Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 15:32:25, on 18.05.2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\System32\WTMKM.exe C:\Windows\vsnp2uvc.exe C:\Windows\tsnp2uvc.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\User\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe C:\Program Files\Yandex\Common\elements.exe C:\Users\User\AppData\Local\PriceMeter\pricemeterw.exe C:\Users\User\AppData\Local\PriceMeter\pricemeter.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\TP-LINK\Óòèëèòà íàñòðîéêè áåñïðîâîäíîãî ñîåäèíåíèÿ TP-LINK\TWCU.exe C:\Users\User\AppData\Roaming\Yandex\YandexDisk\YandexDiskStarter.exe C:\Program Files\Yandex\Punto Switcher\punto.exe C:\Users\User\AppData\Local\PriceMeter\pricemeter.exe C:\Users\User\AppData\Local\PriceMeter\pricemeter.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Users\User\AppData\Local\PriceMeter\pricemeter.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Program Files\Opera\20.0.1387.82\opera_crashreporter.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Program Files\Opera\20.0.1387.82\opera.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Users\User\Downloads\HijackThis (2).exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Âèçóàëüíûå çàêëàäêè - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - C:\Program Files\Yandex\FastDial\fastdialHost.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: Shopping Suggestion. - {e7e8ed77-2fba-4ec6-bc07-65de4de6709f} - mscoree.dll (file missing) O3 - Toolbar: Ýëåìåíòû ßíäåêñà - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\Elements\bartabhost.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [SyncManPath] "C:\Users\User\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" -autostart O4 - HKCU\..\Run: [YandexElements] "C:\Program Files\Yandex\Common\elements.exe" /auto O4 - HKCU\..\Run: [PriceMeterW] "C:\Users\User\AppData\Local\PriceMeter\pricemeterw.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe -update plugin O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Punto Switcher.lnk = C:\Program Files\Yandex\Punto Switcher\punto.exe O4 - Global Startup: Óòèëèòà íàñòðîéêè áåñïðîâîäíîãî ñîåäèíåíèÿ TP-LINK.lnk = ? O8 - Extra context menu item: &Ýêñïîðò â Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ñïðàâî÷íûå ìàòåðèàëû - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Mail.Ru Àãåíò - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\User\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU) O9 - Extra 'Tools' menuitem: Mail.Ru Àãåíò - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\User\AppData\Roaming\Mail.Ru\Agent\magent.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\program files\national instruments\shared\mdns responder\nimdnsnsp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~2\VKSaver\vksaver3.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NI Citadel 4 Service (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe O23 - Service: NI PSP Service Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe O23 - Service: NI Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe O23 - Service: NI Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NI License Server (NILM License Manager) - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe O23 - Service: NI Network Discovery (NINetworkDiscovery) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe O23 - Service: NI Service Locator (NiSvcLoc) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\niSvcLoc\nisvcloc.exe O23 - Service: NI System Web Server (NISystemWebServer) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\NI WebServer\SystemWebServer.exe O23 - Service: NI Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\Opcenum.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Update Mega Browse - Unknown owner - C:\Program Files\Mega Browse\updateMegaBrowse.exe O23 - Service: Util Mega Browse - Unknown owner - C:\Program Files\Mega Browse\bin\utilMegaBrowse.exe O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe -- End of file - 9903 bytes