ---- | M] () -- C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014.04.22 03:50:58 | 000,168,224 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\Yandex\YandexDisk\wow64\YandexDiskStarter.exe
MOD - [2014.04.22 03:50:57 | 000,354,592 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\Yandex\YandexDisk\wow64\YandexDiskHooks-3998.dll
MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012.02.29 18:13:48 | 003,413,368 | ---- | M] () -- C:\Program Files (x86)\STerra\SafeTerra.exe
MOD - [2011.06.21 19:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011.06.20 19:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011.06.20 17:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011.06.20 17:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011.06.20 17:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011.06.20 17:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011.05.26 15:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011.05.26 15:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2011.03.30 18:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010.10.20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.05.07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010.05.07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010.05.07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010.05.07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010.05.07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014.05.20 16:25:57 | 005,270,896 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\DrWeb\dwservice.exe -- (DrWebAVService)
SRV:64bit: - [2014.03.06 14:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.11.06 22:49:54 | 001,968,704 | ---- | M] (Doctor Web, Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine)
SRV:64bit: - [2013.08.13 23:44:37 | 001,871,256 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\DrWeb\frwl_svc.exe -- (DrWebFwSvc)
SRV:64bit: - [2013.07.25 18:06:04 | 005,435,648 | ---- | M] (Doctor Web, Ltd.) [On_Demand | Running] -- C:\Program Files\DrWeb\dwnetfilter.exe -- (DrWebNetFilter)
SRV:64bit: - [2013.05.27 11:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.02.25 16:07:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.01.29 05:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014.05.14 07:53:32 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.03.31 12:42:38 | 003,818,352 | ---- | M] (ООО ДубльГИС) [On_Demand | Stopped] -- C:\Program Files (x86)\2gis\3.0\2GISUpdateService.exe -- (2GISUpdateService)
SRV - [2013.12.19 00:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.12 10:54:14 | 000,577,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Android_USB_Driver_Z\Bin\MonServiceUDisk.exe -- (UDisk Monitor Z5 Phone)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.05.13 17:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012.12.26 23:17:14 | 000,087,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012.12.07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.13 15:15:08 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.04.01 11:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.01.27 21:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.02.02 00:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.16 03:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.28 15:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.14 07:16:20 | 000,010,752 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009.06.11 03:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.08.22 14:49:06 | 000,075,424 | ---- | M] (Doctor Web, Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dw_wfp.sys -- (DrWebWfp)
DRV:64bit: - [2013.08.13 23:44:36 | 000,247,024 | ---- | M] (Doctor Web, Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DrWebLwf.sys -- (DrWebLwf)
DRV:64bit: - [2013.07.25 18:06:06 | 000,255,672 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dwprot.sys -- (DwProt)
DRV:64bit: - [2013.04.27 10:34:22 | 000,234,168 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\spiderg3.sys -- (SpiderG3)
DRV:64bit: - [2013.02.12 10:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013.01.05 17:40:29 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.03.01 12:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011.04.01 11:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.04.01 11:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.11 12:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 12:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 19:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 17:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.03.04 19:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.25 16:22:38 | 006,369,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.02.25 15:12:10 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.28 07:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.06 13:26:06 | 000,235,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009.08.23 15:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.14 07:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 07:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 07:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 06:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.11 02:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.11 02:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.11 02:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.11 02:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 08:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 08:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 08:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.07.14 07:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://lk.domru.ru/
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-349440971-2601779756-269653931-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT2653012.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Яндекс"
FF - prefs.js..browser.search.selectedEngine: "Яндекс"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.0.0.10201
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@alawar.com/npapi: C:\Windows\npapi.dll (Alawar)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Немезис\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Немезис\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Немезис\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.02 11:50:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.05.31 14:47:31 | 000,000,000 | ---D | M]
[2012.02.06 17:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Немезис\AppData\Roaming\mozilla\Extensions
[2014.01.25 16:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Немезис\AppData\Roaming\mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2013.05.12 09:49:16 | 000,000,000 | ---D | M] (Veoh Web Player) -- C:\Users\Немезис\AppData\Roaming\mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2014.01.08 12:57:26 | 000,000,000 | ---D | M] (Візуальныя закладкі) -- C:\Users\Немезис\AppData\Roaming\mozilla\Firefox\Profiles\nahd6ha2.default\extensions\
[email protected]
[2014.01.08 12:57:29 | 000,000,000 | ---D | M] (Кампанент "Рлементы Яндекса") -- C:\Users\Немезис\AppData\Roaming\mozilla\Firefox\Profiles\nahd6ha2.default\extensions\
[email protected]
[2014.01.25 16:56:39 | 000,348,260 | ---- | M] () (No name found) -- C:\Users\Немезис\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\extensions\
[email protected]
[2013.01.18 00:17:18 | 000,001,060 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\searchplugins\veoh-web-player-customized-web-search.xml
[2014.01.07 00:45:08 | 000,007,861 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\searchplugins\yandex.ru-004508.xml
[2011.09.16 21:23:19 | 000,001,472 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\searchplugins\yasearch.xml
[2012.01.29 20:32:55 | 000,001,719 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\searchplugins\yqs-barff-yandex.xml
[2013.03.23 08:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.06.05 23:24:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\РЌРΜРЈРΜР·РЁСЃ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAHD6HA2.DEFAULT\EXTENSIONS\
[email protected]
File not found (No name found) -- C:\USERS\РЌРΜРЈРΜР·РЁСЃ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAHD6HA2.DEFAULT\EXTENSIONS\
[email protected]
File not found (No name found) -- C:\USERS\РЌРΜРЈРΜР·РЁСЃ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NAHD6HA2.DEFAULT\EXTENSIONS\
[email protected]
[2012.05.13 15:15:08 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 21:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.01.29 20:32:55 | 000,002,549 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mailru.xml
[2012.01.29 20:32:55 | 000,005,568 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ozonru.xml
[2012.01.29 20:32:55 | 000,001,133 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\priceru.xml
[2012.01.29 20:32:55 | 000,001,304 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ru.xml
[2012.01.29 20:32:55 | 000,001,548 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex-slovari.xml
[2012.01.29 20:32:55 | 000,001,719 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yandex.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Немезис\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows LiveВ™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Bejeweled = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Nordic Forest = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\amekpplpfocpmaimnmgfjoibodpjedie\1_0\
CHR - Extension: Диск Google = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Snake Deluxe = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfhoniooaffgjaegjealpafgmjjepch\1.0.0_0\
CHR - Extension: Flow Colors Bridges = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgjgepioclaangaicgmecejjcebppik\1.2_0\
CHR - Extension: Google Кошелек = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Codecv = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnkkfjdnhgkjefnnohgfackfninikjo\1.0_0\
CHR - Extension: Gmail = C:\Users\Немезис\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2011.08.29 22:44:20 | 000,000,022 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik_x64.dll File not found
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (directguide) - {024B69A8-FF19-4D63-A03D-6927828B82DE} - C:\PROGRA~2\DIRECT~1\DIRECT~1.DLL File not found
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SmartPopBHO Class) - {7AE8CE5B-53AE-4824-84EF-800A0EC46BB8} - C:\Program Files\SmartPop\SmartPop.dll (IPO Communication)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (ExplorerManager Class) - {AA4E73CB-0853-41F1-98FF-8425F1FAF463} - C:\Program Files\micro_sponsor19\wt.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik_x64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - Locked - Reg Error: Value error. File not found
O3:64bit: - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\Toolbar\WebBrowser: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik_x64.dll File not found
O3:64bit: - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-349440971-2601779756-269653931-1003\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [Firewall] C:\Program Files\DrWeb\frwl_notify.exe (Doctor Web, Ltd.)
O4:64bit: - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\spideragent.exe (Doctor Web, Ltd.)
O4 - HKLM..\Run: [2Gis Update Notifier] C:\Program Files (x86)\2gis\3.0\2GISTrayNotifier.exe (ООО ДубльГИС)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SmartPopUpdater] C:\Program Files\SmartPop\SmartPopUpt.exe ()
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX430" File not found
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [S169113134] C:\Users\Немезис\0.5237816988780626.exe File not found
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [sponsorkeyword] C:\Program Files (x86)\sponsorkeyword\sponsorkeyword.exe File not found
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [SyncManPath] C:\Users\Немезис\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe ()
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [uTorrent] C:\Users\Немезис\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-349440971-2601779756-269653931-1003..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Eerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O4 - Startup: C:\Users\Eerie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk = C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс)
O4 - Startup: C:\Users\Немезис\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk = C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс)
O4 - Startup: C:\Users\Немезис\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-349440971-2601779756-269653931-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-349440971-2601779756-269653931-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-349440971-2601779756-269653931-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97072EA5-9568-412C-8297-B0CE7505ABB7}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-349440971-2601779756-269653931-1003 Winlogon: Shell - (C:\Users\Немезис\0.5237816988780626.exe) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ea0248a3-d5aa-11e1-ae14-90fba68ac5c0}\Shell - "" = AutoRun
O33 - MountPoints2\{ea0248a3-d5aa-11e1-ae14-90fba68ac5c0}\Shell\AutoRun\command - "" = L:\Autorun.exe
O33 - MountPoints2\{f3240220-d60c-11e1-8617-90fba68ac5c0}\Shell - "" = AutoRun
O33 - MountPoints2\{f3240220-d60c-11e1-8617-90fba68ac5c0}\Shell\AutoRun\command - "" = M:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014.06.07 18:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2014.06.07 18:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014.06.07 12:22:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014.05.27 10:08:40 | 000,000,000 | ---D | C] -- C:\Users\Немезис\Desktop\quo
[2014.05.15 21:39:07 | 000,000,000 | ---D | C] -- C:\Users\Немезис\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Яндекс.Диск
[2014.05.15 05:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.06.08 08:24:33 | 000,000,970 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.06.08 08:05:00 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1002UA.job
[2014.06.08 08:00:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.08 08:00:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.08 07:54:53 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.06.08 07:53:35 | 000,001,125 | ---- | M] () -- C:\Users\Немезис\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk
[2014.06.08 07:53:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.06.08 07:52:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.08 07:51:58 | 2403,147,776 | -HS- | M] () -- C:\hiberfil.sys
[2014.06.08 00:05:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1002Core.job
[2014.06.07 23:46:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1004UA.job
[2014.06.07 23:40:00 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1003UA.job
[2014.06.07 12:34:04 | 613,227,378 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.06.07 08:40:51 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1003Core.job
[2014.06.05 21:49:18 | 001,657,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.06.05 21:49:18 | 000,727,622 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2014.06.05 21:49:18 | 000,657,212 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.06.05 21:49:18 | 000,151,878 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2014.06.05 21:49:18 | 000,123,024 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.06.05 16:47:01 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-349440971-2601779756-269653931-1004Core.job
[2014.05.31 16:27:34 | 000,297,414 | ---- | M] () -- C:\Users\Немезис\Desktop\Ignatova_Anna_Perm.jpg
[2014.05.27 09:19:09 | 000,059,812 | ---- | M] () -- C:\Users\Немезис\Desktop\Bog7Se2CUAA5f0T.jpg
[2014.05.22 20:43:01 | 009,931,750 | ---- | M] () -- C:\Users\Немезис\Desktop\Kamyu_A_-_Sobranie_sochineny_v_5_tomakh_t_4_19.djvu
[2014.05.21 21:03:37 | 036,916,142 | ---- | M] () -- C:\Users\Немезис\Desktop\Larousse_-_Grammaire.pdf
[2014.05.15 09:19:17 | 000,000,632 | RHS- | M] () -- C:\Users\Немезис\ntuser.pol
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014.06.07 12:22:28 | 613,227,378 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.05.31 16:27:32 | 000,297,414 | ---- | C] () -- C:\Users\Немезис\Desktop\Ignatova_Anna_Perm.jpg
[2014.05.27 09:19:08 | 000,059,812 | ---- | C] () -- C:\Users\Немезис\Desktop\Bog7Se2CUAA5f0T.jpg
[2014.05.22 20:42:57 | 009,931,750 | ---- | C] () -- C:\Users\Немезис\Desktop\Kamyu_A_-_Sobranie_sochineny_v_5_tomakh_t_4_19.djvu
[2014.05.21 21:01:43 | 036,916,142 | ---- | C] () -- C:\Users\Немезис\Desktop\Larousse_-_Grammaire.pdf
[2014.01.06 22:55:58 | 000,005,095 | ---- | C] () -- C:\ProgramData\xpbthzbm.qqq
[2013.03.29 15:55:16 | 000,007,609 | ---- | C] () -- C:\Users\Немезис\AppData\Local\Resmon.ResmonCfg
[2012.11.30 17:28:53 | 000,000,632 | RHS- | C] () -- C:\Users\Немезис\ntuser.pol
[2012.11.22 21:04:22 | 000,000,088 | ---- | C] () -- C:\Windows\Antidote7.ini
[2011.12.08 16:05:03 | 000,017,408 | ---- | C] () -- C:\Users\Немезис\AppData\Local\WebpageIcons.db
[2011.09.17 02:36:43 | 000,003,584 | ---- | C] () -- C:\Users\Немезис\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.29 23:25:30 | 000,000,031 | ---- | C] () -- C:\Users\Немезис\AppData\Roaming\Days5.ini
[2010.04.21 16:36:38 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009.07.14 10:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 08:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 08:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 07:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 18:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 07:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.08.21 21:30:59 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\DAEMON Tools Pro
[2012.12.01 11:37:10 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Druide
[2012.05.12 12:51:10 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Epson
[2011.10.18 23:42:34 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\GHISLER
[2012.05.12 13:28:04 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Grym
[2011.09.03 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\OpenOffice.org
[2011.08.21 21:34:19 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Opera
[2014.06.07 19:14:53 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Opera Software
[2014.01.07 21:33:35 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Origin
[2013.04.22 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\SearchProtect
[2011.08.25 16:49:06 | 000,000,000 | ---D | M] -- C:\Users\Eerie\AppData\Roaming\Yandex
[2014.04.06 19:24:24 | 000,000,000 | ---D | M] -- C:\Users\МАМАА\AppData\Roaming\AlawarEntertainment
[2014.03.13 19:07:19 | 000,000,000 | ---D | M] -- C:\Users\МАМАА\AppData\Roaming\Awem
[2014.03.03 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\МАМАА\AppData\Roaming\Epson
[2014.05.08 20:37:23 | 000,000,000 | ---D | M] -- C:\Users\МАМАА\AppData\Roaming\Opera Software
[2013.04.10 22:57:39 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\AIMP3
[2013.12.18 03:15:25 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\AlawarEntertainment
[2011.01.23 18:29:47 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Artogon
[2013.07.21 20:59:18 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Atari
[2012.12.19 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Audacity
[2011.02.26 21:49:50 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Awem
[2013.10.15 00:54:59 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\DAEMON Tools Lite
[2011.08.12 15:33:40 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\DAEMON Tools Pro
[2011.06.23 21:09:38 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Design-Lib.Com
[2014.01.22 01:06:38 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Doublefine
[2012.03.27 21:01:20 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Epson
[2011.02.08 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\EscapeTheMuseum2
[2013.03.30 09:02:55 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\ExpressFiles
[2011.06.21 23:35:36 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Friday's games
[2012.12.19 21:00:13 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\GHISLER
[2011.01.23 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Grym
[2011.12.25 16:26:43 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\ICQ
[2013.07.27 23:33:38 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Lionhead Studios
[2011.10.19 02:20:54 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\mkvtoolnix
[2011.06.08 23:26:59 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\OpenOffice.org
[2012.06.03 01:55:05 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Opera
[2013.08.02 01:03:33 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Opera Software
[2011.01.25 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\PlayFirst
[2014.01.08 00:41:46 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Rainmeter
[2013.03.07 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\SearchProtect
[2012.05.25 20:25:32 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\SkyMonk
[2012.05.12 18:15:52 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\UauPyNRbzfkJLM1
[2014.06.08 08:29:55 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\uTorrent
[2011.05.03 17:45:52 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\VampireSaga
[2011.01.24 16:09:21 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Vast Studios
[2014.02.26 07:50:16 | 000,000,000 | ---D | M] -- C:\Users\Немезис\AppData\Roaming\Yandex
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2014.03.30 17:32:32 | 000,001,397 | ---- | M] ()(C:\Users\Немезис\Desktop\????? - ??? - ??.txt) -- C:\Users\Немезис\Desktop\外人四こま - あの方 - 悪人.txt
[2014.01.29 01:22:45 | 000,001,397 | ---- | C] ()(C:\Users\Немезис\Desktop\????? - ??? - ??.txt) -- C:\Users\Немезис\Desktop\外人四こま - あの方 - 悪人.txt
========== Alternate Data Streams ==========
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E1F04E8D
< End of report >
Edited by Nemisa, 07 June 2014 - 09:23 PM.