Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:42, on 29.05.2017
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 — HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 — HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://babyuser.net/
R1 — HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 — HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 — HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 — HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 — HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 — HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 — REG:system.ini: UserInit=userinit.exe
O2 — BHO: Groove GFS Browser Helper — {72853161-30C5-4D22-B7F9-0BBC1D38A37E} — C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 — BHO: avast! Online Security — {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} — C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 — HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 — HKLM\..\Run: [StartCCC] «C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe» MSRun
O4 — HKCU\..\Run: [rhuokrdxzc] explorer «hxxp://lonsale.ru/?utm_source=uoua03wmt&utm_content=c9d18e080724fdd15050ecb4eab39cb7&utm_term=D19F68DA55869D6640469CFB41DB9174&utm_d=20170527»
O4 — HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 — HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 — HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 — HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 — Extra button: Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 — Extra ‘Tools’ menuitem: &Отправить в OneNote — {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 — Gopher Prefix:
O18 — Protocol: grooveLocalGWS — {88FED34C-F0CA-4636-A375-3CB6248B04CD} — C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 — Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) — Unknown owner — C:\Windows\System32\alg.exe (file missing)
O23 — Service: AMD FUEL Service — Advanced Micro Devices, Inc. — C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 — Service: aswbIDSAgent — AVAST Software s.r.o. — C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 — Service: Avast Antivirus (avast! Antivirus) — AVAST Software — C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 — Service: Avast Firewall Service (avast! Firewall) — AVAST Software — C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 — Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) — Unknown owner — C:\Windows\System32\lsass.exe (file missing)
O23 — Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) — Unknown owner — C:\Windows\system32\fxssvc.exe (file missing)
O23 — Service: Служба Google Update (gupdate) (gupdate) — Google Inc. — C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 — Service: Служба Google Update (gupdatem) (gupdatem) — Google Inc. — C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 — Service: @keyiso.dll,-100 (KeyIso) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: Mozilla Maintenance Service (MozillaMaintenance) — Mozilla Foundation — C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 — Service: @comres.dll,-2797 (MSDTC) — Unknown owner — C:\Windows\System32\msdtc.exe (file missing)
O23 — Service: Nero BackItUp Scheduler 3 — Nero AG — C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 — Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: NMIndexingService — Nero AG — C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 — Service: NVIDIA Display Driver Service (nvsvc) — Unknown owner — C:\Windows\system32\nvvsvc.exe (file missing)
O23 — Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) — Unknown owner — C:\Windows\system32\locator.exe (file missing)
O23 — Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) — Unknown owner — C:\Windows\System32\snmptrap.exe (file missing)
O23 — Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) — Unknown owner — C:\Windows\System32\spoolsv.exe (file missing)
O23 — Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) — Unknown owner — C:\Windows\system32\sppsvc.exe (file missing)
O23 — Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) — NVIDIA Corporation — C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 — Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) — Unknown owner — C:\Windows\system32\UI0Detect.exe (file missing)
O23 — Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: @%SystemRoot%\system32\vds.exe,-100 (vds) — Unknown owner — C:\Windows\System32\vds.exe (file missing)
O23 — Service: VIA Karaoke digital mixer Service (VIAKaraokeService) — Unknown owner — C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 — Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) — Unknown owner — C:\Windows\system32\vssvc.exe (file missing)
O23 — Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) — Unknown owner — C:\Windows\system32\wbengine.exe (file missing)
O23 — Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) — Unknown owner — C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 — Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) — Unknown owner — C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
—
End of file — 7213 bytes
Запустите HijackThis и выполните сканирование, нажав кнопку Do a system scan only.
Поставьте галочки напротив следующих строк:
O4 — HKCU\..\Run: [rhuokrdxzc] explorer «hxxp://lonsale.ru/?utm_source=uoua03wmt&utm_content=c9d18e080724fdd15050ecb4eab39cb7&utm_term=D19F68DA55869D6640469CFB41DB9174&utm_d=20170527»
Кликните по кнопке Fix checked и подтвердите свои действия, кликнув по кнопке YES.
Проверьте ещё компьютер с помощью следующих программ:
Zemana AntiMalware http://www.spyware-ru.com/download/zemana-antimalware
AdwCleaner http://www.spyware-ru.com/download/adwcleaner
Здравствуйте, проверте мои пожалуйста!!!
R1 — HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 — HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp-006&q={searchTerms}
R0 — HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yandex.ru/?win=346&clid=2254946
R1 — HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 — HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp-006&q={searchTerms}
R0 — HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R0 — HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 — HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 — REG:system.ini: UserInit=userinit.exe
O2 — BHO: MRSearchPlugin — {8E8F97CD-60B5-456F-A201-73065652D099} — C:\Users\user\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
O3 — Toolbar: (no name) — {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} — (no file)
O4 — HKLM\..\Run: [StartCCC] «C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe» MSRun
O4 — HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 — HKCU\..\Run: [Gaijin.Net Agent] «C:\Users\user\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe»
O4 — HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 — HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 — HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 — HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 — Extra context menu item: &Экспорт в Microsoft Excel — res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 — Extra button: TSearch — {03AE1B7B-A9E7-4D5A-9D34-89999C31B659} — (no file)
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O17 — HKLM\System\CCS\Services\Tcpip\..\{0FBD4332-1C59-4880-A8C9-16B17532A9E6}: NameServer = 192.168.1.1,8.8.8.8
O23 — Service: Adobe Acrobat Update Service (AdobeARMservice) — Adobe Systems Incorporated — C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 — Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) — Adobe Systems Incorporated — C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 — Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) — Unknown owner — C:\Windows\System32\alg.exe (file missing)
O23 — Service: AMD External Events Utility — Unknown owner — C:\Windows\system32\atiesrxx.exe (file missing)
O23 — Service: ASUS Com Service (asComSvc) — Unknown owner — C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 — Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) — Unknown owner — C:\Windows\System32\lsass.exe (file missing)
O23 — Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) — Unknown owner — C:\Windows\system32\fxssvc.exe (file missing)
O23 — Service: Служба Google Update (gupdate) (gupdate) — Google Inc. — C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 — Service: Служба Google Update (gupdatem) (gupdatem) — Google Inc. — C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 — Service: Heroes & Generals Service (HnGService) — Unknown owner — C:\GamesMailRu\Heroes & Generals GC\hngservice.exe (file missing)
O23 — Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) — Intel Corporation — C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 — Service: Intel(R) Capability Licensing Service Interface — Intel(R) Corporation — C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 — Service: Intel(R) Capability Licensing Service TCP IP Interface — Intel(R) Corporation — C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 — Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) — Intel Corporation — C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 — Service: @keyiso.dll,-100 (KeyIso) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: Intel(R) Management and Security Application Local Management Service (LMS) — Intel Corporation — C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 — Service: Mozilla Maintenance Service (MozillaMaintenance) — Mozilla Foundation — C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 — Service: @comres.dll,-2797 (MSDTC) — Unknown owner — C:\Windows\System32\msdtc.exe (file missing)
O23 — Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: Origin Client Service — Electronic Arts — F:\Origin\OriginClientService.exe
O23 — Service: Origin Web Helper Service — Electronic Arts — F:\Origin\OriginWebHelperService.exe
O23 — Service: PnkBstrA — Unknown owner — C:\Windows\system32\PnkBstrA.exe
O23 — Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) — Unknown owner — C:\Windows\system32\locator.exe (file missing)
O23 — Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: Skype Updater (SkypeUpdate) — Skype Technologies — C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 — Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) — Unknown owner — C:\Windows\System32\snmptrap.exe (file missing)
O23 — Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) — Unknown owner — C:\Windows\System32\spoolsv.exe (file missing)
O23 — Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) — Unknown owner — C:\Windows\system32\sppsvc.exe (file missing)
O23 — Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) — Unknown owner — C:\Windows\system32\UI0Detect.exe (file missing)
O23 — Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) — Unknown owner — C:\Windows\system32\lsass.exe (file missing)
O23 — Service: @%SystemRoot%\system32\vds.exe,-100 (vds) — Unknown owner — C:\Windows\System32\vds.exe (file missing)
O23 — Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) — Unknown owner — C:\Windows\system32\vssvc.exe (file missing)
O23 — Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) — Unknown owner — C:\Windows\system32\wbengine.exe (file missing)
O23 — Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) — Unknown owner — C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 — Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) — Unknown owner — C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 — Service: Yandex.Browser Update Service (YandexBrowserService) — YANDEX LLC — C:\Program Files (x86)\Yandex\YandexBrowser\18.6.0.2255\service_update.exe