Hi,
please check my computer for malware.
Thank you,
Alex.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 11.20.2
Run by Alex at 12:15:11 on 2014-12-12
Microsoft Windows 7 Корпоративная 6.1.7601.1.1251.7.1049.18.3325.1282 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Users\Alex\AppData\Roaming\AntiHidden\USBDLM.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\system32\Dwm.exe
C:\Users\Alex\AppData\Roaming\AntiHidden\USBDLM_usr.exe
C:\Windows\Explorer.EXE
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Download Master\dmaster.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\BIRTHDAY\birthmil.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmi32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uProxyServer = 192.168.15.250:3128
uProxyOverride = <local>
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_20\bin\ssv.dll
BHO: IE 4.x-6.x BHO for Download Master: {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - c:\program files\download master\dmiehlp.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\onlinebanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_20\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\urladvisor\klwtbbho.dll
uRun: [Download Master] c:\program files\download master\dmaster.exe -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [vmware-tray.exe] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\birthd~1.lnk - c:\birthday\birthmil.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Добавить в Анти-Баннер - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ie_banner_deny.htm
IE: Закачать ВСЕ при помощи Download Master - c:\program files\download master\dmieall.htm
IE: Закачать при помощи Download Master - c:\program files\download master\dmie.htm
IE: Передать на удаленную закачку DM - c:\program files\download master\remdown.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - c:\program files\download master\dmaster.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\urladvisor\klwtbbho.dll
TCP: Interfaces\{AF287F78-929D-4E79-B149-00CC1AB982CF} : NameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\wopuv0kv.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre1.8.0_20\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_20\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_246.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: plugin.state.npcontentblocker - 2
.
FF - user.js: plugin.state.nponlinebanking - 2
.
FF - user.js: plugin.state.npvkplugin - 2
.
FF - user.js: plugin.state.anti_banner_native_proxy - 2
.
FF - user.js: plugin.state.url_advisor - 2
.
============= SERVICES / DRIVERS ===============
.
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2014-5-29 63824]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-9-29 243128]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2013-10-11 25696]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-4-12 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-14 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-6-6 144992]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 14.0.0\avp.exe [2013-10-11 214512]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-5-19 5024576]
R2 USBDLM;USBDLM;c:\users\alex\appdata\roaming\antihidden\USBDLM.exe [2014-11-28 409552]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2013-10-9 721464]
R2 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2013-10-18 14405200]
R2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi20-shared.sys [2013-2-22 23632]
R3 ip100Avista;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2014-5-16 31232]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-10-11 25184]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-10-11 25696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-30 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S3 StorSvc;Служба хранилища;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-12 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2014-7-23 1343400]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [2014-5-19 98432]
S4 klflt;klflt;c:\windows\system32\drivers\klflt.sys [2014-11-24 94304]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\AkelPad.exe="c:\program files\akelpadbuildernew\myakelpad\AkelPad.exe" "%1" [UserChoice]
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-12-12 07:34:03 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b827ec6e-3c34-4a38-85f4-6d8e820a1360}\offreg.dll
2014-12-10 13:47:30 151 ----a-w- c:\users\alex\appdata\roaming\microsoft\windows\sendto\Ярлык на анализ.bat
2014-12-10 11:00:58 -------- d-----w- C:\Hive
2014-12-08 12:36:40 -------- d-----w- C:\TEST
2014-12-08 10:39:47 -------- d-----w- c:\program files\trend micro
2014-11-28 10:32:22 551 ----a-w- c:\programdata\microsoft\windows\start menu\programs\antihidden\Не открывать проводник после лечения флешки.cmd
2014-11-28 10:32:22 506 ----a-w- c:\programdata\microsoft\windows\start menu\programs\antihidden\Сворачивать окно AntiHidden.cmd
2014-11-28 10:32:22 10970 ----a-w- c:\programdata\microsoft\windows\start menu\programs\antihidden\Удалить AntiHidden.vbs
2014-11-28 10:32:22 -------- d-----w- c:\users\alex\appdata\roaming\AntiHidden
2014-11-26 07:45:40 -------- d-----w- c:\users\alex\1 1
2014-11-24 13:42:31 -------- d-----w- c:\users\alex\2
2014-11-24 13:42:29 -------- d-----w- c:\users\alex\1
2014-11-24 07:54:44 -------- d-----w- c:\windows\ELAMBKUP
2014-11-24 07:54:41 -------- d-----w- c:\program files\Kaspersky Lab
2014-11-24 07:54:33 94304 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-11-13 16:04:36 926 ----a-w- C:\GetHash.cmd
.
==================== Find3M ====================
.
2014-12-10 11:38:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 11:38:13 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-24 08:22:50 25184 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-11-24 08:22:50 144992 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-11-24 08:22:49 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-10-08 06:55:17 0 ----a-w- c:\program files\test.cmd
2014-09-29 07:40:16 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-09-29 06:58:39 1227264 ----a-w- c:\windows\system32\dx8vb.dll
.
============= FINISH: 12:15:19,99 ===============
please check my computer for malware.
Thank you,
Alex.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 11.20.2
Run by Alex at 12:15:11 on 2014-12-12
Microsoft Windows 7 Корпоративная 6.1.7601.1.1251.7.1049.18.3325.1282 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Users\Alex\AppData\Roaming\AntiHidden\USBDLM.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\system32\Dwm.exe
C:\Users\Alex\AppData\Roaming\AntiHidden\USBDLM_usr.exe
C:\Windows\Explorer.EXE
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Download Master\dmaster.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\BIRTHDAY\birthmil.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmi32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uProxyServer = 192.168.15.250:3128
uProxyOverride = <local>
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_20\bin\ssv.dll
BHO: IE 4.x-6.x BHO for Download Master: {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - c:\program files\download master\dmiehlp.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\onlinebanking\online_banking_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_20\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\urladvisor\klwtbbho.dll
uRun: [Download Master] c:\program files\download master\dmaster.exe -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [vmware-tray.exe] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\birthd~1.lnk - c:\birthday\birthmil.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Добавить в Анти-Баннер - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ie_banner_deny.htm
IE: Закачать ВСЕ при помощи Download Master - c:\program files\download master\dmieall.htm
IE: Закачать при помощи Download Master - c:\program files\download master\dmie.htm
IE: Передать на удаленную закачку DM - c:\program files\download master\remdown.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - c:\program files\download master\dmaster.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\urladvisor\klwtbbho.dll
TCP: Interfaces\{AF287F78-929D-4E79-B149-00CC1AB982CF} : NameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\wopuv0kv.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre1.8.0_20\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_20\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_246.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: plugin.state.npcontentblocker - 2
.
FF - user.js: plugin.state.nponlinebanking - 2
.
FF - user.js: plugin.state.npvkplugin - 2
.
FF - user.js: plugin.state.anti_banner_native_proxy - 2
.
FF - user.js: plugin.state.url_advisor - 2
.
============= SERVICES / DRIVERS ===============
.
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2014-5-29 63824]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2014-9-29 243128]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2013-10-11 25696]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-4-12 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-14 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-6-6 144992]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 14.0.0\avp.exe [2013-10-11 214512]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-5-19 5024576]
R2 USBDLM;USBDLM;c:\users\alex\appdata\roaming\antihidden\USBDLM.exe [2014-11-28 409552]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2013-10-9 721464]
R2 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2013-10-18 14405200]
R2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi20-shared.sys [2013-2-22 23632]
R3 ip100Avista;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2014-5-16 31232]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-10-11 25184]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-10-11 25696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-30 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S3 StorSvc;Служба хранилища;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-4-12 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2014-7-23 1343400]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [2014-5-19 98432]
S4 klflt;klflt;c:\windows\system32\drivers\klflt.sys [2014-11-24 94304]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\AkelPad.exe="c:\program files\akelpadbuildernew\myakelpad\AkelPad.exe" "%1" [UserChoice]
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-12-12 07:34:03 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b827ec6e-3c34-4a38-85f4-6d8e820a1360}\offreg.dll
2014-12-10 13:47:30 151 ----a-w- c:\users\alex\appdata\roaming\microsoft\windows\sendto\Ярлык на анализ.bat
2014-12-10 11:00:58 -------- d-----w- C:\Hive
2014-12-08 12:36:40 -------- d-----w- C:\TEST
2014-12-08 10:39:47 -------- d-----w- c:\program files\trend micro
2014-11-28 10:32:22 551 ----a-w- c:\programdata\microsoft\windows\start menu\programs\antihidden\Не открывать проводник после лечения флешки.cmd
2014-11-28 10:32:22 506 ----a-w- c:\programdata\microsoft\windows\start menu\programs\antihidden\Сворачивать окно AntiHidden.cmd
2014-11-28 10:32:22 10970 ----a-w- c:\programdata\microsoft\windows\start menu\programs\antihidden\Удалить AntiHidden.vbs
2014-11-28 10:32:22 -------- d-----w- c:\users\alex\appdata\roaming\AntiHidden
2014-11-26 07:45:40 -------- d-----w- c:\users\alex\1 1
2014-11-24 13:42:31 -------- d-----w- c:\users\alex\2
2014-11-24 13:42:29 -------- d-----w- c:\users\alex\1
2014-11-24 07:54:44 -------- d-----w- c:\windows\ELAMBKUP
2014-11-24 07:54:41 -------- d-----w- c:\program files\Kaspersky Lab
2014-11-24 07:54:33 94304 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-11-13 16:04:36 926 ----a-w- C:\GetHash.cmd
.
==================== Find3M ====================
.
2014-12-10 11:38:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 11:38:13 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-24 08:22:50 25184 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-11-24 08:22:50 144992 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-11-24 08:22:49 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-10-08 06:55:17 0 ----a-w- c:\program files\test.cmd
2014-09-29 07:40:16 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-09-29 06:58:39 1227264 ----a-w- c:\windows\system32\dx8vb.dll
.
============= FINISH: 12:15:19,99 ===============