| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spiele und Leistung langsamer als sonstWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.08.2013, 03:18
| #1 |
 |  Spiele und Leistung langsamer als sonst Ich habe jetzt das Problem das meine spiele die ich schon lange spiele jetzt auf einmal laggen und hängen. Deswegen würde ich mich über Hilfe freuen. |
|
23.08.2013, 05:26
| #2 |
| /// the machine /// TB-Ausbilder    | Spiele und Leistung langsamer als sonst hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
23.08.2013, 09:12
| #3 |
| | Spiele und Leistung langsamer als sonst Soll ich jetzt am besten gleich alle logfiles in einer antwort posten oder immer nur 1 nehmen
__________________ |
|
23.08.2013, 10:47
| #4 |
| /// the machine /// TB-Ausbilder | Spiele und Leistung langsamer als sonst Wenn sie in eine passen dann alles in eine, ansonsten aufteilen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.08.2013, 13:03
| #5 |
| | Spiele und Leistung langsamer als sonst FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2013 02
Ran by 1 at 2013-08-23 00:46:02
Running from C:\Users\1\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
µTorrent (x32 Version: 3.1.2)
7-Zip 9.20 (x32)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Download Assistant (x32 Version: 1.0.6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Aeria Ignite (x32 Version: 1.12.2732)
AION Free-To-Play (x32 Version: 2.70.0000)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface (x32)
Alcor Micro USB Card Reader (x32 Version: 1.6.17.25401)
Alice Greenfingers (x32)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328)
AMD Catalyst Install Manager (Version: 8.0.911.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2013.0328.2218.38225)
AMD Media Foundation Decoders (Version: 1.0.80328.2204)
AMD USB Filter Driver (x32 Version: 1.0.15.94)
AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225)
Ashampoo Burning Studio 6 FREE v.6.80 (x32 Version: 6.8.0)
ASUS AI Recovery (x32 Version: 1.0.10)
ASUS AP Bank (x32 Version: 1.0.0.0)
ASUS FancyStart (x32 Version: 1.0.8)
ASUS LifeFrame3 (x32 Version: 3.0.20)
ASUS Live Update (x32 Version: 2.5.9)
ASUS MultiFrame (x32 Version: 1.0.0021)
ASUS Power4Gear Hybrid (Version: 1.1.35)
ASUS SmartLogon (x32 Version: 1.0.0008)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0029)
ASUS Virtual Camera (x32 Version: 1.0.20)
ASUS WebStorage (x32 Version: 2.0.46.1429)
ATK Package (x32 Version: 1.0.0003)
Atlantica (x32 Version: 40505)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Bandisoft MPEG-1 Decoder (x32)
BitRaider Web Client (x32 Version: 1.1.6.3)
Boingo Wi-Fi (x32 Version: 1.7.0048)
BrowserDefender (x32)
Bundled software uninstaller (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)
CCC Help Czech (x32 Version: 2013.0328.2217.38225)
CCC Help Danish (x32 Version: 2013.0328.2217.38225)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225)
CCC Help English (x32 Version: 2013.0328.2217.38225)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225)
CCC Help French (x32 Version: 2013.0328.2217.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
CCC Help Greek (x32 Version: 2013.0328.2217.38225)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)
CCC Help Italian (x32 Version: 2013.0328.2217.38225)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225)
CCC Help Korean (x32 Version: 2013.0328.2217.38225)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)
CCC Help Polish (x32 Version: 2013.0328.2217.38225)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)
CCC Help Russian (x32 Version: 2013.0328.2217.38225)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225)
CCC Help Thai (x32 Version: 2013.0328.2217.38225)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
Chicken Invaders 2 (x32)
Choice Guard (x32 Version: 1.2.87.0)
ControlDeck (x32 Version: 1.0.8)
Crysis® 2 (x32 Version: 1.0.0.0)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink Power2Go (x32 Version: 6.1.3602c)
DAEMON Tools Toolbar (x32 Version: 1.1.3.0244)
DBO_CT_TW (x32 Version: 1.57.22)
DDS Thumbnail Viewer (x32 Version: 1.00.000)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DivineSouls (Version: 3.05.001.001.001)
dows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500) (Version: 06/11/2009 6.2.0.9500)
Dragonica Version TEST (x32 Version: TEST)
Dream Day Wedding Married in Manhattan (x32)
ETDWare PS/2-x64 7.0.5.13_WHQL (Version: 7.0.5.13)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fast Boot (Version: 1.0.5)
FlyLinkDC2009 500 (x32)
Free Studio version 2013 (x32 Version: 6.1.10.812)
Free YouTube to MP3 Converter version 3.11.34.1015 (x32 Version: 3.11.34.1015)
Game Park Console (x32 Version: 6.2.0.2)
GDMO (x32)
GKLauncher (x32 Version: 1.1.0.3)
Google Chrome (x32 Version: 29.0.1547.57)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32)
Google Update Helper (x32 Version: 1.3.21.153)
GrandFantasia-DE (x32)
ICQ Sparberater (x32 Version: 1.3.671)
ICQ7M (x32 Version: 7.8)
IrfanView (remove only) (x32 Version: 4.35)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 14.0.8050.1202)
K_Series_ScreenSaver_EN (x32)
Kalydo Player 4.11.01 (HKCU Version: 4.11.01)
League of Legends (x32 Version: 1.3)
Loong (x32 Version: 1.3.3.14)
Lunia (x32)
Mabinogi (x32)
Martial Empires DE (x32 Version: 1.00.0000)
Marvel Heroes (x32 Version: 1.10.0.83)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft AppLocale (x32 Version: 1.0.0)
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Ukrainian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 32-bit MUI (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (Russian) 2010 (Version: 14.0.7015.1000)
Microsoft Office профессиональный плюс 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Windows Application Compatibility Database
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Maintenance Service (x32 Version: 18.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
Mu (x32 Version: 0.68)
Nexon Game Manager (x32)
NVIDIA PhysX (x32 Version: 9.12.1031)
OGPlanet Game Launcher (x32 Version: 1.0.0)
Onigiri_JP (x32 Version: 1.00.0000)
OpenAL (x32)
Overwolf (x32 Version: 0.40.228)
Pando Media Booster (x32 Version: 2.6.0.8)
Path of Exile (x32 Version: 0.10.0.22571)
Piggly FREE (x32)
Pinnacle Game Profiler (x32 Version: 5.0.0)
PockiePirateHelper (x32 Version: 54)
Pokémon Trading Card Game Online (x32 Version: 1.0.0)
Pokemon World Online version 1.83 (x32 Version: 1.83)
Project64 1.6 (x32 Version: 1.6)
Ragnarök Online (x32 Version: 13.3)
Ragnarok Online2 (x32 Version: 2.00.0000)
Ragnarok_Europe (x32 Version: 13.3)
RaiderZ (x32 Version: 1.00.0000)
Razer Abyssus (x32 Version: 2.00)
Razer Game Booster (x32 Version: 3.7)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6176)
RemnantKnights (HKCU Version: 0.01.02.91)
RequiemFacebook (HKCU Version: 0.00.01.83)
Return of Warrior (x32 Version: 1.0.1.0)
RGSS-RTP Standard (x32 Version: 1.04)
RPG Maker VX RTP (x32 Version: 1.02)
RPGƒcƒN[ƒ‹VX RTP (x32 Version: 1.00)
RPGXP (x32 Version: 1.0.0)
S4 League_EU (x32 Version: 1.00.0000)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Shin Megami Tensei Imagine (x32 Version: 1.678)
Skype™ 6.6 (x32 Version: 6.6.106)
SlimDX Redistributable (March 2009) (x32 Version: 2.0.7.41)
Smileyville FREE (x32)
Spiral Knights (x32)
SRS Premium Sound Control Panel (Version: 1.8.7700)
Steam (x32 Version: 1.0.0.0)
syncables desktop SE (x32 Version: 5.5.615.9518)
TeamSpeak 3 Client (x32 Version: 3.0.10.1)
The Sims™ 3 (x32 Version: 1.26.89)
The Sims™ 3 Питомцы (x32 Version: 10.0.96)
Torchlight II (x32)
Trend Micro Internet Security (Version: 17.50)
TSR Workshop (x32 Version: 1.0.14)
Uninstall TrianglePlayer (x32 Version: 2012)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
USB 2.0 VGA UVC WebCam
Vindictus EU (x32)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Warhammer 40,000 Dawn of War II - Chaos Rising (x32)
WEBZEN Browser Extension (x32 Version: 1.01.020)
WIDCOMM Bluetooth Software (Version: 6.2.5.500)
Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0)
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (Version: 07/17/2009 6.2.0.9403)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (Version: 07/29/2009 6.1.7100.0)
Windows Live Communications Platform (x32 Version: 14.0.8050.1202)
Windows Live Messenger (x32 Version: 14.0.8050.1202)
Windows Live Sync (x32 Version: 14.0.8050.1202)
Windows Live Writer (x32 Version: 14.0.8050.1202)
WinDS PRO 2013.9 (Version: 2013.9.00.0)
WinDS PRO Apps 1.6.1 (Version: 1.6.1.0)
WinFlash (x32 Version: 2.30.3)
WinRAR 4.11 (64-Bit) (Version: 4.11.0)
Wireless Console 3 (x32 Version: 3.0.17)
Yu-Gi-Oh! ONLINE 3 (x32 Version: 1.00.5000)
Архиватор WinRAR (x32)
Коннект Менеджер (x32 Version: 1.0.0.1)
Основные компоненты Windows Live (x32 Version: 14.0.8050.1202)
Помощник по входу в Windows Live (x32 Version: 5.000.818.6)
Почта Windows Live (x32 Version: 14.0.8050.1202)
Семейная безопасность Windows Live (Version: 14.0.8052.1208)
Средство передачи Windows Live (x32 Version: 14.0.8014.1029)
Фотоальбом Windows Live (x32 Version: 14.0.8051.1204)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2012-04-03 21:30 - 00000161 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 vamosmt2.org
127.0.0.1 dinasty-online.fr
127.0.0.1 h1n1game.fr
127.0.0.1 h1n1game.net
127.0.0.1 h1n1game.com
127.0.0.1 x
==================== Scheduled Tasks (whitelisted) =============
Task: {14571037-48F4-4CFF-B816-39A065513249} - System32\Tasks\{D59D638B-9D42-4918-A6C0-642A902DCF34} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {14D53E82-1CF4-4294-8BF7-2EB61D1AE49F} - System32\Tasks\{7ACB6725-58D3-4FBA-9CCF-3B55F741F3E7} => c:\program files (x86)\mozilla firefox\firefox.exe No File
Task: {14F57633-D35F-438D-B2CC-339E9074ABB3} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe No File
Task: {1B772F46-7C77-4081-A0A3-1195D7A81860} - System32\Tasks\{E4B6E313-B77E-434A-AD09-4F5666F2756F} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {1B97F3EB-AB98-487E-8973-1422FCFD0433} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {230E9C70-835C-49E3-B2A5-4CCE8ADBFA81} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-06-09] (asus)
Task: {236C61C1-A6C3-4E19-8225-5B7968586A71} - System32\Tasks\User_Feed_Synchronization-{FDF1D46B-CA44-405F-8514-57C73810FC94} => C:\Windows\system32\msfeedssync.exe [2013-06-20] (Microsoft Corporation)
Task: {2B25A76E-4D68-48A4-9B09-E47417B6540C} - System32\Tasks\{0BD25ECA-65E8-4709-BF42-CC00C46D130B} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {2DC5CD7E-73F0-4A9D-A7D6-432A05D00CCC} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2013-06-05] ()
Task: {36809738-84C3-4957-B00E-CE4D75D6A1B5} - System32\Tasks\BrowserProtect => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {45C8FAEF-1BB3-4BBD-99A4-C924241C055C} - System32\Tasks\Dealply => C:\Users\1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No File
Task: {4FB50C40-43D1-4512-868D-E3AC06B829AE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA => C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {52EB8AB7-FB92-4E13-B1C4-3C7F79F3CE99} - System32\Tasks\RunAsStdUser Task => C:\Users\1\AppData\Local\teeveewatchSA\bin\1.0.8.0\TeeveeWatchSA.exe No File
Task: {547BF65C-7320-4FAF-9673-42F732355771} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {5B2E5278-B516-4CDA-806A-602BDCAF4BA6} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {5E9E955E-507D-42C8-A451-FE8D0123E51A} - System32\Tasks\{0E404638-AF26-4BCE-B999-718C639245A4} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {6266B304-28BA-4AAD-8BBC-6A7848991A9B} - System32\Tasks\{E3171ABA-32BF-46E2-A947-8B15BB41F9F6} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {680D415A-BA1F-4401-A910-149A27ACC7C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07] (Google Inc.)
Task: {6B0DDC62-531B-4CEA-A531-EEFF86FC2CE3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07] (Google Inc.)
Task: {9A7DAEE7-FF38-4B58-BBFA-A72E99D725AD} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {9BAAAEB6-51B1-4C67-8AA9-A303AFBBE769} - System32\Tasks\{34B82CD7-8C78-4D78-BC63-2F74995ED776} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {A6BF1449-7969-4882-A47E-F18A4272B6E5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core => C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\System32\aitagent.exe [2010-11-20] (Корпорация Майкрософт (Microsoft Corp.))
Task: {B6BB981A-3C67-43F2-B4B9-824837D9E028} - System32\Tasks\{81FED1E2-90CD-4E9F-A734-599C249B4FAF} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {B7F41285-DE5A-4E18-A225-0A45B01C36AE} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {BD6C0054-C30E-4AC8-BA13-487DF24EB2D8} - System32\Tasks\{3D6B78ED-9E4D-4821-AE07-9108BF4DD3D2} => C:\PlayPark\RO2\RO2Client.exe No File
Task: {BD97A8BD-69B1-49A2-8B26-04E6BC40A5AF} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {C06944C3-57EE-4F41-AE86-F272762C528B} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {D079F4A4-4424-4318-9ED8-8D13F68DA197} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-04-08] (ATK)
Task: {DD37D8FE-B760-44E8-9BB0-D846A77F22CC} - System32\Tasks\{1CB86C9B-CCCF-4235-9E09-49F952C70CE9} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {E10C9ED5-CB1A-487F-B914-5C8A10DCEF85} - System32\Tasks\{983EC493-D2BD-48DC-A0C8-D4641233522D} => c:\program files (x86)\google\chrome\application\chrome.exe [2013-08-16] (Google Inc.)
Task: {EEF92587-FF77-4C8D-AF74-3B828FD6BEF5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {EF6C3C50-31C5-4DE4-BDB5-BD433710D61F} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {F87659F9-E9B3-4EBE-875D-AE93FB36119C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core.job => C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA.job => C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/23/2013 00:21:00 AM) (Source: Application Error) (User: )
Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c
Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710
Код исключения: 0xc0000005
Смещение ошибки: 0x0002e243
Идентификатор сбойного процесса: 0x109c
Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0
Путь сбойного приложения: FlashPlayerUpdateService.exe1
Путь сбойного модуля: FlashPlayerUpdateService.exe2
Код отчета: FlashPlayerUpdateService.exe3
Error: (08/22/2013 11:21:01 PM) (Source: Application Error) (User: )
Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c
Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710
Код исключения: 0xc0000005
Смещение ошибки: 0x0002e243
Идентификатор сбойного процесса: 0x141c
Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0
Путь сбойного приложения: FlashPlayerUpdateService.exe1
Путь сбойного модуля: FlashPlayerUpdateService.exe2
Код отчета: FlashPlayerUpdateService.exe3
Error: (08/22/2013 10:21:16 PM) (Source: Application Error) (User: )
Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c
Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710
Код исключения: 0xc0000005
Смещение ошибки: 0x0002e243
Идентификатор сбойного процесса: 0x1638
Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0
Путь сбойного приложения: FlashPlayerUpdateService.exe1
Путь сбойного модуля: FlashPlayerUpdateService.exe2
Код отчета: FlashPlayerUpdateService.exe3
Error: (08/22/2013 10:01:40 PM) (Source: MsiInstaller) (User: 1-ПК)
Description: Product: Boingo Wi-Fi -- Error 1706. An installation package for the product Boingo Wi-Fi cannot be found. Try the installation again using a valid copy of the installation package 'clientlite_all.msi'.
Error: (08/22/2013 01:21:00 PM) (Source: Application Error) (User: )
Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c
Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710
Код исключения: 0xc0000005
Смещение ошибки: 0x0002e243
Идентификатор сбойного процесса: 0x2514
Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0
Путь сбойного приложения: FlashPlayerUpdateService.exe1
Путь сбойного модуля: FlashPlayerUpdateService.exe2
Код отчета: FlashPlayerUpdateService.exe3
Error: (08/22/2013 00:21:01 PM) (Source: Application Error) (User: )
Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c
Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710
Код исключения: 0xc0000005
Смещение ошибки: 0x0002e243
Идентификатор сбойного процесса: 0x2398
Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0
Путь сбойного приложения: FlashPlayerUpdateService.exe1
Путь сбойного модуля: FlashPlayerUpdateService.exe2
Код отчета: FlashPlayerUpdateService.exe3
Error: (08/22/2013 11:21:01 AM) (Source: Application Error) (User: )
Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c
Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710
Код исключения: 0xc0000005
Смещение ошибки: 0x0002e243
Идентификатор сбойного процесса: 0x1d34
Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0
Путь сбойного приложения: FlashPlayerUpdateService.exe1
Путь сбойного модуля: FlashPlayerUpdateService.exe2
Код отчета: FlashPlayerUpdateService.exe3
Error: (08/22/2013 10:21:01 AM) (Source: Application Error) (User: )
Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c
Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710
Код исключения: 0xc0000005
Смещение ошибки: 0x0002e243
Идентификатор сбойного процесса: 0x19ac
Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0
Путь сбойного приложения: FlashPlayerUpdateService.exe1
Путь сбойного модуля: FlashPlayerUpdateService.exe2
Код отчета: FlashPlayerUpdateService.exe3
Error: (08/22/2013 09:21:01 AM) (Source: Application Error) (User: )
Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c
Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710
Код исключения: 0xc0000005
Смещение ошибки: 0x0002e243
Идентификатор сбойного процесса: 0xd6c
Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0
Путь сбойного приложения: FlashPlayerUpdateService.exe1
Путь сбойного модуля: FlashPlayerUpdateService.exe2
Код отчета: FlashPlayerUpdateService.exe3
Error: (08/22/2013 08:21:01 AM) (Source: Application Error) (User: )
Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c
Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710
Код исключения: 0xc0000005
Смещение ошибки: 0x0002e243
Идентификатор сбойного процесса: 0x22cc
Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0
Путь сбойного приложения: FlashPlayerUpdateService.exe1
Путь сбойного модуля: FlashPlayerUpdateService.exe2
Код отчета: FlashPlayerUpdateService.exe3
System errors:
=============
Error: (08/23/2013 00:38:49 AM) (Source: volsnap) (User: )
Description: Теневые копии тома C: удалены из-за невозможности увеличения хранилища теневых копий. Уменьшите загрузку ввода-вывода для системы или выберите другой том для хранилища теневых копий, который не подлежит теневому копированию.
Error: (08/22/2013 10:40:17 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000047, 0xfffff800036bb7fc, 0xfffffa8006cd7030, 0x0000000000000001)C:\Windows\MEMORY.DMP082213-74927-01
Error: (08/22/2013 10:39:24 PM) (Source: EventLog) (User: )
Description: Предыдущее завершение работы системы в 22:37:50 на 22.08.2013 было неожиданным.
Error: (08/20/2013 08:24:30 PM) (Source: volsnap) (User: )
Description: Теневая копия тома C: прервана, поскольку не удалось увеличить хранилище теневых копий.
Error: (08/19/2013 09:27:43 PM) (Source: Service Control Manager) (User: )
Description: Служба "AFBAgent" неожиданно прервана. Это произошло (раз): 1.
Error: (08/18/2013 06:46:51 PM) (Source: BROWSER) (User: )
Description: Слишком много неудачных попыток службы браузера сети загрузить резервный список с помощью транспорта \Device\NetBT_Tcpip_{1E860CDA-0E83-4D33-9CF2-1F149445DE52}.
Резервный браузер сети остановлен.
Error: (08/18/2013 06:41:49 PM) (Source: BugCheck) (User: )
Description: 0x000000c2 (0x0000000000000007, 0x000000000000109b, 0x0000000000000000, 0xfffffa80062c0bc0)C:\Windows\MEMORY.DMP081813-51854-01
Error: (08/18/2013 06:41:14 PM) (Source: EventLog) (User: )
Description: Предыдущее завершение работы системы в 18:26:35 на 18.08.2013 было неожиданным.
Error: (08/18/2013 04:49:47 PM) (Source: Service Control Manager) (User: )
Description: Служба "AFBAgent" неожиданно прервана. Это произошло (раз): 1.
Error: (08/18/2013 04:44:51 PM) (Source: EventLog) (User: )
Description: Предыдущее завершение работы системы в 01:50:55 на 18.08.2013 было неожиданным.
Microsoft Office Sessions:
=========================
Error: (08/23/2013 00:21:00 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e243109c01ce9f85e15a13b2C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll1f9386fb-0b79-11e3-8c93-74f06da91ee2
Error: (08/22/2013 11:21:01 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e243141c01ce9f7d7f93244aC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dllbe4ee8db-0b70-11e3-8c93-74f06da91ee2
Error: (08/22/2013 10:21:16 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e243163801ce9f751dcc8cf4C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll6569db00-0b68-11e3-b75a-74f06da91ee2
Error: (08/22/2013 10:01:40 PM) (Source: MsiInstaller)(User: 1-ПК)
Description: Product: Boingo Wi-Fi -- Error 1706. An installation package for the product Boingo Wi-Fi cannot be found. Try the installation again using a valid copy of the installation package 'clientlite_all.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/22/2013 01:21:00 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e243251401ce9f29ade3e531C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dllebe30dbf-0b1c-11e3-9247-20cf306b066d
Error: (08/22/2013 00:21:01 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e243239801ce9f214c1e4842C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll8abe952d-0b14-11e3-9247-20cf306b066d
Error: (08/22/2013 11:21:01 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e2431d3401ce9f18ea58e5ddC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll28e36085-0b0c-11e3-9247-20cf306b066d
Error: (08/22/2013 10:21:01 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e24319ac01ce9f108895e108C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dllc745495b-0b03-11e3-9247-20cf306b066d
Error: (08/22/2013 09:21:01 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e243d6c01ce9f0826d1558dC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll655b5b04-0afb-11e3-9247-20cf306b066d
Error: (08/22/2013 08:21:01 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e24322cc01ce9effc51e7d94C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll03b1aaee-0af3-11e3-9247-20cf306b066d
CodeIntegrity Errors:
===================================
Date: 2013-05-08 18:09:42.472
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\1\Downloads\32Bit Injector\Injector.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-05-08 18:09:42.218
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\1\Downloads\32Bit Injector\Injector.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-26 10:07:27.100
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\1\Downloads\32Bit Injector\Injector.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-26 10:07:26.931
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\1\Downloads\32Bit Injector\Injector.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-08-02 15:40:15.436
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\ncvet.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-08-02 15:40:15.337
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\ncvet.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-08-02 15:40:10.152
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\ncvet.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-08-02 15:40:09.982
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\ncvet.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-08-02 15:40:04.737
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\ncvet.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-08-02 15:40:04.567
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\ncvet.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 6141.82 MB
Available physical RAM: 3989.79 MB
Total Pagefile: 12281.82 MB
Available Pagefile: 9860.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:12.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:326.08 GB) NTFS
Drive f: (SDATA1) (Fixed) (Total:232.87 GB) (Free:232.78 GB) NTFS
Drive g: (SDATA2) (Fixed) (Total:232.89 GB) (Free:232.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=20 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=330 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 466 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:37 on 23/08/2013 (1)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by 1 (administrator) on 23-08-2013 00:44:47
Running from C:\Users\1\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Russian
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Akamai Technologies, Inc.) C:\Users\1\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Akamai Technologies, Inc.) C:\Users\1\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
() C:\Program Files (x86)\Razer\Abyssus\razerhid.exe
() C:\Program Files (x86)\Razer\Abyssus\razertra.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Abyssus\razerofa.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKCU\...\Run: [NevoDRM] - C:\Игры\NevoDRM\NevoDRM.exe [41984 2008-12-11] ()
HKCU\...\Run: [Facebook Update] - C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [x]
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2013-01-25] (BitTorrent, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-04] ()
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [autodetect] - C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe [129872 2010-03-02] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Abyssus] - C:\Program Files (x86)\Razer\Abyssus\razerhid.exe [223744 2010-05-10] ()
HKLM-x32\...\Run: [Aeria Ignite] - "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Гость\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKU\Гость\...\Run: [NevoDRM] - C:\Игры\NevoDRM\NevoDRM.exe [41984 2008-12-11] ()
HKU\Гость\...\Run: [Facebook Update] - C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Гость\...\Run: [Akamai NetSession Interface] - C:\Users\1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\Гость\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2013-01-25] (BitTorrent, Inc.)
HKU\Гость\...\Run: [RavenBleuSA] - "C:\Users\1\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe" [x]
HKU\Гость\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [x]
HKU\Гость\...\Run: [Vidalia] - "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [x]
HKU\Гость\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent [x]
HKU\Гость\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
HKU\Гость\...\Run: [ICQ] - ~"C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4 [x]
HKU\Гость\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKU\Гость\...\Run: [teeveewatchSA] - "C:\Users\1\AppData\Local\teeveewatchSA\bin\1.0.8.0\teeveewatchSA.exe" [x]
AppInit_DLLs-x32: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll [2691536 2013-07-26] ()
Startup: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PockiePirateHelper.lnk
ShortcutTarget: PockiePirateHelper.lnk -> C:\Program Files (x86)\PockiePirateHelper\PockiePirateHelper.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=261D6A5D6006E567&affID=119357&tsp=4961
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=261D6A5D6006E567&affID=119357&tsp=4961
URLSearchHook: (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
URLSearchHook: (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=261D6A5D6006E567&affID=119357&tsp=4961
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Помощник по входу в Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default
FF user.js: detected! => C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\user.js
FF NetworkProxy: "no_proxies_on", "127.0.0.1"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 1
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Webzen.com/NPBrowserExt - C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\1\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @TrianglePlayer - C:\Users\1\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\searchplugins\babylon.xml
FF Extension: onlinehdtv - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\onlinehdtv@onlinehd.tv.xpi
FF Extension: No Name - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
Chrome:
=======
CHR Extension: (AdBlock) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0
CHR Extension: (Google Wallet Service) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd10.crx
CHR HKLM-x32\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\1\AppData\Roaming\OpenCandy\7D61C82A258F4B18ABCBD544CBB446B0\smileyswelovetoolbar.crx
CHR HKLM-x32\...\Chrome\Extension: [mphpbdjcljebbcnfopfngmfdackbbdgf] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [nmpllndkedbnmonoomepeeglghdelffo] - C:\Program Files (x86)\icq\Chrome\icq-1.3.671.crx
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] ()
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-09] (BitRaider, LLC)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4662936 2012-02-27] (INCA Internet Co., Ltd.)
S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.)
S2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [661600 2012-11-19] (Wellbia.com Co., Ltd.)
S2 Guard.Mail.ru; "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" [x]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [x]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [x]
==================== Drivers (Whitelisted) ====================
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Корпорация Майкрософт)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-02-26] (Duplex Secure Ltd.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Корпорация Майкрософт)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
U3 AppMgmt;
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [x]
U2 CscService;
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 ncvet.dll; \??\C:\Windows\Temp\ncvet.dll [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
U3 PeerDistSvc;
U3 tmlwf;
U3 tmwfp;
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 X6va005; \??\C:\Users\1\AppData\Local\Temp\005C0D5.tmp [x]
S3 X6va006; \??\C:\Users\1\AppData\Local\Temp\006C740.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-23 00:39 - 2013-08-23 00:39 - 00003438 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-23 00:37 - 2013-08-23 00:37 - 00000574 _____ C:\Users\1\Desktop\defogger_disable.log
2013-08-23 00:37 - 2013-08-23 00:37 - 00000020 _____ C:\Users\1\defogger_reenable
2013-08-23 00:36 - 2013-08-23 00:36 - 01576476 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-08-23 00:36 - 2013-08-23 00:36 - 01576476 _____ (Farbar) C:\Users\1\Desktop\FRST64.exe
2013-08-23 00:36 - 2013-08-23 00:26 - 00377856 _____ C:\Users\1\Desktop\gmer_2.1.19163.exe
2013-08-23 00:36 - 2013-08-23 00:26 - 00050477 _____ C:\Users\1\Desktop\Defogger.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-08-23 00:10 - 2013-08-23 00:10 - 00000745 _____ C:\Users\Public\Desktop\DivineSouls.lnk
2013-08-23 00:04 - 2013-08-23 00:04 - 00000000 ____D C:\mmoTM
2013-08-22 23:08 - 2013-08-22 23:37 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-19 01:13 - 2013-08-19 01:29 - 1130116244 _____ C:\Users\1\Documents\[NAKA] Mushibugyo - Episode 15 Ger Sub [1080p].mp4
2013-08-18 22:22 - 2013-08-23 00:43 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-08-18 20:41 - 2013-08-18 20:41 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
2013-08-15 21:28 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 21:28 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 21:28 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 21:28 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 21:28 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 21:28 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 21:28 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 21:28 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 21:27 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 21:27 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 21:27 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 21:27 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 21:27 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 21:27 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 21:27 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 21:27 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 21:27 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 21:27 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 20:19 - 2013-08-15 20:19 - 00000000 ____D C:\Users\1\AppData\Local\eclipse
2013-08-15 19:27 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 19:27 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 19:27 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 19:27 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 19:27 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 19:27 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 19:27 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 19:27 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 19:27 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 19:27 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 19:27 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 19:27 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 19:27 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 19:27 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 19:27 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 19:27 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 19:27 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 19:27 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 19:27 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 19:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 19:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-06 21:46 - 2013-08-06 21:47 - 00000000 ____D C:\Users\Все пользователи\InstallMate
2013-08-06 21:46 - 2013-08-06 21:47 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\Users\Все пользователи\StarApp
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\ProgramData\StarApp
2013-08-01 20:42 - 2013-08-01 21:13 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-01 20:42 - 2013-08-01 20:42 - 00000000 ____D C:\Users\Все пользователи\BrowserDefender
2013-08-01 20:42 - 2013-08-01 20:42 - 00000000 ____D C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-01 20:42 - 2013-08-01 20:42 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-01 20:41 - 2013-08-01 20:41 - 00000000 ____D C:\Users\Все пользователи\Babylon
2013-08-01 20:41 - 2013-08-01 20:41 - 00000000 ____D C:\Users\1\AppData\Roaming\Babylon
2013-08-01 20:41 - 2013-08-01 20:41 - 00000000 ____D C:\ProgramData\Babylon
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\Users\Все пользователи\RELOADED
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\ProgramData\RELOADED
2013-07-26 09:10 - 2013-07-26 09:10 - 00000000 ____D C:\Users\1\AppData\Roaming\library_dir
2013-07-26 09:04 - 2013-07-26 09:04 - 00000000 ____D C:\Windyzone
==================== One Month Modified Files and Folders =======
2013-08-23 00:44 - 2013-08-23 00:44 - 00000000 ____D C:\FRST
2013-08-23 00:43 - 2013-08-18 22:22 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-08-23 00:42 - 2012-02-19 13:55 - 00000000 ____D C:\Users\1\AppData\Roaming\Skype
2013-08-23 00:42 - 2012-02-16 14:46 - 00000000 ____D C:\Users\1\AppData\Roaming\uTorrent
2013-08-23 00:42 - 2012-01-16 18:22 - 00000161 _____ C:\Windows\system32\Drivers\etc\tmvsthfud.bin
2013-08-23 00:42 - 2010-10-04 21:26 - 00000161 _____ C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2013-08-23 00:41 - 2013-06-22 12:22 - 00015670 _____ C:\autoupdate.log
2013-08-23 00:40 - 2012-10-07 13:26 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-23 00:39 - 2013-08-23 00:39 - 00003438 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-08-23 00:39 - 2013-05-19 09:20 - 00011226 _____ C:\Windows\setupact.log
2013-08-23 00:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 00:37 - 2013-08-23 00:37 - 00000574 _____ C:\Users\1\Desktop\defogger_disable.log
2013-08-23 00:37 - 2013-08-23 00:37 - 00000020 _____ C:\Users\1\defogger_reenable
2013-08-23 00:37 - 2013-05-19 09:23 - 01580525 _____ C:\Windows\WindowsUpdate.log
2013-08-23 00:37 - 2011-02-25 15:25 - 00000000 ____D C:\Users\1
2013-08-23 00:36 - 2013-08-23 00:36 - 01576476 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-08-23 00:36 - 2013-08-23 00:36 - 01576476 _____ (Farbar) C:\Users\1\Desktop\FRST64.exe
2013-08-23 00:26 - 2013-08-23 00:36 - 00377856 _____ C:\Users\1\Desktop\gmer_2.1.19163.exe
2013-08-23 00:26 - 2013-08-23 00:36 - 00050477 _____ C:\Users\1\Desktop\Defogger.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-08-23 00:21 - 2012-04-29 01:16 - 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-23 00:10 - 2013-08-23 00:10 - 00000745 _____ C:\Users\Public\Desktop\DivineSouls.lnk
2013-08-23 00:04 - 2013-08-23 00:04 - 00000000 ____D C:\mmoTM
2013-08-22 23:58 - 2012-10-07 13:26 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-22 23:37 - 2013-08-22 23:08 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 23:26 - 2013-06-12 17:47 - 00000000 ____D C:\Users\1\Desktop\Dragon Nest Europe
2013-08-22 22:49 - 2013-04-20 19:53 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-22 22:48 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 22:48 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-22 22:42 - 2011-02-25 15:25 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-22 22:40 - 2011-02-28 11:15 - 00000000 ____D C:\Windows\Minidump
2013-08-22 22:39 - 2013-05-20 09:32 - 00535706 _____ C:\Windows\PFRO.log
2013-08-22 22:32 - 2011-12-30 01:12 - 00001122 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA.job
2013-08-22 10:00 - 2013-06-11 00:31 - 00000000 ____D C:\Users\1\Desktop\Mods
2013-08-22 01:31 - 2011-12-30 01:12 - 00001100 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core.job
2013-08-21 21:39 - 2013-06-06 23:45 - 00000000 ____D C:\Users\1\AppData\Roaming\vlc
2013-08-20 06:37 - 2009-07-14 07:13 - 01650206 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-20 06:37 - 2009-07-13 17:17 - 00717442 _____ C:\Windows\system32\perfh019.dat
2013-08-20 06:37 - 2009-07-13 17:17 - 00150260 _____ C:\Windows\system32\perfc019.dat
2013-08-19 01:29 - 2013-08-19 01:13 - 1130116244 _____ C:\Users\1\Documents\[NAKA] Mushibugyo - Episode 15 Ger Sub [1080p].mp4
2013-08-18 22:21 - 2012-02-10 19:02 - 00000000 ____D C:\Users\1\AppData\Roaming\DVDVideoSoft
2013-08-18 20:42 - 2012-02-10 19:01 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-08-18 20:41 - 2013-08-18 20:41 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
2013-08-17 22:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-16 20:28 - 2011-11-27 18:49 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-16 20:27 - 2013-07-16 01:39 - 00002115 _____ C:\Users\Public\Desktop\WinDS PRO.lnk
2013-08-16 20:27 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-16 20:27 - 2011-03-12 13:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-08-16 20:27 - 2011-03-12 13:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-08-15 21:21 - 2013-07-13 22:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 21:17 - 2011-12-27 18:28 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 20:19 - 2013-08-15 20:19 - 00000000 ____D C:\Users\1\AppData\Local\eclipse
2013-08-15 19:41 - 2012-04-14 23:39 - 00000994 _____ C:\Users\Гость\Desktop\Wakfu.lnk
2013-08-11 21:16 - 2013-07-16 01:50 - 00000000 ____D C:\Users\1\Desktop\Rom
2013-08-06 21:47 - 2013-08-06 21:46 - 00000000 ____D C:\Users\Все пользователи\InstallMate
2013-08-06 21:47 - 2013-08-06 21:46 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\Users\Все пользователи\StarApp
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\ProgramData\StarApp
2013-08-06 20:57 - 2013-05-20 10:20 - 00002049 _____ C:\Windows\TMFilter.log
2013-08-06 17:09 - 2011-03-12 15:17 - 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2013-08-06 17:09 - 2011-03-12 15:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-04 22:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-08-01 22:22 - 2010-10-04 21:41 - 00001522 _____ C:\Windows\system32\ServiceFilter.ini
2013-08-01 21:13 - 2013-08-01 20:42 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-01 20:42 - 2013-08-01 20:42 - 00000000 ____D C:\Users\Все пользователи\BrowserDefender
2013-08-01 20:42 - 2013-08-01 20:42 - 00000000 ____D C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-01 20:42 - 2013-08-01 20:42 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-01 20:41 - 2013-08-01 20:41 - 00000000 ____D C:\Users\Все пользователи\Babylon
2013-08-01 20:41 - 2013-08-01 20:41 - 00000000 ____D C:\Users\1\AppData\Roaming\Babylon
2013-08-01 20:41 - 2013-08-01 20:41 - 00000000 ____D C:\ProgramData\Babylon
2013-08-01 01:47 - 2013-04-20 20:44 - 00000000 ____D C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\Users\Все пользователи\RELOADED
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\ProgramData\RELOADED
2013-07-30 17:28 - 2009-07-14 04:34 - 00000500 _____ C:\Windows\win.ini
2013-07-29 01:50 - 2013-01-30 20:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-29 01:50 - 2012-08-29 22:18 - 00000000 ____D C:\Users\Все пользователи\Skype
2013-07-29 01:50 - 2012-08-29 22:18 - 00000000 ____D C:\ProgramData\Skype
2013-07-27 15:25 - 2013-04-20 21:35 - 00000000 ____D C:\Users\1\Documents\my games
2013-07-26 09:10 - 2013-07-26 09:10 - 00000000 ____D C:\Users\1\AppData\Roaming\library_dir
2013-07-26 09:07 - 2013-06-01 09:48 - 00056972 _____ C:\Windows\DirectX.log
2013-07-26 09:04 - 2013-07-26 09:04 - 00000000 ____D C:\Windyzone
2013-07-26 08:51 - 2010-10-04 21:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-26 08:48 - 2011-04-09 13:47 - 00000000 ____D C:\Users\1\Tracing
2013-07-26 07:13 - 2013-08-15 21:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:13 - 2013-08-15 21:27 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 21:27 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 07:12 - 2013-08-15 21:27 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 21:27 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 21:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:35 - 2013-08-15 21:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 21:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 21:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 21:27 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 21:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 21:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 05:11 - 2013-08-15 21:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 04:49 - 2013-08-15 21:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 21:28 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 21:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-15 19:27 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 19:27 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-24 21:40 - 2012-03-17 07:48 - 00000000 ____D C:\Download
2013-07-24 21:36 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-24 19:33 - 2013-04-14 16:33 - 00000000 ____D C:\Allm
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Все пользователи\hash.dat
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-19 04:41
==================== End Of Log ============================
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-23 04:11:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006d ST950032 rev.0003 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\1\AppData\Local\Temp\fxldqpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800037f3000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 610 fffff800037f3042 4 bytes [00, 00, 00, 00]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000173e00 7 bytes [00, A3, F3, FF, 01, AF, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000173e08 3 bytes [C0, 06, 02]
---- User code sections - GMER 2.1 ----
.text C:\Users\1\Desktop\gmer_2.1.19163.exe[3592] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076c6cfca 5 bytes JMP 0000000175124760
.text C:\Users\1\Desktop\gmer_2.1.19163.exe[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075e41465 2 bytes [E4, 75]
.text C:\Users\1\Desktop\gmer_2.1.19163.exe[3592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075e414bb 2 bytes [E4, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1036:1152] 000007fefb2d8274
Thread C:\Windows\system32\svchost.exe [1036:2548] 000007fefb2d8274
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@#\4A\4B\4@\4>\49\4A\4B\0042\4>\4 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0?\4@\4>\4B\4>\4:\4>\4;\4 \0R\0F\0C\0O\0M\0M\0 \0T\0D\0I\0) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@#\4A\4B\4@\4>\49\4A\4B\0042\0040\4 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0;\48\4G\4=\4>\49\4 \0A\0045\4B\48\4) 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\20\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0006\0t\0o\0004 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@"\4C\4=\4=\0045\4;\4L\4=\4K\49\4 \0000\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\20\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?3?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da91ee2
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da91ee2@3c5a3735f363 0xAB 0x43 0x43 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0x47 0x50 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0x37 0xD2 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0xDE 0x39 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@#\4A\4B\4@\4>\49\4A\4B\0042\4>\4 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0?\4@\4>\4B\4>\4:\4>\4;\4 \0R\0F\0C\0O\0M\0M\0 \0T\0D\0I\0) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@#\4A\4B\4@\4>\49\4A\4B\0042\0040\4 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0;\48\4G\4=\4>\49\4 \0A\0045\4B\48\4) 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\20\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0006\0t\0o\0004 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@"\4C\4=\4=\0045\4;\4L\4=\4K\49\4 \0000\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\20\0044\0040\4?\4B\0045\4@\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?3?
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da91ee2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da91ee2@3c5a3735f363 0xAB 0x43 0x43 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0x47 0x50 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0x37 0xD2 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0xDE 0x39 0x56 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2B4CC33B-AA37-B290-A752-642C925AEE71}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2B4CC33B-AA37-B290-A752-642C925AEE71}@jbkpgcjaidlpbcihfjjdfbmghcbeaaonpbplkfabindlfohnmnck 0x6A 0x61 0x63 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2B4CC33B-AA37-B290-A752-642C925AEE71}@jbkpgcjaidlpbchhmiojmccpeaeooefkhcpcmphipkegjbfbjoeo 0x65 0x61 0x62 0x65 ...
---- EOF - GMER 2.1 ----
|
|
23.08.2013, 13:50
| #6 | |
| /// the machine /// TB-Ausbilder | Spiele und Leistung langsamer als sonstCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Spiele und Leistung langsamer als sonst |
|
24.08.2013, 01:37
| #7 |
| | Spiele und Leistung langsamer als sonst Combofix Logfile: Code:
ATTFilter ComboFix 13-08-22.01 - 1 24.08.2013 2:10.1.3 - x64
Eseguito da: c:\users\1\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Trend Micro Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Trend Micro Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\13FF3DADEF.sys
c:\programdata\59f26ff5d68299f89955579561abd558_c
c:\users\1\AppData\Roaming\Microsoft\Windows\Recent\Dungeon Party.url
c:\users\1\AppData\Roaming\Microsoft\Windows\Recent\Ragnarok Online 2.url
c:\users\1\AppData\Roaming\Microsoft\Windows\Recent\Spiral Knights.url
c:\users\1\AppData\Roaming\Microsoft\Windows\Recent\Torchlight II.url
c:\windows\apppatch\AppLoc.exe
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
D:\install.exe
c:\programdata\BrowserDefender . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 . . . . Eliminazione Fallita
c:\programdata\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe . . . . Eliminazione Fallita
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
((((((((((((((((((((((((( Files Creati Da 2013-07-24 al 2013-08-24 )))))))))))))))))))))))))))))))))))
.
.
2013-08-22 22:44 . 2013-08-22 22:44 -------- d-----w- C:\FRST
2013-08-22 22:04 . 2013-08-22 22:04 -------- d-----w- C:\mmoTM
2013-08-15 19:27 . 2013-07-26 05:13 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-08-15 18:19 . 2013-08-15 18:19 -------- d-----w- c:\users\1\AppData\Local\eclipse
2013-08-06 19:46 . 2013-08-06 19:46 -------- d-----w- c:\programdata\StarApp
2013-08-06 19:46 . 2013-08-06 19:47 -------- d-----w- c:\programdata\InstallMate
2013-08-01 18:42 . 2013-08-01 19:13 -------- d-----w- c:\program files (x86)\JDownloader
2013-08-01 18:42 . 2013-08-01 18:42 -------- d-----w- c:\programdata\BrowserDefender
2013-08-01 18:41 . 2013-08-01 18:41 -------- d-----w- c:\users\1\AppData\Roaming\Babylon
2013-08-01 18:41 . 2013-08-01 18:41 -------- d-----w- c:\programdata\Babylon
2013-07-31 23:37 . 2013-07-31 23:37 -------- d-----w- c:\programdata\RELOADED
2013-07-26 07:10 . 2013-07-26 07:10 -------- d-----w- c:\users\1\AppData\Roaming\library_dir
2013-07-26 07:04 . 2013-07-26 07:04 -------- d-----w- C:\Windyzone
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-24 00:26 . 2011-02-25 13:25 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-08-16 18:27 . 2011-03-12 11:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-08-16 18:27 . 2011-03-12 11:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-08-15 19:17 . 2011-12-27 16:28 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-15 17:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-05 20:03 . 2013-07-05 20:03 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-05 20:03 . 2013-07-05 20:03 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-05 20:03 . 2013-07-05 20:03 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-05 20:03 . 2013-07-05 20:03 188840 ----a-w- c:\windows\system32\java.exe
2013-07-05 20:03 . 2012-03-03 18:35 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-05 20:03 . 2012-03-03 18:35 1093032 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-05 19:55 . 2013-02-02 22:15 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-05 19:54 . 2012-06-21 19:57 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-05 19:54 . 2012-02-11 16:22 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-04 23:50 . 2012-03-17 05:47 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2013-07-04 23:50 . 2012-03-17 05:47 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2013-06-27 10:42 . 2013-05-07 14:56 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-20 05:04 . 2013-06-20 05:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-20 05:04 . 2013-06-20 05:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-20 05:04 . 2013-06-20 05:04 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-20 05:04 . 2013-06-20 05:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-20 05:04 . 2013-06-20 05:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-20 05:04 . 2013-06-20 05:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-20 05:04 . 2013-06-20 05:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-20 05:04 . 2013-06-20 05:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-20 05:04 . 2013-06-20 05:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-20 05:04 . 2013-06-20 05:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-20 05:04 . 2013-06-20 05:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-20 05:04 . 2013-06-20 05:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-20 05:04 . 2013-06-20 05:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-20 05:04 . 2013-06-20 05:04 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-20 05:04 . 2013-06-20 05:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-20 05:04 . 2013-06-20 05:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-20 05:04 . 2013-06-20 05:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-20 05:04 . 2013-06-20 05:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-20 05:04 . 2013-06-20 05:04 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-20 05:04 . 2013-06-20 05:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-20 05:04 . 2013-06-20 05:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-20 05:04 . 2013-06-20 05:04 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-20 05:04 . 2013-06-20 05:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-20 05:04 . 2013-06-20 05:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-20 05:04 . 2013-06-20 05:04 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-20 05:04 . 2013-06-20 05:04 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-20 05:04 . 2013-06-20 05:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-20 05:04 . 2013-06-20 05:04 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-20 05:04 . 2013-06-20 05:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-20 05:04 . 2013-06-20 05:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-20 05:04 . 2013-06-20 05:04 441856 ----a-w- c:\windows\system32\html.iec
2013-06-20 05:04 . 2013-06-20 05:04 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-20 05:04 . 2013-06-20 05:04 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-20 05:04 . 2013-06-20 05:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-20 05:04 . 2013-06-20 05:04 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-20 05:04 . 2013-06-20 05:04 235008 ----a-w- c:\windows\system32\url.dll
2013-06-20 05:04 . 2013-06-20 05:04 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-20 05:04 . 2013-06-20 05:04 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-20 05:04 . 2013-06-20 05:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-20 05:04 . 2013-06-20 05:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-20 05:04 . 2013-06-20 05:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-20 05:04 . 2013-06-20 05:04 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-20 05:04 . 2013-06-20 05:04 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-20 05:04 . 2013-06-20 05:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-20 05:04 . 2013-06-20 05:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-20 05:04 . 2013-06-20 05:04 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-20 05:04 . 2013-06-20 05:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-20 05:04 . 2013-06-20 05:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-20 05:04 . 2013-06-20 05:04 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-20 05:02 . 2013-06-20 05:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-20 05:02 . 2013-06-20 05:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-20 05:02 . 2013-06-20 05:02 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-20 05:02 . 2013-06-20 05:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-20 05:02 . 2013-06-20 05:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-20 05:02 . 2013-06-20 05:02 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-20 05:02 . 2013-06-20 05:02 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-20 05:02 . 2013-06-20 05:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-20 05:02 . 2013-06-20 05:02 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-20 05:02 . 2013-06-20 05:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-20 05:02 . 2013-06-20 05:02 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-20 05:02 . 2013-06-20 05:02 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-20 05:02 . 2013-06-20 05:02 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-20 05:02 . 2013-06-20 05:02 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-20 05:02 . 2013-06-20 05:02 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-20 05:02 . 2013-06-20 05:02 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-20 05:02 . 2013-06-20 05:02 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-20 05:02 . 2013-06-20 05:02 194560 ----a-w- c:\windows\system32\d3d10_1.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NevoDRM"="c:\????\NevoDRM\NevoDRM.exe" [?]
"Facebook Update"="c:\users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Akamai NetSession Interface"="c:\users\1\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-01-25 969104]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19876456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-10-04 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"autodetect"="c:\windows\SysWOW64\SupportAppXL\AutoDect.exe" [2010-03-02 129872]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"Abyssus"="c:\program files (x86)\Razer\Abyssus\razerhid.exe" [2010-05-10 223744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2010-10-4 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261519~1.190\{C16C1~1\BrowserDefender.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 ncvet.dll;ncvet.dll;c:\windows\Temp\ncvet.dll;c:\windows\Temp\ncvet.dll [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys;c:\windows\vtany.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 X6va005;X6va005;c:\users\1\AppData\Local\Temp\005C0D5.tmp;c:\users\1\AppData\Local\Temp\005C0D5.tmp [x]
R3 X6va006;X6va006;c:\users\1\AppData\Local\Temp\006C740.tmp;c:\users\1\AppData\Local\Temp\006C740.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbvoice.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys;c:\windows\SYSNATIVE\DRIVERS\tmpreflt.sys [x]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys;c:\windows\SYSNATIVE\drivers\Abyssus.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-22 10:59 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 13:05]
.
2013-08-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core.job
- c:\users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-29 23:26]
.
2013-08-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA.job
- c:\users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-29 23:26]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 11:26]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 11:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=261D6A5D6006E567&affID=119357&tsp=4961
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &????????? ? OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: &??????? ? Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
BHO-{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - c:\program files (x86)\icq\Internet Explorer\icq.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
Wow6432Node-HKLM-Run-Aeria Ignite - c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe
c:\users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PockiePirateHelper.lnk - c:\program files (x86)\PockiePirateHelper\PockiePirateHelper.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-55A28800-614C-47F2-A956-9D85A4E10922_is1 - c:\atlus online\Shin Megami Tensei Imagine\unins000.exe
AddRemove-Atlantica - c:\nexon\Atlantica\uninst.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-GrandFantasia-DE - c:\aeriagames\GrandFantasia-DE\Uninst.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-Lunia - c:\allm\Lunia\uninstall.exe
AddRemove-Mabinogi - c:\nexon\Mabinogi\Mabinogi.exe
AddRemove-OGPlanet Game Launcher US - c:\program files (x86)\OGPlanet\USLauncher\uninst.exe
AddRemove-Warhammer 40,000 Dawn of War II - Chaos Rising_is1 - c:\users\1\AppData\Roaming\Warhammer 40
AddRemove-{30C01299-554C-4B62-BD0F-849F43E01C91}_is1 - c:\program files (x86)\Pokemon World Online\unins000.exe
AddRemove-{46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1 - c:\gpotato.eu\Dragonica\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\1\AppData\Local\Temp\005C0D5.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\1\AppData\Local\Temp\006C740.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va013]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Ora fine scansione: 2013-08-24 02:34:44 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-08-24 00:34
.
Pre-Run: 12.911.165.440 bytes free
Post-Run: 14.921.555.968 bytes free
.
- - End Of File - - CBAC13B09890558AB4EC450DC91B3F03
|
|
24.08.2013, 11:43
| #8 |
| /// the machine /// TB-Ausbilder | Spiele und Leistung langsamer als sonst Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.08.2013, 16:40
| #9 |
| | Spiele und Leistung langsamer als sonstCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.24.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 1 :: 1-?? [Administrator] Schutz: Aktiviert 24.08.2013 16:51:23 mbam-log-2013-08-24 (16-51-23).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 247719 Laufzeit: 10 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{257135E7-B77B-065D-AEC4-768FB498EA67} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=261D6A5D6006E567&affID=119357&tsp=4961 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bösartig: (c:\PROGRA~3\BROWSE~1\261519~1.190\{C16C1~1\BrowserDefender.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=261D6A5D6006E567&affID=119357&tsp=4961) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 12 C:\Users\1\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 26 C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\InstallMate\{FF1B376C-077C-4DE6-AF0D-4F5E24F8159A}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{FF1B376C-077C-4DE6-AF0D-4F5E24F8159A}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\272295.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\2722a3.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart. C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by 1 on 24.08.2013 at 17:25:10,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFinderUpdater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFinderUpdater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFinder_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsFinder_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASDLG
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsFinderUpdater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsFinderUpdater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsFinder_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsFinder_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\1\appdata\local\{35e6b79f-789b-e125-13f5-dbc5c81feda4}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.08.2013 at 17:31:33,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.000 - Report created 24/08/2013 at 17:16:23
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : 1 - 1-??
# Running from : C:\Users\1\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Users\1\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
File Deleted : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\searchplugins\Babylon.xml
File Deleted : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\bprotector_extensions.sqlite
File Deleted : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\bprotector_prefs.js
File Deleted : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\user.js
File Deleted : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\BrowserProtect
File Deleted : C:\Windows\System32\Tasks\Dealply
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\590df8db769be45
Key Deleted : HKLM\SOFTWARE\590df8db769be45
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_visualboyadvance_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_visualboyadvance_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_warcraft-iii-the-frozen-throne_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_warcraft-iii-the-frozen-throne_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winds-pro_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winds-pro_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_driver-turbo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_driver-turbo_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsFinder
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v18.0.1 (en-US)
[ File : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\prefs.js ]
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{336D0C35-8A85-403a-B9D2-65C292C39087}\":{\"descriptor\":\"C:\\\\Program Files\\\\Web Assistant\\\\Firefox\",\"mtim[...]
-\\ Google Chrome v29.0.1547.57
[ File : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [4810 octets] - [24/08/2013 17:15:04]
AdwCleaner[S0].txt - [4553 octets] - [24/08/2013 17:16:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4613 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by 1 (administrator) on 24-08-2013 17:36:59
Running from C:\Users\1\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Russian
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Akamai Technologies, Inc.) C:\Users\1\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\1\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Razer\Abyssus\razerhid.exe
() C:\Program Files (x86)\Razer\Abyssus\razertra.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Abyssus\razerofa.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKCU\...\Run: [NevoDRM] - C:\Игры\NevoDRM\NevoDRM.exe [41984 2008-12-11] ()
HKCU\...\Run: [Facebook Update] - C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2013-01-25] (BitTorrent, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-04] ()
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [autodetect] - C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe [129872 2010-03-02] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Abyssus] - C:\Program Files (x86)\Razer\Abyssus\razerhid.exe [223744 2010-05-10] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Гость\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKU\Гость\...\Run: [NevoDRM] - C:\Игры\NevoDRM\NevoDRM.exe [41984 2008-12-11] ()
HKU\Гость\...\Run: [Facebook Update] - C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Гость\...\Run: [Akamai NetSession Interface] - C:\Users\1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\Гость\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2013-01-25] (BitTorrent, Inc.)
HKU\Гость\...\Run: [RavenBleuSA] - "C:\Users\1\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe" [x]
HKU\Гость\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [x]
HKU\Гость\...\Run: [Vidalia] - "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe" [x]
HKU\Гость\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent [x]
HKU\Гость\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
HKU\Гость\...\Run: [ICQ] - ~"C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4 [x]
HKU\Гость\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKU\Гость\...\Run: [teeveewatchSA] - "C:\Users\1\AppData\Local\teeveewatchSA\bin\1.0.8.0\teeveewatchSA.exe" [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Помощник по входу в Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default
FF NetworkProxy: "no_proxies_on", "127.0.0.1"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 1
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Webzen.com/NPBrowserExt - C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\1\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @TrianglePlayer - C:\Users\1\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: onlinehdtv - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\onlinehdtv@onlinehd.tv.xpi
FF Extension: No Name - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
Chrome:
=======
CHR Extension: (Docs) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd10.crx
CHR HKLM-x32\...\Chrome\Extension: [nmpllndkedbnmonoomepeeglghdelffo] - C:\Program Files (x86)\icq\Chrome\icq-1.3.671.crx
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-09] (BitRaider, LLC)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4662936 2012-02-27] (INCA Internet Co., Ltd.)
S2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.)
S2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [661600 2012-11-19] (Wellbia.com Co., Ltd.)
S2 Guard.Mail.ru; "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" [x]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [x]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [x]
==================== Drivers (Whitelisted) ====================
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Корпорация Майкрософт)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-02-26] (Duplex Secure Ltd.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Корпорация Майкрософт)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
U3 AppMgmt; %SystemRoot%\system32\svchost.exe -k netsvcs
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 CscService;
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 ncvet.dll; \??\C:\Windows\Temp\ncvet.dll [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
U3 PeerDistSvc;
U3 tmlwf;
U3 tmwfp;
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 X6va005; \??\C:\Users\1\AppData\Local\Temp\005C0D5.tmp [x]
S3 X6va006; \??\C:\Users\1\AppData\Local\Temp\006C740.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-24 17:31 - 2013-08-24 17:31 - 00002524 _____ C:\Users\1\Desktop\JRT.txt
2013-08-24 17:24 - 2013-08-24 17:24 - 01021434 _____ (Thisisu) C:\Users\1\Downloads\JRT.exe
2013-08-24 17:24 - 2013-08-24 17:24 - 01021434 _____ (Thisisu) C:\Users\1\Desktop\JRT.exe
2013-08-24 17:14 - 2013-08-24 17:16 - 00000000 ____D C:\AdwCleaner
2013-08-24 17:13 - 2013-08-24 17:12 - 00975858 _____ C:\Users\1\Desktop\adwcleaner.exe
2013-08-24 17:12 - 2013-08-24 17:12 - 00975858 _____ C:\Users\1\Downloads\adwcleaner.exe
2013-08-24 17:04 - 2013-08-24 17:04 - 00008125 _____ C:\Users\1\Desktop\Новый текстовый документ.txt
2013-08-24 16:47 - 2013-08-24 16:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-24 16:47 - 2013-08-24 16:47 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Users\1\AppData\Roaming\Malwarebytes
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 16:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-24 16:46 - 2013-08-24 16:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 14:23 - 2013-08-24 14:24 - 04996831 _____ C:\Users\1\Downloads\DragnestLauncher.zip
2013-08-24 13:39 - 2013-08-24 13:39 - 00001010 _____ C:\Users\Public\Desktop\PlayDGN.lnk
2013-08-24 13:25 - 2013-08-24 14:29 - 00000000 ____D C:\Program Files (x86)\PlayDGN
2013-08-24 12:46 - 2013-08-24 12:46 - 00001264 _____ C:\Users\Public\Desktop\WinDS PRO Apps.lnk
2013-08-24 12:30 - 2013-08-24 12:31 - 37642067 _____ C:\Users\1\Downloads\WinDS PRO 2013.9.1.zip
2013-08-24 11:25 - 2013-08-24 13:12 - 3753371694 _____ C:\Users\1\Downloads\DragnestFullSetupVer103.zip
2013-08-24 02:34 - 2013-08-24 02:34 - 00036162 _____ C:\ComboFix.txt
2013-08-24 02:07 - 2013-08-24 02:34 - 00000000 ____D C:\Qoobox
2013-08-24 02:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-24 02:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-24 02:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-24 02:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-24 02:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-24 02:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-24 02:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-24 02:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-24 02:06 - 2013-08-24 02:32 - 00000000 ____D C:\Windows\erdnt
2013-08-24 02:05 - 2013-08-23 23:34 - 05111180 ____R (Swearware) C:\Users\1\Desktop\ComboFix.exe
2013-08-23 23:33 - 2013-08-23 23:34 - 05111180 _____ (Swearware) C:\Users\1\Downloads\ComboFix.exe
2013-08-23 10:05 - 2013-08-23 10:05 - 00017411 _____ C:\Users\1\Downloads\Extras.rar
2013-08-23 08:45 - 2013-08-23 08:48 - 51015883 _____ (XYZ-SOFT) C:\Users\1\Downloads\soc.exe
2013-08-23 04:55 - 2013-08-23 05:00 - 225464616 _____ C:\Users\1\Downloads\[Pure-Anime.biz]Highschool DxD NEW07GerSub.mp4
2013-08-23 03:14 - 2013-08-23 03:14 - 00757893 _____ C:\Users\1\Downloads\ar_sanji.rar
2013-08-23 00:44 - 2013-08-23 00:44 - 00000000 ____D C:\FRST
2013-08-23 00:37 - 2013-08-23 00:37 - 00000020 _____ C:\Users\1\defogger_reenable
2013-08-23 00:36 - 2013-08-23 00:36 - 01576476 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-08-23 00:36 - 2013-08-23 00:26 - 00377856 _____ C:\Users\1\Desktop\gmer_2.1.19163.exe
2013-08-23 00:36 - 2013-08-23 00:26 - 00050477 _____ C:\Users\1\Desktop\Defogger.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-08-23 00:04 - 2013-08-23 00:04 - 00000000 ____D C:\mmoTM
2013-08-22 23:08 - 2013-08-22 23:37 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-19 01:13 - 2013-08-19 01:29 - 1130116244 _____ C:\Users\1\Documents\[NAKA] Mushibugyo - Episode 15 Ger Sub [1080p].mp4
2013-08-18 22:22 - 2013-08-23 00:43 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-08-18 20:41 - 2013-08-18 20:41 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
2013-08-15 21:28 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 21:28 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 21:28 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 21:28 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 21:28 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 21:28 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 21:28 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 21:28 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 21:27 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 21:27 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 21:27 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 21:27 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 21:27 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 21:27 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 21:27 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 21:27 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 21:27 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 21:27 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 20:19 - 2013-08-15 20:19 - 00000000 ____D C:\Users\1\AppData\Local\eclipse
2013-08-15 19:27 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 19:27 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 19:27 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 19:27 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 19:27 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 19:27 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 19:27 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 19:27 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 19:27 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 19:27 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 19:27 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 19:27 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 19:27 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 19:27 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 19:27 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 19:27 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 19:27 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 19:27 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 19:27 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 19:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 19:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\Users\Все пользователи\StarApp
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\ProgramData\StarApp
2013-08-01 20:42 - 2013-08-01 21:13 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\Users\Все пользователи\RELOADED
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\ProgramData\RELOADED
2013-07-26 09:10 - 2013-07-26 09:10 - 00000000 ____D C:\Users\1\AppData\Roaming\library_dir
2013-07-26 09:04 - 2013-07-26 09:04 - 00000000 ____D C:\Windyzone
==================== One Month Modified Files and Folders =======
2013-08-24 17:33 - 2013-08-24 17:33 - 00011322 _____ C:\Users\1\Downloads\Gmer.txt
2013-08-24 17:31 - 2013-08-24 17:31 - 00002524 _____ C:\Users\1\Desktop\JRT.txt
2013-08-24 17:26 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-24 17:26 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-24 17:24 - 2013-08-24 17:24 - 01021434 _____ (Thisisu) C:\Users\1\Downloads\JRT.exe
2013-08-24 17:24 - 2013-08-24 17:24 - 01021434 _____ (Thisisu) C:\Users\1\Desktop\JRT.exe
2013-08-24 17:21 - 2012-04-29 01:16 - 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-24 17:21 - 2012-01-16 18:22 - 00000027 _____ C:\Windows\system32\Drivers\etc\tmvsthfud.bin
2013-08-24 17:21 - 2010-10-04 21:26 - 00000027 _____ C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2013-08-24 17:20 - 2012-02-19 13:55 - 00000000 ____D C:\Users\1\AppData\Roaming\Skype
2013-08-24 17:20 - 2012-02-16 14:46 - 00000000 ____D C:\Users\1\AppData\Roaming\uTorrent
2013-08-24 17:19 - 2013-06-22 12:22 - 00016476 _____ C:\autoupdate.log
2013-08-24 17:18 - 2013-05-19 09:20 - 00011618 _____ C:\Windows\setupact.log
2013-08-24 17:18 - 2012-10-07 13:26 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-24 17:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-24 17:17 - 2013-05-19 09:23 - 01670420 _____ C:\Windows\WindowsUpdate.log
2013-08-24 17:16 - 2013-08-24 17:14 - 00000000 ____D C:\AdwCleaner
2013-08-24 17:12 - 2013-08-24 17:13 - 00975858 _____ C:\Users\1\Desktop\adwcleaner.exe
2013-08-24 17:12 - 2013-08-24 17:12 - 00975858 _____ C:\Users\1\Downloads\adwcleaner.exe
2013-08-24 17:07 - 2011-02-25 15:25 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-08-24 17:06 - 2013-05-20 09:32 - 00547096 _____ C:\Windows\PFRO.log
2013-08-24 17:06 - 2010-10-04 21:41 - 00001548 _____ C:\Windows\system32\ServiceFilter.ini
2013-08-24 17:04 - 2013-08-24 17:04 - 00008125 _____ C:\Users\1\Desktop\Новый текстовый документ.txt
2013-08-24 16:58 - 2012-10-07 13:26 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-24 16:47 - 2013-08-24 16:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-24 16:47 - 2013-08-24 16:47 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Users\1\AppData\Roaming\Malwarebytes
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 16:47 - 2013-08-24 16:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 16:31 - 2011-12-30 01:12 - 00001122 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA.job
2013-08-24 14:29 - 2013-08-24 13:25 - 00000000 ____D C:\Program Files (x86)\PlayDGN
2013-08-24 14:24 - 2013-08-24 14:23 - 04996831 _____ C:\Users\1\Downloads\DragnestLauncher.zip
2013-08-24 13:39 - 2013-08-24 13:39 - 00001010 _____ C:\Users\Public\Desktop\PlayDGN.lnk
2013-08-24 13:12 - 2013-08-24 11:25 - 3753371694 _____ C:\Users\1\Downloads\DragnestFullSetupVer103.zip
2013-08-24 12:47 - 2011-11-27 18:49 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-24 12:46 - 2013-08-24 12:46 - 00001264 _____ C:\Users\Public\Desktop\WinDS PRO Apps.lnk
2013-08-24 12:46 - 2013-07-16 01:39 - 00002115 _____ C:\Users\Public\Desktop\WinDS PRO.lnk
2013-08-24 12:46 - 2011-03-12 13:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-08-24 12:46 - 2011-03-12 13:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:31 - 2013-08-24 12:30 - 37642067 _____ C:\Users\1\Downloads\WinDS PRO 2013.9.1.zip
2013-08-24 09:05 - 2013-06-12 17:47 - 00000000 ____D C:\Users\1\Desktop\Dragon Nest Europe
2013-08-24 07:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-24 02:34 - 2013-08-24 02:34 - 00036162 _____ C:\ComboFix.txt
2013-08-24 02:34 - 2013-08-24 02:07 - 00000000 ____D C:\Qoobox
2013-08-24 02:34 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-24 02:33 - 2009-07-14 07:13 - 01650206 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-24 02:33 - 2009-07-13 17:17 - 00717442 _____ C:\Windows\system32\perfh019.dat
2013-08-24 02:33 - 2009-07-13 17:17 - 00150260 _____ C:\Windows\system32\perfc019.dat
2013-08-24 02:32 - 2013-08-24 02:06 - 00000000 ____D C:\Windows\erdnt
2013-08-24 02:32 - 2011-02-25 15:27 - 00000000 ___RD C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-24 02:27 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-24 02:25 - 2009-07-14 04:34 - 81264640 _____ C:\Windows\system32\config\software.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 25690112 _____ C:\Windows\system32\config\system.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00360448 _____ C:\Windows\system32\config\default.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00090112 _____ C:\Windows\system32\config\sam.bak
2013-08-24 01:31 - 2011-12-30 01:12 - 00001100 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core.job
2013-08-23 23:34 - 2013-08-24 02:05 - 05111180 ____R (Swearware) C:\Users\1\Desktop\ComboFix.exe
2013-08-23 23:34 - 2013-08-23 23:33 - 05111180 _____ (Swearware) C:\Users\1\Downloads\ComboFix.exe
2013-08-23 14:48 - 2013-06-06 23:45 - 00000000 ____D C:\Users\1\AppData\Roaming\vlc
2013-08-23 10:05 - 2013-08-23 10:05 - 00017411 _____ C:\Users\1\Downloads\Extras.rar
2013-08-23 08:48 - 2013-08-23 08:45 - 51015883 _____ (XYZ-SOFT) C:\Users\1\Downloads\soc.exe
2013-08-23 05:00 - 2013-08-23 04:55 - 225464616 _____ C:\Users\1\Downloads\[Pure-Anime.biz]Highschool DxD NEW07GerSub.mp4
2013-08-23 03:14 - 2013-08-23 03:14 - 00757893 _____ C:\Users\1\Downloads\ar_sanji.rar
2013-08-23 03:14 - 2013-06-11 00:31 - 00000000 ____D C:\Users\1\Desktop\Mods
2013-08-23 00:44 - 2013-08-23 00:44 - 00000000 ____D C:\FRST
2013-08-23 00:43 - 2013-08-18 22:22 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-08-23 00:37 - 2013-08-23 00:37 - 00000020 _____ C:\Users\1\defogger_reenable
2013-08-23 00:37 - 2011-02-25 15:25 - 00000000 ____D C:\Users\1
2013-08-23 00:36 - 2013-08-23 00:36 - 01576476 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-08-23 00:26 - 2013-08-23 00:36 - 00377856 _____ C:\Users\1\Desktop\gmer_2.1.19163.exe
2013-08-23 00:26 - 2013-08-23 00:36 - 00050477 _____ C:\Users\1\Desktop\Defogger.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-08-23 00:04 - 2013-08-23 00:04 - 00000000 ____D C:\mmoTM
2013-08-22 23:37 - 2013-08-22 23:08 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 22:49 - 2013-04-20 19:53 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-22 22:47 - 2010-10-04 21:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-22 22:40 - 2011-02-28 11:15 - 00000000 ____D C:\Windows\Minidump
2013-08-19 01:29 - 2013-08-19 01:13 - 1130116244 _____ C:\Users\1\Documents\[NAKA] Mushibugyo - Episode 15 Ger Sub [1080p].mp4
2013-08-18 22:21 - 2012-02-10 19:02 - 00000000 ____D C:\Users\1\AppData\Roaming\DVDVideoSoft
2013-08-18 20:42 - 2012-02-10 19:01 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-08-18 20:41 - 2013-08-18 20:41 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
2013-08-15 21:21 - 2013-07-13 22:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 21:17 - 2011-12-27 18:28 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 20:19 - 2013-08-15 20:19 - 00000000 ____D C:\Users\1\AppData\Local\eclipse
2013-08-15 19:41 - 2012-04-14 23:39 - 00000994 _____ C:\Users\Гость\Desktop\Wakfu.lnk
2013-08-11 21:16 - 2013-07-16 01:50 - 00000000 ____D C:\Users\1\Desktop\Rom
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\Users\Все пользователи\StarApp
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\ProgramData\StarApp
2013-08-06 20:57 - 2013-05-20 10:20 - 00002049 _____ C:\Windows\TMFilter.log
2013-08-06 17:09 - 2011-03-12 15:17 - 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2013-08-06 17:09 - 2011-03-12 15:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-04 22:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-08-01 21:13 - 2013-08-01 20:42 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-01 01:47 - 2013-04-20 20:44 - 00000000 ____D C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\Users\Все пользователи\RELOADED
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\ProgramData\RELOADED
2013-07-30 17:28 - 2009-07-14 04:34 - 00000500 _____ C:\Windows\win.ini
2013-07-29 01:50 - 2013-01-30 20:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-29 01:50 - 2012-08-29 22:18 - 00000000 ____D C:\Users\Все пользователи\Skype
2013-07-29 01:50 - 2012-08-29 22:18 - 00000000 ____D C:\ProgramData\Skype
2013-07-27 15:25 - 2013-04-20 21:35 - 00000000 ____D C:\Users\1\Documents\my games
2013-07-26 09:10 - 2013-07-26 09:10 - 00000000 ____D C:\Users\1\AppData\Roaming\library_dir
2013-07-26 09:07 - 2013-06-01 09:48 - 00056972 _____ C:\Windows\DirectX.log
2013-07-26 09:04 - 2013-07-26 09:04 - 00000000 ____D C:\Windyzone
2013-07-26 08:48 - 2011-04-09 13:47 - 00000000 ____D C:\Users\1\Tracing
2013-07-26 07:13 - 2013-08-15 21:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:13 - 2013-08-15 21:27 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 21:27 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 07:12 - 2013-08-15 21:27 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 21:27 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 21:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:35 - 2013-08-15 21:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 21:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 21:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 21:27 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 21:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 21:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 05:11 - 2013-08-15 21:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 04:49 - 2013-08-15 21:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 21:28 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 21:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-15 19:27 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-15 19:27 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Все пользователи\hash.dat
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-19 04:41
==================== End Of Log ============================
|
|
24.08.2013, 18:18
| #10 |
| /// the machine /// TB-Ausbilder | Spiele und Leistung langsamer als sonstESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.08.2013, 13:19
| #11 |
| | Spiele und Leistung langsamer als sonstCode:
ATTFilter Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Trend Micro Internet Security Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader XI Google Chrome 28.0.1500.95 Google Chrome 29.0.1547.57 Google Chrome dmlconf.dat.. ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe Trend Micro BM TMBMSRV.exe Trend Micro Internet Security SfCtlCom.exe Trend Micro Internet Security TmProxy.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 32% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d0a3d6ca8266624a9e067faef3222352
# engine=14890
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-25 11:48:58
# local_time=2013-08-25 01:48:58 )
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=513 16777085 100 97 17683 110513354 0 0
# compatibility_mode=1799 16775165 100 96 0 242854628 61452 0
# compatibility_mode=5893 16776574 66 85 4009147 129061188 0 0
# scanned=286509
# found=0
# cleaned=0
# scan_time=17289
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by 1 (administrator) on 25-08-2013 14:23:42
Running from C:\Users\1\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Russian
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Akamai Technologies, Inc.) C:\Users\1\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\1\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKCU\...\Run: [NevoDRM] - C:\Игры\NevoDRM\NevoDRM.exe [41984 2008-12-11] ()
HKCU\...\Run: [Facebook Update] - C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2013-01-25] (BitTorrent, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-04] ()
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [autodetect] - C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe [129872 2010-03-02] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Abyssus] - C:\Program Files (x86)\Razer\Abyssus\razerhid.exe [223744 2010-05-10] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Помощник по входу в Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default
FF NetworkProxy: "no_proxies_on", "127.0.0.1"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 1
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Webzen.com/NPBrowserExt - C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\1\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @TrianglePlayer - C:\Users\1\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: onlinehdtv - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\onlinehdtv@onlinehd.tv.xpi
FF Extension: No Name - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Kalydo Player Plugin for Mozilla) - C:\Users\1\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
CHR Plugin: (NPPlayerShell) - C:\Users\1\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (OGPlanet Game Plugin) - C:\Windows\system32\npOGPPlugin.dll No File
CHR Extension: (Docs) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd10.crx
CHR HKLM-x32\...\Chrome\Extension: [nmpllndkedbnmonoomepeeglghdelffo] - C:\Program Files (x86)\icq\Chrome\icq-1.3.671.crx
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-09] (BitRaider, LLC)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4662936 2012-02-27] (INCA Internet Co., Ltd.)
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.)
R2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [661600 2012-11-19] (Wellbia.com Co., Ltd.)
S2 Guard.Mail.ru; "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" [x]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [x]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [x]
==================== Drivers (Whitelisted) ====================
R3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 1394hub; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Корпорация Майкрософт)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-02-26] (Duplex Secure Ltd.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Корпорация Майкрософт)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
R3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
R3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
U3 AppMgmt; %SystemRoot%\system32\svchost.exe -k netsvcs
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 CscService;
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 ncvet.dll; \??\C:\Windows\Temp\ncvet.dll [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
U3 PeerDistSvc;
U3 tmlwf;
U3 tmwfp;
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 X6va005; \??\C:\Users\1\AppData\Local\Temp\005C0D5.tmp [x]
S3 X6va006; \??\C:\Users\1\AppData\Local\Temp\006C740.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-25 14:10 - 2013-08-25 14:10 - 00891115 _____ C:\Users\1\Desktop\SecurityCheck.exe
2013-08-25 12:05 - 2013-08-25 13:54 - 327878820 _____ C:\Users\1\Downloads\MSG00.S1.480.01.rar
2013-08-25 11:58 - 2013-07-15 04:08 - 338647040 _____ C:\Users\1\Desktop\GUNDAM 00 Second Season Ep 01 Xvid DVDRip ger-jap-dub ger-sub [AST4u].avi
2013-08-25 10:32 - 2013-08-25 12:22 - 338245812 _____ C:\Users\1\Downloads\MSG.S2.480.02.rar
2013-08-25 10:25 - 2013-08-25 11:33 - 338647220 _____ C:\Users\1\Downloads\MSG.S2.480.01.rar
2013-08-25 08:58 - 2013-08-25 08:57 - 02347384 _____ (ESET) C:\Users\1\Desktop\esetsmartinstaller_enu.exe
2013-08-25 08:57 - 2013-08-25 08:57 - 02347384 _____ (ESET) C:\Users\1\Downloads\esetsmartinstaller_enu.exe
2013-08-24 17:33 - 2013-08-24 17:33 - 00011322 _____ C:\Users\1\Downloads\Gmer.txt
2013-08-24 17:31 - 2013-08-24 17:31 - 00002524 _____ C:\Users\1\Desktop\JRT.txt
2013-08-24 17:24 - 2013-08-24 17:24 - 01021434 _____ (Thisisu) C:\Users\1\Downloads\JRT.exe
2013-08-24 17:24 - 2013-08-24 17:24 - 01021434 _____ (Thisisu) C:\Users\1\Desktop\JRT.exe
2013-08-24 17:14 - 2013-08-24 17:16 - 00000000 ____D C:\AdwCleaner
2013-08-24 17:13 - 2013-08-24 17:12 - 00975858 _____ C:\Users\1\Desktop\adwcleaner.exe
2013-08-24 17:12 - 2013-08-24 17:12 - 00975858 _____ C:\Users\1\Downloads\adwcleaner.exe
2013-08-24 17:04 - 2013-08-24 17:04 - 00008125 _____ C:\Users\1\Desktop\Новый текстовый документ.txt
2013-08-24 16:47 - 2013-08-24 16:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-24 16:47 - 2013-08-24 16:47 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Users\1\AppData\Roaming\Malwarebytes
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 16:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-24 16:46 - 2013-08-24 16:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 14:23 - 2013-08-24 14:24 - 04996831 _____ C:\Users\1\Downloads\DragnestLauncher.zip
2013-08-24 13:39 - 2013-08-24 13:39 - 00001010 _____ C:\Users\Public\Desktop\PlayDGN.lnk
2013-08-24 13:25 - 2013-08-24 19:20 - 00000000 ____D C:\Program Files (x86)\PlayDGN
2013-08-24 12:30 - 2013-08-24 12:31 - 37642067 _____ C:\Users\1\Downloads\WinDS PRO 2013.9.1.zip
2013-08-24 11:25 - 2013-08-24 13:12 - 3753371694 _____ C:\Users\1\Downloads\DragnestFullSetupVer103.zip
2013-08-24 02:34 - 2013-08-24 02:34 - 00036162 _____ C:\ComboFix.txt
2013-08-24 02:07 - 2013-08-24 02:34 - 00000000 ____D C:\Qoobox
2013-08-24 02:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-24 02:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-24 02:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-24 02:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-24 02:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-24 02:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-24 02:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-24 02:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-24 02:06 - 2013-08-24 02:32 - 00000000 ____D C:\Windows\erdnt
2013-08-24 02:05 - 2013-08-23 23:34 - 05111180 ____R (Swearware) C:\Users\1\Desktop\ComboFix.exe
2013-08-23 23:33 - 2013-08-23 23:34 - 05111180 _____ (Swearware) C:\Users\1\Downloads\ComboFix.exe
2013-08-23 10:05 - 2013-08-23 10:05 - 00017411 _____ C:\Users\1\Downloads\Extras.rar
2013-08-23 04:55 - 2013-08-23 05:00 - 225464616 _____ C:\Users\1\Downloads\[Pure-Anime.biz]Highschool DxD NEW07GerSub.mp4
2013-08-23 03:14 - 2013-08-23 03:14 - 00757893 _____ C:\Users\1\Downloads\ar_sanji.rar
2013-08-23 00:44 - 2013-08-23 00:44 - 00000000 ____D C:\FRST
2013-08-23 00:37 - 2013-08-23 00:37 - 00000020 _____ C:\Users\1\defogger_reenable
2013-08-23 00:36 - 2013-08-23 00:36 - 01576476 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-08-23 00:36 - 2013-08-23 00:26 - 00377856 _____ C:\Users\1\Desktop\gmer_2.1.19163.exe
2013-08-23 00:36 - 2013-08-23 00:26 - 00050477 _____ C:\Users\1\Desktop\Defogger.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-08-23 00:04 - 2013-08-23 00:04 - 00000000 ____D C:\mmoTM
2013-08-22 23:08 - 2013-08-22 23:37 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-19 01:13 - 2013-08-19 01:29 - 1130116244 _____ C:\Users\1\Documents\[NAKA] Mushibugyo - Episode 15 Ger Sub [1080p].mp4
2013-08-18 22:22 - 2013-08-25 10:42 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-08-18 20:41 - 2013-08-18 20:41 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
2013-08-15 21:28 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 21:28 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 21:28 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 21:28 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 21:28 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 21:28 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 21:28 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 21:28 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 21:28 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 21:28 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 21:27 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 21:27 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 21:27 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 21:27 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 21:27 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 21:27 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 21:27 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 21:27 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 21:27 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 21:27 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 20:19 - 2013-08-15 20:19 - 00000000 ____D C:\Users\1\AppData\Local\eclipse
2013-08-15 19:27 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 19:27 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 19:27 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 19:27 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 19:27 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 19:27 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 19:27 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 19:27 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 19:27 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 19:27 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 19:27 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 19:27 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 19:27 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 19:27 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 19:27 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 19:27 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 19:27 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 19:27 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 19:27 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 19:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 19:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\Users\Все пользователи\StarApp
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\ProgramData\StarApp
2013-08-01 20:42 - 2013-08-01 21:13 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\Users\Все пользователи\RELOADED
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\ProgramData\RELOADED
2013-07-26 09:10 - 2013-07-26 09:10 - 00000000 ____D C:\Users\1\AppData\Roaming\library_dir
2013-07-26 09:04 - 2013-07-26 09:04 - 00000000 ____D C:\Windyzone
==================== One Month Modified Files and Folders =======
2013-08-25 14:21 - 2012-04-29 01:16 - 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-25 14:10 - 2013-08-25 14:10 - 00891115 _____ C:\Users\1\Downloads\SecurityCheck.exe
2013-08-25 14:10 - 2013-08-25 14:10 - 00891115 _____ C:\Users\1\Desktop\SecurityCheck.exe
2013-08-25 13:58 - 2012-10-07 13:26 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-25 13:54 - 2013-08-25 12:05 - 327878820 _____ C:\Users\1\Downloads\MSG00.S1.480.01.rar
2013-08-25 13:41 - 2012-02-19 13:55 - 00000000 ____D C:\Users\1\AppData\Roaming\Skype
2013-08-25 13:35 - 2013-05-19 09:23 - 01732915 _____ C:\Windows\WindowsUpdate.log
2013-08-25 13:31 - 2011-12-30 01:12 - 00001122 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA.job
2013-08-25 12:22 - 2013-08-25 10:32 - 338245812 _____ C:\Users\1\Downloads\MSG.S2.480.02.rar
2013-08-25 12:02 - 2013-06-06 23:45 - 00000000 ____D C:\Users\1\AppData\Roaming\vlc
2013-08-25 11:33 - 2013-08-25 10:25 - 338647220 _____ C:\Users\1\Downloads\MSG.S2.480.01.rar
2013-08-25 11:02 - 2013-05-19 09:20 - 00012010 _____ C:\Windows\setupact.log
2013-08-25 10:42 - 2013-08-18 22:22 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-08-25 09:00 - 2012-01-16 18:22 - 00000027 _____ C:\Windows\system32\Drivers\etc\tmvsthfud.bin
2013-08-25 09:00 - 2010-10-04 21:26 - 00000027 _____ C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2013-08-25 09:00 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 09:00 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-25 08:57 - 2013-08-25 08:58 - 02347384 _____ (ESET) C:\Users\1\Desktop\esetsmartinstaller_enu.exe
2013-08-25 08:57 - 2013-08-25 08:57 - 02347384 _____ (ESET) C:\Users\1\Downloads\esetsmartinstaller_enu.exe
2013-08-25 08:54 - 2012-02-16 14:46 - 00000000 ____D C:\Users\1\AppData\Roaming\uTorrent
2013-08-25 08:52 - 2013-06-22 12:22 - 00016785 _____ C:\autoupdate.log
2013-08-25 08:52 - 2012-10-07 13:26 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-25 08:52 - 2011-02-25 15:25 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-08-25 08:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 05:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-24 19:20 - 2013-08-24 13:25 - 00000000 ____D C:\Program Files (x86)\PlayDGN
2013-08-24 19:20 - 2013-06-12 17:47 - 00000000 ____D C:\Users\1\Desktop\Dragon Nest Europe
2013-08-24 19:11 - 2013-05-14 16:58 - 00000000 ____D C:\Users\1\Documents\DragonNest
2013-08-24 17:33 - 2013-08-24 17:33 - 00011322 _____ C:\Users\1\Downloads\Gmer.txt
2013-08-24 17:31 - 2013-08-24 17:31 - 00002524 _____ C:\Users\1\Desktop\JRT.txt
2013-08-24 17:24 - 2013-08-24 17:24 - 01021434 _____ (Thisisu) C:\Users\1\Downloads\JRT.exe
2013-08-24 17:24 - 2013-08-24 17:24 - 01021434 _____ (Thisisu) C:\Users\1\Desktop\JRT.exe
2013-08-24 17:16 - 2013-08-24 17:14 - 00000000 ____D C:\AdwCleaner
2013-08-24 17:12 - 2013-08-24 17:13 - 00975858 _____ C:\Users\1\Desktop\adwcleaner.exe
2013-08-24 17:12 - 2013-08-24 17:12 - 00975858 _____ C:\Users\1\Downloads\adwcleaner.exe
2013-08-24 17:06 - 2013-05-20 09:32 - 00547096 _____ C:\Windows\PFRO.log
2013-08-24 17:06 - 2010-10-04 21:41 - 00001548 _____ C:\Windows\system32\ServiceFilter.ini
2013-08-24 17:04 - 2013-08-24 17:04 - 00008125 _____ C:\Users\1\Desktop\Новый текстовый документ.txt
2013-08-24 16:47 - 2013-08-24 16:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-24 16:47 - 2013-08-24 16:47 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Users\1\AppData\Roaming\Malwarebytes
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 16:47 - 2013-08-24 16:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\1\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 14:24 - 2013-08-24 14:23 - 04996831 _____ C:\Users\1\Downloads\DragnestLauncher.zip
2013-08-24 13:39 - 2013-08-24 13:39 - 00001010 _____ C:\Users\Public\Desktop\PlayDGN.lnk
2013-08-24 13:12 - 2013-08-24 11:25 - 3753371694 _____ C:\Users\1\Downloads\DragnestFullSetupVer103.zip
2013-08-24 12:47 - 2011-11-27 18:49 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-24 12:46 - 2013-07-16 01:39 - 00002115 _____ C:\Users\Public\Desktop\WinDS PRO.lnk
2013-08-24 12:46 - 2011-03-12 13:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-08-24 12:46 - 2011-03-12 13:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:31 - 2013-08-24 12:30 - 37642067 _____ C:\Users\1\Downloads\WinDS PRO 2013.9.1.zip
2013-08-24 02:34 - 2013-08-24 02:34 - 00036162 _____ C:\ComboFix.txt
2013-08-24 02:34 - 2013-08-24 02:07 - 00000000 ____D C:\Qoobox
2013-08-24 02:34 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-24 02:33 - 2009-07-14 07:13 - 01650206 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-24 02:33 - 2009-07-13 17:17 - 00717442 _____ C:\Windows\system32\perfh019.dat
2013-08-24 02:33 - 2009-07-13 17:17 - 00150260 _____ C:\Windows\system32\perfc019.dat
2013-08-24 02:32 - 2013-08-24 02:06 - 00000000 ____D C:\Windows\erdnt
2013-08-24 02:32 - 2011-02-25 15:27 - 00000000 ___RD C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-24 02:27 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-24 02:25 - 2009-07-14 04:34 - 81264640 _____ C:\Windows\system32\config\software.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 25690112 _____ C:\Windows\system32\config\system.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00360448 _____ C:\Windows\system32\config\default.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00090112 _____ C:\Windows\system32\config\sam.bak
2013-08-24 01:31 - 2011-12-30 01:12 - 00001100 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core.job
2013-08-23 23:34 - 2013-08-24 02:05 - 05111180 ____R (Swearware) C:\Users\1\Desktop\ComboFix.exe
2013-08-23 23:34 - 2013-08-23 23:33 - 05111180 _____ (Swearware) C:\Users\1\Downloads\ComboFix.exe
2013-08-23 10:05 - 2013-08-23 10:05 - 00017411 _____ C:\Users\1\Downloads\Extras.rar
2013-08-23 05:00 - 2013-08-23 04:55 - 225464616 _____ C:\Users\1\Downloads\[Pure-Anime.biz]Highschool DxD NEW07GerSub.mp4
2013-08-23 03:14 - 2013-08-23 03:14 - 00757893 _____ C:\Users\1\Downloads\ar_sanji.rar
2013-08-23 03:14 - 2013-06-11 00:31 - 00000000 ____D C:\Users\1\Desktop\Mods
2013-08-23 00:44 - 2013-08-23 00:44 - 00000000 ____D C:\FRST
2013-08-23 00:37 - 2013-08-23 00:37 - 00000020 _____ C:\Users\1\defogger_reenable
2013-08-23 00:37 - 2011-02-25 15:25 - 00000000 ____D C:\Users\1
2013-08-23 00:36 - 2013-08-23 00:36 - 01576476 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-08-23 00:26 - 2013-08-23 00:36 - 00377856 _____ C:\Users\1\Desktop\gmer_2.1.19163.exe
2013-08-23 00:26 - 2013-08-23 00:36 - 00050477 _____ C:\Users\1\Desktop\Defogger.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-08-23 00:26 - 2013-08-23 00:26 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-08-23 00:04 - 2013-08-23 00:04 - 00000000 ____D C:\mmoTM
2013-08-22 23:37 - 2013-08-22 23:08 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 22:49 - 2013-04-20 19:53 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-22 22:47 - 2010-10-04 21:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-22 22:40 - 2011-02-28 11:15 - 00000000 ____D C:\Windows\Minidump
2013-08-19 01:29 - 2013-08-19 01:13 - 1130116244 _____ C:\Users\1\Documents\[NAKA] Mushibugyo - Episode 15 Ger Sub [1080p].mp4
2013-08-18 22:21 - 2012-02-10 19:02 - 00000000 ____D C:\Users\1\AppData\Roaming\DVDVideoSoft
2013-08-18 20:42 - 2012-02-10 19:01 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-08-18 20:41 - 2013-08-18 20:41 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
2013-08-15 21:21 - 2013-07-13 22:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 21:17 - 2011-12-27 18:28 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 20:19 - 2013-08-15 20:19 - 00000000 ____D C:\Users\1\AppData\Local\eclipse
2013-08-15 19:41 - 2012-04-14 23:39 - 00000994 _____ C:\Users\Гость\Desktop\Wakfu.lnk
2013-08-11 21:16 - 2013-07-16 01:50 - 00000000 ____D C:\Users\1\Desktop\Rom
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\Users\Все пользователи\StarApp
2013-08-06 21:46 - 2013-08-06 21:46 - 00000000 ____D C:\ProgramData\StarApp
2013-08-06 20:57 - 2013-05-20 10:20 - 00002049 _____ C:\Windows\TMFilter.log
2013-08-06 17:09 - 2011-03-12 15:17 - 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2013-08-06 17:09 - 2011-03-12 15:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-04 22:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-08-01 21:13 - 2013-08-01 20:42 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-01 01:47 - 2013-04-20 20:44 - 00000000 ____D C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\Users\Все пользователи\RELOADED
2013-08-01 01:37 - 2013-08-01 01:37 - 00000000 ____D C:\ProgramData\RELOADED
2013-07-30 17:28 - 2009-07-14 04:34 - 00000500 _____ C:\Windows\win.ini
2013-07-29 01:50 - 2013-01-30 20:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-29 01:50 - 2012-08-29 22:18 - 00000000 ____D C:\Users\Все пользователи\Skype
2013-07-29 01:50 - 2012-08-29 22:18 - 00000000 ____D C:\ProgramData\Skype
2013-07-27 15:25 - 2013-04-20 21:35 - 00000000 ____D C:\Users\1\Documents\my games
2013-07-26 09:10 - 2013-07-26 09:10 - 00000000 ____D C:\Users\1\AppData\Roaming\library_dir
2013-07-26 09:07 - 2013-06-01 09:48 - 00056972 _____ C:\Windows\DirectX.log
2013-07-26 09:04 - 2013-07-26 09:04 - 00000000 ____D C:\Windyzone
2013-07-26 08:48 - 2011-04-09 13:47 - 00000000 ____D C:\Users\1\Tracing
2013-07-26 07:13 - 2013-08-15 21:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:13 - 2013-08-15 21:27 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 21:27 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 21:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 07:12 - 2013-08-15 21:27 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 21:27 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 21:27 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:35 - 2013-08-15 21:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 21:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 21:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 21:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 21:27 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 21:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 21:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 05:11 - 2013-08-15 21:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 04:49 - 2013-08-15 21:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 21:28 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 21:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Все пользователи\hash.dat
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-19 04:41
==================== End Of Log ============================
also mein spiel läuft wieder gut aber ich habe jetzt auch schin seit längerem das problem mit bluescreens einfach so Geändert von Jagiro (25.08.2013 um 13:32 Uhr) |
|
25.08.2013, 19:27
| #12 | |
| /// the machine /// TB-Ausbilder | Spiele und Leistung langsamer als sonstZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.08.2013, 20:23
| #13 |
| | Spiele und Leistung langsamer als sonst A problem has been detected and Windows has been shut down to prevent damage to your computer was genau da jetzt stand weiß ich nicht kann man das den irgendwo nachsehen ? |
|
26.08.2013, 08:46
| #14 |
| /// the machine /// TB-Ausbilder | Spiele und Leistung langsamer als sonst Neu starten, schnell F8 wie wenn Du in den abgesicherten Modus willst, im Menü wählst Du "Automatischen Neustart bei Systemfehler deaktivieren". Beim nächsten Bluescreen bleibt der Bildschirm so und du kannst die Daten abschreiben.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.08.2013, 12:18
| #15 |
| | Spiele und Leistung langsamer als sonst hmm okay was muss ich als nächstes machen  D |
|
| Themen zu Spiele und Leistung langsamer als sonst |
| auf einmal, freue, hilfe, hänge, laggen, lange, langsamer, leistung, problem, pup.bprotector, pup.optional.babylon.a, pup.optional.browserdefender.a, pup.optional.datamngr, pup.optional.dealply.a, pup.optional.delta.a, pup.optional.installcore.a, pup.optional.startpage, pup.optional.sweetim, pup.optional.tarma.a, spiele, würde |
Linear-Darstellung
