| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.09.2013, 16:30
| #1 |
 |  Laptop langsam Mein Laptop ist langsamer und ich kann nur mit laggs spielen deswegen bin ich wieder hier Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 02 Ran by 1 at 2013-09-12 17:04:38 Running from C:\Users\1\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= µTorrent (x32 Version: 3.1.2) 7-Zip 9.20 (x32) Acrobat.com (x32 Version: 1.6.65) Adobe AIR (x32 Version: 3.7.0.2090) Adobe Download Assistant (x32 Version: 1.0.6) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Aeria Ignite (x32 Version: 1.12.2732) AION Free-To-Play (x32 Version: 2.70.0000) Akamai NetSession Interface (HKCU) Akamai NetSession Interface (x32) Alcor Micro USB Card Reader (x32 Version: 1.6.17.25401) Alice Greenfingers (x32) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2013.0328.2218.38225) AMD Media Foundation Decoders (Version: 1.0.80328.2204) AMD USB Filter Driver (x32 Version: 1.0.15.94) AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225) Ashampoo Burning Studio 6 FREE v.6.80 (x32 Version: 6.8.0) ASUS AI Recovery (x32 Version: 1.0.10) ASUS AP Bank (x32 Version: 1.0.0.0) ASUS FancyStart (x32 Version: 1.0.8) ASUS LifeFrame3 (x32 Version: 3.0.20) ASUS Live Update (x32 Version: 2.5.9) ASUS MultiFrame (x32 Version: 1.0.0021) ASUS Power4Gear Hybrid (Version: 1.1.35) ASUS SmartLogon (x32 Version: 1.0.0008) ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0029) ASUS Virtual Camera (x32 Version: 1.0.20) ASUS WebStorage (x32 Version: 2.0.46.1429) ATK Package (x32 Version: 1.0.0003) Atlantica (x32 Version: 40505) Avira Free Antivirus (x32 Version: 13.0.0.4052) Bandisoft MPEG-1 Decoder (x32) BitRaider Web Client (x32 Version: 1.1.6.3) Boingo Wi-Fi (x32 Version: 1.7.0048) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225) CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225) CCC Help Czech (x32 Version: 2013.0328.2217.38225) CCC Help Danish (x32 Version: 2013.0328.2217.38225) CCC Help Dutch (x32 Version: 2013.0328.2217.38225) CCC Help English (x32 Version: 2013.0328.2217.38225) CCC Help Finnish (x32 Version: 2013.0328.2217.38225) CCC Help French (x32 Version: 2013.0328.2217.38225) CCC Help German (x32 Version: 2013.0328.2217.38225) CCC Help Greek (x32 Version: 2013.0328.2217.38225) CCC Help Hungarian (x32 Version: 2013.0328.2217.38225) CCC Help Italian (x32 Version: 2013.0328.2217.38225) CCC Help Japanese (x32 Version: 2013.0328.2217.38225) CCC Help Korean (x32 Version: 2013.0328.2217.38225) CCC Help Norwegian (x32 Version: 2013.0328.2217.38225) CCC Help Polish (x32 Version: 2013.0328.2217.38225) CCC Help Portuguese (x32 Version: 2013.0328.2217.38225) CCC Help Russian (x32 Version: 2013.0328.2217.38225) CCC Help Spanish (x32 Version: 2013.0328.2217.38225) CCC Help Swedish (x32 Version: 2013.0328.2217.38225) CCC Help Thai (x32 Version: 2013.0328.2217.38225) CCC Help Turkish (x32 Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) Chicken Invaders 2 (x32) Choice Guard (x32 Version: 1.2.87.0) ControlDeck (x32 Version: 1.0.8) Crysis® 2 (x32 Version: 1.0.0.0) CyberLink LabelPrint (x32 Version: 2.5.1908) CyberLink Power2Go (x32 Version: 6.1.3602c) DBO_CT_TW (x32 Version: 1.57.22) DDS Thumbnail Viewer (x32 Version: 1.00.000) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dragonica Version TEST (x32 Version: TEST) Dream Day Wedding Married in Manhattan (x32) ETDWare PS/2-x64 7.0.5.13_WHQL (Version: 7.0.5.13) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) Fast Boot (Version: 1.0.5) FlyLinkDC2009 500 (x32) Free Studio version 2013 (x32 Version: 6.1.10.812) Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827) Game Park Console (x32 Version: 6.2.0.2) GDMO (x32) GKLauncher (x32 Version: 1.1.0.3) Google Chrome (x32 Version: 29.0.1547.66) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32) Google Update Helper (x32 Version: 1.3.21.153) GrandFantasia-DE (x32) HeroesGo (HKCU) ICQ Sparberater (x32 Version: 1.3.671) ICQ7M (x32 Version: 7.8) IrfanView (remove only) (x32 Version: 4.35) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Junk Mail filter update (x32 Version: 14.0.8050.1202) K_Series_ScreenSaver_EN (x32) Kalydo Player 4.11.01 (HKCU Version: 4.11.01) League of Legends (x32 Version: 1.3) Loong (x32 Version: 1.3.3.14) Lunia (x32) Mabinogi (x32) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Martial Empires DE (x32 Version: 1.00.0000) Marvel Heroes (x32 Version: 1.10.0.83) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft AppLocale (x32 Version: 1.0.0) Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Access MUI (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office Excel MUI (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office Groove MUI (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office InfoPath MUI (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000) Microsoft Office OneNote MUI (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office Outlook MUI (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office PowerPoint MUI (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (Ukrainian) 2010 (Version: 14.0.7015.1000) Microsoft Office Proofing (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office Publisher MUI (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared 32-bit MUI (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared MUI (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office Word MUI (Russian) 2010 (Version: 14.0.7015.1000) Microsoft Office профессиональный плюс 2010 (Version: 14.0.7015.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0) Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Windows Application Compatibility Database Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Mozilla Maintenance Service (x32 Version: 18.0.1) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0) Mu (x32 Version: 0.68) Nexon Game Manager (x32) NVIDIA PhysX (x32 Version: 9.12.1031) OGPlanet Game Launcher (x32 Version: 1.0.0) Onigiri_JP (x32 Version: 1.00.0000) OpenAL (x32) Overwolf (x32 Version: 0.40.228) Pando Media Booster (x32 Version: 2.6.0.8) Path of Exile (x32 Version: 0.10.0.22571) Piggly FREE (x32) Pinnacle Game Profiler (x32 Version: 5.0.0) PlayDGN version 103 (x32 Version: 103) PockiePirateHelper (x32 Version: 54) Pokémon Trading Card Game Online (x32 Version: 1.0.0) Pokemon World Online version 1.83 (x32 Version: 1.83) Project64 1.6 (x32 Version: 1.6) Ragnarök Online (x32 Version: 13.3) Ragnarok Online2 (x32 Version: 2.00.0000) Ragnarok_Europe (x32 Version: 13.3) RaiderZ (x32 Version: 1.00.0000) Razer Abyssus (x32 Version: 2.00) Razer Game Booster (x32 Version: 3.7) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6176) RemnantKnights (HKCU Version: 0.01.02.91) RequiemFacebook (HKCU Version: 0.00.01.83) Return of Warrior (x32 Version: 1.0.1.0) RGSS-RTP Standard (x32 Version: 1.04) RPG Maker VX RTP (x32 Version: 1.02) RPGƒcƒN[ƒ‹VX RTP (x32 Version: 1.00) RPGXP (x32 Version: 1.0.0) S4 League_EU (x32 Version: 1.00.0000) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition Shin Megami Tensei Imagine (x32 Version: 1.678) Skype™ 6.6 (x32 Version: 6.6.106) SlimDX Redistributable (March 2009) (x32 Version: 2.0.7.41) Smileyville FREE (x32) Spiral Knights (x32) SRS Premium Sound Control Panel (Version: 1.8.7700) Steam (x32 Version: 1.0.0.0) syncables desktop SE (x32 Version: 5.5.615.9518) TeamSpeak 3 Client (x32 Version: 3.0.10.1) The Sims™ 3 (x32 Version: 1.26.89) The Sims™ 3 Питомцы (x32 Version: 10.0.96) Torchlight II (x32) Trend Micro Internet Security (Version: 17.50) TSR Workshop (x32 Version: 1.0.14) Uninstall TrianglePlayer (x32 Version: 2012) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553157) 64-Bit Edition Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589370) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2760758) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition USB 2.0 VGA UVC WebCam VLC media player 2.0.8 (x32 Version: 2.0.8) Warhammer 40,000 Dawn of War II - Chaos Rising (x32) WEBZEN Browser Extension (x32 Version: 1.01.020) WIDCOMM Bluetooth Software (Version: 6.2.5.500) Windows 7 Upgrade Advisor (x32 Version: 2.0.5000.0) Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (Version: 07/17/2009 6.2.0.9403) Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (Version: 07/29/2009 6.1.7100.0) Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500) (Version: 06/11/2009 6.2.0.9500) Windows Live Communications Platform (x32 Version: 14.0.8050.1202) Windows Live Messenger (x32 Version: 14.0.8050.1202) Windows Live Sync (x32 Version: 14.0.8050.1202) Windows Live Writer (x32 Version: 14.0.8050.1202) WinDS PRO 2013.9.1 (Version: 2013.9.10.0) WinDS PRO Apps 1.6.2 (Version: 1.6.2.0) WinFlash (x32 Version: 2.30.3) WinRAR 4.11 (64-Bit) (Version: 4.11.0) Wireless Console 3 (x32 Version: 3.0.17) Yu-Gi-Oh! ONLINE 3 (x32 Version: 1.00.5000) Коннект Менеджер (x32 Version: 1.0.0.1) Основные компоненты Windows Live (x32 Version: 14.0.8050.1202) Помощник по входу в Windows Live (x32 Version: 5.000.818.6) Почта Windows Live (x32 Version: 14.0.8050.1202) Семейная безопасность Windows Live (Version: 14.0.8052.1208) Средство передачи Windows Live (x32 Version: 14.0.8014.1029) Фотоальбом Windows Live (x32 Version: 14.0.8051.1204) ==================== Restore Points ========================= 02-09-2013 13:59:27 Removed Project64 1.6 10-09-2013 22:57:41 Центр обновления Windows ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-08-24 02:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {0B93C4CE-FD9A-4C6D-94A5-BC8813510FFB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {14571037-48F4-4CFF-B816-39A065513249} - System32\Tasks\{D59D638B-9D42-4918-A6C0-642A902DCF34} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?source=lightinstaller&LastError=1603 Task: {14D53E82-1CF4-4294-8BF7-2EB61D1AE49F} - System32\Tasks\{7ACB6725-58D3-4FBA-9CCF-3B55F741F3E7} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/go/help.faq.installer?LastError=1603 Task: {14F57633-D35F-438D-B2CC-339E9074ABB3} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe Task: {1B772F46-7C77-4081-A0A3-1195D7A81860} - System32\Tasks\{E4B6E313-B77E-434A-AD09-4F5666F2756F} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {1B97F3EB-AB98-487E-8973-1422FCFD0433} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: {230E9C70-835C-49E3-B2A5-4CCE8ADBFA81} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-06-09] (asus) Task: {236C61C1-A6C3-4E19-8225-5B7968586A71} - System32\Tasks\User_Feed_Synchronization-{FDF1D46B-CA44-405F-8514-57C73810FC94} => C:\Windows\system32\msfeedssync.exe [2013-06-20] (Microsoft Corporation) Task: {2B25A76E-4D68-48A4-9B09-E47417B6540C} - System32\Tasks\{0BD25ECA-65E8-4709-BF42-CC00C46D130B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?source=lightinstaller&page=tsInstall Task: {2DC5CD7E-73F0-4A9D-A7D6-432A05D00CCC} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2013-06-05] () Task: {36809738-84C3-4957-B00E-CE4D75D6A1B5} - \BrowserProtect No Task File Task: {45C8FAEF-1BB3-4BBD-99A4-C924241C055C} - \Dealply No Task File Task: {4FB50C40-43D1-4512-868D-E3AC06B829AE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA => C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {52EB8AB7-FB92-4E13-B1C4-3C7F79F3CE99} - System32\Tasks\RunAsStdUser Task => C:\Users\1\AppData\Local\teeveewatchSA\bin\1.0.8.0\TeeveeWatchSA.exe Task: {547BF65C-7320-4FAF-9673-42F732355771} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: {5B2E5278-B516-4CDA-806A-602BDCAF4BA6} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS) Task: {5E9E955E-507D-42C8-A451-FE8D0123E51A} - System32\Tasks\{0E404638-AF26-4BCE-B999-718C639245A4} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?source=lightinstaller&LastError=1603 Task: {6266B304-28BA-4AAD-8BBC-6A7848991A9B} - System32\Tasks\{E3171ABA-32BF-46E2-A947-8B15BB41F9F6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?source=lightinstaller&LastError=1603 Task: {680D415A-BA1F-4401-A910-149A27ACC7C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07] (Google Inc.) Task: {6B0DDC62-531B-4CEA-A531-EEFF86FC2CE3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07] (Google Inc.) Task: {9A7DAEE7-FF38-4B58-BBFA-A72E99D725AD} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS) Task: {9BAAAEB6-51B1-4C67-8AA9-A303AFBBE769} - System32\Tasks\{34B82CD7-8C78-4D78-BC63-2F74995ED776} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?source=lightinstaller&LastError=1603 Task: {A6BF1449-7969-4882-A47E-F18A4272B6E5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core => C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Корпорация Майкрософт (Microsoft Corp.)) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\System32\aitagent.exe [2010-11-20] (Корпорация Майкрософт (Microsoft Corp.)) Task: {B6BB981A-3C67-43F2-B4B9-824837D9E028} - System32\Tasks\{81FED1E2-90CD-4E9F-A734-599C249B4FAF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {BD6C0054-C30E-4AC8-BA13-487DF24EB2D8} - System32\Tasks\{3D6B78ED-9E4D-4821-AE07-9108BF4DD3D2} => C:\PlayPark\RO2\RO2Client.exe Task: {BD97A8BD-69B1-49A2-8B26-04E6BC40A5AF} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation) Task: {C06944C3-57EE-4F41-AE86-F272762C528B} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe Task: {D079F4A4-4424-4318-9ED8-8D13F68DA197} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-04-08] (ATK) Task: {DD37D8FE-B760-44E8-9BB0-D846A77F22CC} - System32\Tasks\{1CB86C9B-CCCF-4235-9E09-49F952C70CE9} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation) Task: {E10C9ED5-CB1A-487F-B914-5C8A10DCEF85} - System32\Tasks\{983EC493-D2BD-48DC-A0C8-D4641233522D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603 Task: {EEF92587-FF77-4C8D-AF74-3B828FD6BEF5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {EF6C3C50-31C5-4DE4-BDB5-BD433710D61F} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe Task: {F87659F9-E9B3-4EBE-875D-AE93FB36119C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core.job => C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA.job => C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-04 01:09 - 2013-04-04 01:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2012-12-14 14:25 - 2012-12-14 14:25 - 08879224 _____ (Корпорация Майкрософт) C:\Program Files\Microsoft Office\Office14\1049\GrooveIntlResource.dll 2009-07-14 02:22 - 2009-07-14 03:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2009-07-14 02:36 - 2009-07-14 03:27 - 00925184 _____ (Корпорация Майкрософт) C:\Windows\system32\FXSRESM.DLL 2009-10-26 05:38 - 2009-10-26 05:38 - 00221184 _____ ( ) C:\Program Files (x86)\ASUS\ASUS WebStorage\LogicNP.EZNamespaceExtensions.dll 2010-03-16 03:48 - 2010-03-16 03:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll 2010-10-04 21:22 - 2010-10-04 21:22 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll 2010-10-04 21:22 - 2010-10-04 21:22 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll 2010-10-04 21:36 - 2010-08-10 12:00 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2009-10-29 05:02 - 2009-10-29 05:02 - 00004096 _____ ( ) C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\Interop.SIMPLEAESLib.dll 2009-11-06 20:18 - 2009-11-06 20:18 - 00004096 _____ ( ) C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\Interop.SimpleAES64Lib.dll 2009-08-02 14:54 - 2009-08-02 14:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00217088 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll 2013-03-28 22:14 - 2013-03-28 22:14 - 00335872 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll 2013-03-28 22:30 - 2013-03-28 22:30 - 00037888 _____ (AMD) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\FUEL.ImplementationNet4.dll 2013-03-28 22:30 - 2013-03-28 22:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2009-11-02 12:20 - 2009-11-02 12:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 12:23 - 2009-11-02 12:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2012-07-12 01:26 - 2012-07-12 01:26 - 00686960 ____T (Facebook Inc.) C:\Users\1\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll 2005-09-21 15:30 - 2005-09-21 15:30 - 00036864 _____ (ATK) C:\Program Files (x86)\ASUS\Wireless Console 3\inter_f2.dll 2004-05-27 16:13 - 2004-05-27 16:13 - 00080384 _____ (ACTIONTEC Electronics,Inc) C:\Program Files (x86)\ASUS\Wireless Console 3\ATKWLIOC.DLL 2005-01-12 22:36 - 2005-01-12 22:36 - 00303104 _____ (Silicon Integrated Systems Corp.) C:\Program Files (x86)\ASUS\Wireless Console 3\SiSPkt.dll 2013-01-09 17:26 - 2012-12-07 15:20 - 00441856 _____ (Корпорация Майкрософт) C:\Windows\System32\Wpc.dll 2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2012-12-14 14:34 - 2012-12-14 14:34 - 08878696 _____ (Корпорация Майкрософт) C:\Program Files (x86)\Microsoft Office\Office14\1049\GrooveIntlResource.dll 2011-12-28 19:05 - 2010-11-20 15:26 - 04120064 _____ (Корпорация Майкрософт) C:\Windows\system32\mf.dll 2013-09-05 22:02 - 2013-09-02 22:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll 2013-09-05 22:02 - 2013-09-02 22:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll 2013-09-05 22:02 - 2013-09-02 22:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll 2013-09-05 22:02 - 2013-09-02 22:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll 2013-09-05 22:02 - 2013-09-02 22:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll 2013-09-05 22:03 - 2013-09-02 22:35 - 13599184 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/12/2013 04:52:19 PM) (Source: Application Error) (User: ) Description: Имя сбойного приложения: FBAgent.exe, версия: 1.0.5.4, отметка времени: 0x4b1cb992 Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18229, отметка времени 0x51fb164a Код исключения: 0xc0000005 Смещение ошибки: 0x0000000000053290 Идентификатор сбойного процесса: 0x540 Время запуска сбойного приложения: 0xFBAgent.exe0 Путь сбойного приложения: FBAgent.exe1 Путь сбойного модуля: FBAgent.exe2 Код отчета: FBAgent.exe3 Error: (09/12/2013 03:52:58 PM) (Source: MsiInstaller) (User: 1-ПК) Description: Product: Boingo Wi-Fi -- Error 1706. An installation package for the product Boingo Wi-Fi cannot be found. Try the installation again using a valid copy of the installation package 'clientlite_all.msi'. Error: (09/11/2013 08:37:54 PM) (Source: MsiInstaller) (User: 1-ПК) Description: Product: Boingo Wi-Fi -- Error 1706. An installation package for the product Boingo Wi-Fi cannot be found. Try the installation again using a valid copy of the installation package 'clientlite_all.msi'. Error: (09/11/2013 04:03:56 PM) (Source: MsiInstaller) (User: 1-ПК) Description: Product: Boingo Wi-Fi -- Error 1706. An installation package for the product Boingo Wi-Fi cannot be found. Try the installation again using a valid copy of the installation package 'clientlite_all.msi'. Error: (09/10/2013 04:01:09 PM) (Source: MsiInstaller) (User: 1-ПК) Description: Product: Boingo Wi-Fi -- Error 1706. An installation package for the product Boingo Wi-Fi cannot be found. Try the installation again using a valid copy of the installation package 'clientlite_all.msi'. Error: (09/10/2013 04:00:01 PM) (Source: Application Error) (User: ) Description: Имя сбойного приложения: FBAgent.exe, версия: 1.0.5.4, отметка времени: 0x4b1cb992 Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51dba4e7 Код исключения: 0xc0000005 Смещение ошибки: 0x0000000000053290 Идентификатор сбойного процесса: 0x598 Время запуска сбойного приложения: 0xFBAgent.exe0 Путь сбойного приложения: FBAgent.exe1 Путь сбойного модуля: FBAgent.exe2 Код отчета: FBAgent.exe3 Error: (09/10/2013 00:21:01 AM) (Source: Application Error) (User: ) Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710 Код исключения: 0xc0000005 Смещение ошибки: 0x0002e243 Идентификатор сбойного процесса: 0x2ad4 Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0 Путь сбойного приложения: FlashPlayerUpdateService.exe1 Путь сбойного модуля: FlashPlayerUpdateService.exe2 Код отчета: FlashPlayerUpdateService.exe3 Error: (09/09/2013 11:21:01 PM) (Source: Application Error) (User: ) Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710 Код исключения: 0xc0000005 Смещение ошибки: 0x0002e243 Идентификатор сбойного процесса: 0x1edc Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0 Путь сбойного приложения: FlashPlayerUpdateService.exe1 Путь сбойного модуля: FlashPlayerUpdateService.exe2 Код отчета: FlashPlayerUpdateService.exe3 Error: (09/09/2013 10:21:01 PM) (Source: Application Error) (User: ) Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710 Код исключения: 0xc0000005 Смещение ошибки: 0x0002e243 Идентификатор сбойного процесса: 0x181c Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0 Путь сбойного приложения: FlashPlayerUpdateService.exe1 Путь сбойного модуля: FlashPlayerUpdateService.exe2 Код отчета: FlashPlayerUpdateService.exe3 Error: (09/09/2013 10:09:20 PM) (Source: Application Error) (User: ) Description: Имя сбойного приложения: FlashPlayerUpdateService.exe, версия: 11.6.602.180, отметка времени: 0x51a4ab8c Имя сбойного модуля: ntdll.dll, версия: 6.1.7601.18205, отметка времени 0x51db9710 Код исключения: 0xc0000005 Смещение ошибки: 0x0002e243 Идентификатор сбойного процесса: 0x1780 Время запуска сбойного приложения: 0xFlashPlayerUpdateService.exe0 Путь сбойного приложения: FlashPlayerUpdateService.exe1 Путь сбойного модуля: FlashPlayerUpdateService.exe2 Код отчета: FlashPlayerUpdateService.exe3 System errors: ============= Error: (09/12/2013 04:59:29 PM) (Source: BROWSER) (User: ) Description: Слишком много неудачных попыток службы браузера сети загрузить резервный список с помощью транспорта \Device\NetBT_Tcpip_{1E860CDA-0E83-4D33-9CF2-1F149445DE52}. Резервный браузер сети остановлен. Error: (09/12/2013 04:53:24 PM) (Source: Service Control Manager) (User: ) Description: Служба "AFBAgent" неожиданно прервана. Это произошло (раз): 1. Error: (09/12/2013 04:25:41 PM) (Source: Service Control Manager) (User: ) Description: Служба "Tor Win32 Service" неожиданно прервана. Это произошло (раз): 1. Error: (09/12/2013 03:52:22 PM) (Source: BROWSER) (User: ) Description: Слишком много неудачных попыток службы браузера сети загрузить резервный список с помощью транспорта \Device\NetBT_Tcpip_{1E860CDA-0E83-4D33-9CF2-1F149445DE52}. Резервный браузер сети остановлен. Error: (09/11/2013 08:36:24 PM) (Source: BROWSER) (User: ) Description: Слишком много неудачных попыток службы браузера сети загрузить резервный список с помощью транспорта \Device\NetBT_Tcpip_{1E860CDA-0E83-4D33-9CF2-1F149445DE52}. Резервный браузер сети остановлен. Error: (09/11/2013 05:08:00 PM) (Source: Service Control Manager) (User: ) Description: Служба "Центр обновления Windows" не завершила работу должным образом после получения управления для выполнения предзавершающих операций. Error: (09/11/2013 04:51:29 PM) (Source: Service Control Manager) (User: ) Description: Служба "Tor Win32 Service" неожиданно прервана. Это произошло (раз): 1. Error: (09/11/2013 04:20:49 PM) (Source: BROWSER) (User: ) Description: Слишком много неудачных попыток службы браузера сети загрузить резервный список с помощью транспорта \Device\NetBT_Tcpip_{1E860CDA-0E83-4D33-9CF2-1F149445DE52}. Резервный браузер сети остановлен. Error: (09/10/2013 06:22:05 PM) (Source: BROWSER) (User: ) Description: Слишком много неудачных попыток службы браузера сети загрузить резервный список с помощью транспорта \Device\NetBT_Tcpip_{1E860CDA-0E83-4D33-9CF2-1F149445DE52}. Резервный браузер сети остановлен. Error: (09/10/2013 04:03:05 PM) (Source: BROWSER) (User: ) Description: Слишком много неудачных попыток службы браузера сети загрузить резервный список с помощью транспорта \Device\NetBT_Tcpip_{1E860CDA-0E83-4D33-9CF2-1F149445DE52}. Резервный браузер сети остановлен. Microsoft Office Sessions: ========================= Error: (09/12/2013 04:52:19 PM) (Source: Application Error)(User: ) Description: FBAgent.exe1.0.5.44b1cb992ntdll.dll6.1.7601.1822951fb164ac0000005000000000005329054001ceafc79e985a01C:\Windows\system32\FBAgent.exeC:\Windows\SYSTEM32\ntdll.dllebd8c18e-1bba-11e3-8d5b-74f06da91ee2 Error: (09/12/2013 03:52:58 PM) (Source: MsiInstaller)(User: 1-ПК) Description: Product: Boingo Wi-Fi -- Error 1706. An installation package for the product Boingo Wi-Fi cannot be found. Try the installation again using a valid copy of the installation package 'clientlite_all.msi'.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/11/2013 08:37:54 PM) (Source: MsiInstaller)(User: 1-ПК) Description: Product: Boingo Wi-Fi -- Error 1706. An installation package for the product Boingo Wi-Fi cannot be found. Try the installation again using a valid copy of the installation package 'clientlite_all.msi'.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/11/2013 04:03:56 PM) (Source: MsiInstaller)(User: 1-ПК) Description: Product: Boingo Wi-Fi -- Error 1706. An installation package for the product Boingo Wi-Fi cannot be found. Try the installation again using a valid copy of the installation package 'clientlite_all.msi'.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/10/2013 04:01:09 PM) (Source: MsiInstaller)(User: 1-ПК) Description: Product: Boingo Wi-Fi -- Error 1706. An installation package for the product Boingo Wi-Fi cannot be found. Try the installation again using a valid copy of the installation package 'clientlite_all.msi'.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (09/10/2013 04:00:01 PM) (Source: Application Error)(User: ) Description: FBAgent.exe1.0.5.44b1cb992ntdll.dll6.1.7601.1820551dba4e7c0000005000000000005329059801ceae2df6ef741bC:\Windows\system32\FBAgent.exeC:\Windows\SYSTEM32\ntdll.dll48619860-1a21-11e3-9167-74f06da91ee2 Error: (09/10/2013 00:21:01 AM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e2432ad401ceadaadcc186d5C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll1b11ddd4-199e-11e3-93a0-74f06da91ee2 Error: (09/09/2013 11:21:01 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e2431edc01ceada27afd226bC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dllb94da07b-1995-11e3-93a0-74f06da91ee2 Error: (09/09/2013 10:21:01 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e243181c01cead9a193a92c8C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll579c2817-198d-11e3-93a0-74f06da91ee2 Error: (09/09/2013 10:09:20 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.1820551db9710c00000050002e243178001cead98737a83b0C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dllb5d57595-198b-11e3-93a0-74f06da91ee2 CodeIntegrity Errors: =================================== Date: 2013-08-24 02:23:50.541 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-24 02:23:50.150 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-08 18:09:42.472 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\1\Downloads\32Bit Injector\Injector.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-05-08 18:09:42.218 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\1\Downloads\32Bit Injector\Injector.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-26 10:07:27.100 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\1\Downloads\32Bit Injector\Injector.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-26 10:07:26.931 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\1\Downloads\32Bit Injector\Injector.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-08-02 15:40:15.436 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\ncvet.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-08-02 15:40:15.337 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\ncvet.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-08-02 15:40:10.152 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\ncvet.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-08-02 15:40:09.982 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Temp\ncvet.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 6141.82 MB Available physical RAM: 4065.32 MB Total Pagefile: 12281.82 MB Available Pagefile: 9565.77 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:12.92 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:329.79 GB) (Free:326.08 GB) NTFS Drive f: (SDATA1) (Fixed) (Total:232.87 GB) (Free:232.78 GB) NTFS Drive g: (SDATA2) (Fixed) (Total:232.89 GB) (Free:232.79 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E0C5913D) Partition 1: (Not Active) - (Size=20 GB) - (Type=1C) Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=330 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 466 GB) (Disk ID: BBC58B91) Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by 1 (administrator) on 1-ПК on 12-09-2013 17:02:38
Running from C:\Users\1\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Russian
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
() C:\Program Files (x86)\Tor\tor.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Facebook Inc.) C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Akamai Technologies, Inc.) C:\Users\1\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Akamai Technologies, Inc.) C:\Users\1\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\EeeStorageUploader.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKCU\...\Run: [NevoDRM] - C:\Игры\NevoDRM\NevoDRM.exe [41984 2008-12-11] ()
HKCU\...\Run: [Facebook Update] - C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2013-01-25] (BitTorrent, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-04] ()
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [autodetect] - C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe [129872 2010-03-02] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Abyssus] - C:\Program Files (x86)\Razer\Abyssus\razerhid.exe [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Гость\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKU\Гость\...\Run: [NevoDRM] - C:\Игры\NevoDRM\NevoDRM.exe [41984 2008-12-11] ()
HKU\Гость\...\Run: [Facebook Update] - C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Гость\...\Run: [Akamai NetSession Interface] - C:\Users\1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\Гость\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2013-01-25] (BitTorrent, Inc.)
HKU\Гость\...\Run: [RavenBleuSA] - "C:\Users\1\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe"
HKU\Гость\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\Гость\...\Run: [Vidalia] - "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
HKU\Гость\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\Гость\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
HKU\Гость\...\Run: [ICQ] - ~"C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4
HKU\Гость\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKU\Гость\...\Run: [teeveewatchSA] - "C:\Users\1\AppData\Local\teeveewatchSA\bin\1.0.8.0\teeveewatchSA.exe"
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No File
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO-x32: Помощник по входу в Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default
FF NetworkProxy: "no_proxies_on", "127.0.0.1"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 1
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\11569798\npxbdsetup.dll ()
FF Plugin-x32: @cloudisk.snda.com,version=1.0.5.6 - C:\ProgramData\SNDA\Cloud_plugin\np_plugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Webzen.com/NPBrowserExt - C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll No File
FF Plugin-x32: @xunlei.com/npxluser - C:\Program Files (x86)\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\1\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @TrianglePlayer - C:\Users\1\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @xunlei.com/npxluser - C:\Program Files (x86)\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: onlinehdtv - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\onlinehdtv@onlinehd.tv.xpi
FF Extension: No Name - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Kalydo Player Plugin for Mozilla) - C:\Users\1\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
CHR Plugin: (NPPlayerShell) - C:\Users\1\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (OGPlanet Game Plugin) - C:\Windows\system32\npOGPPlugin.dll No File
CHR Extension: (Docs) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Adblock Plus) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd10.crx
CHR HKLM-x32\...\Chrome\Extension: [nmpllndkedbnmonoomepeeglghdelffo] - C:\Program Files (x86)\icq\Chrome\icq-1.3.671.crx
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-09] (BitRaider, LLC)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4662936 2012-02-27] (INCA Internet Co., Ltd.)
R2 SDDUpdate; C:\Users\1\AppData\Roaming\SNDA\SDUpdate\SDDUpdateSvc.dll [227224 2013-09-02] (SNDA)
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.)
R2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-08] ()
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [661600 2012-11-19] (Wellbia.com Co., Ltd.)
S2 Guard.Mail.ru; "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" [x]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [x]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [x]
==================== Drivers (Whitelisted) ====================
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Корпорация Майкрософт)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
S3 SDGame; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 SDGame; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 SdoKeyCrypt; C:\Windows\system32\SdoKeyCrypt.sys [69560 2013-09-02] (盛大网络)
S3 SdoKeyCrypt; C:\Windows\system32\SdoKeyCrypt.sys [69560 2013-09-02] (盛大网络)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-02-26] (Duplex Secure Ltd.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Корпорация Майкрософт)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
U3 AppMgmt; %SystemRoot%\system32\svchost.exe -k netsvcs
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 CscService;
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 ncvet.dll; \??\C:\Windows\Temp\ncvet.dll [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
U3 PeerDistSvc;
U3 tmlwf;
U3 tmwfp;
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 X6va005; \??\C:\Users\1\AppData\Local\Temp\005C0D5.tmp [x]
S3 X6va006; \??\C:\Users\1\AppData\Local\Temp\006C740.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-12 16:54 - 2013-09-12 16:54 - 00000574 _____ C:\Users\1\Downloads\defogger_disable.log
2013-09-12 16:54 - 2013-09-12 16:54 - 00000020 _____ C:\Users\1\defogger_reenable
2013-09-12 16:47 - 2013-09-12 16:48 - 01949642 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-09-12 16:47 - 2013-09-12 16:47 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-09-11 01:16 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 01:16 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 01:16 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 01:16 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 01:16 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 01:16 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 01:16 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 01:16 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 01:16 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 01:16 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 01:16 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 01:16 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 21:59 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 21:59 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-10 21:59 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-10 21:59 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-10 21:59 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-10 21:59 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-10 21:59 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-10 21:59 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-10 21:59 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-10 21:59 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-10 21:59 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 21:59 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 21:59 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 21:59 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 21:59 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 21:59 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-10 21:59 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-10 21:59 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 21:59 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 21:59 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 21:59 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 21:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 21:59 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-10 21:59 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 21:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 21:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 02:26 - 2013-09-08 02:26 - 00000000 ____D C:\Program Files (x86)\Tor
2013-09-07 22:13 - 2013-09-07 22:13 - 96533415 _____ C:\Windows\SysWOW64\倛挳痤“
2013-09-06 13:21 - 2013-09-06 13:21 - 96334488 _____ C:\Windows\SysWOW64\裆箤痤¦
2013-09-05 09:10 - 2013-09-05 09:10 - 00001400 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-09-05 09:10 - 2013-09-05 09:10 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-09-04 02:34 - 2013-09-04 02:34 - 00000000 ____D C:\Users\1\AppData\Roaming\taobao
2013-09-02 17:56 - 2013-09-02 17:56 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-09-02 15:54 - 2013-09-02 15:55 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
2013-09-02 15:49 - 2013-09-02 15:49 - 00003056 _____ C:\Windows\System32\Tasks\{3A623D4C-6638-411C-990A-FA35665591DB}
2013-09-02 15:45 - 2013-09-02 15:45 - 00069560 _____ (盛大网络) C:\Windows\system32\SdoKeyCrypt.sys
2013-09-02 14:41 - 2013-09-02 15:51 - 00000000 ____D C:\Program Files (x86)\baidu
2013-09-02 14:41 - 2013-09-02 14:57 - 00000000 ____D C:\Users\1\AppData\Roaming\Baidu
2013-09-02 14:41 - 2013-09-02 14:41 - 00000000 ____D C:\Users\Все пользователи\Baidu
2013-09-02 14:41 - 2013-09-02 14:41 - 00000000 ____D C:\ProgramData\Baidu
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\Все пользователи\did
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\1\AppData\Roaming\KuaiZip
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\ProgramData\did
2013-09-02 14:33 - 2012-07-10 06:45 - 00092976 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
2013-09-02 14:32 - 2013-09-04 02:34 - 00000000 ____D C:\Users\1\AppData\Roaming\tmp
2013-09-02 14:32 - 2013-09-02 17:49 - 00000000 ____D C:\Program Files\¿ìѹ
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\Softlink
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Local\SNDAService
2013-09-02 14:31 - 2013-09-02 15:50 - 00000000 ____D C:\Users\Все пользователи\SNDA
2013-09-02 14:31 - 2013-09-02 15:50 - 00000000 ____D C:\ProgramData\SNDA
2013-09-02 14:30 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\SNDA
2013-09-02 12:36 - 2013-09-02 12:36 - 00000000 ____D C:\Users\Public\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:36 - 00000000 ____D C:\Users\Все пользователи\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:36 - 00000000 ____D C:\ProgramData\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:34 - 01305048 _____ C:\Users\1\Downloads\lzg0629_setup.exe
2013-09-02 12:34 - 2013-09-02 12:34 - 00000000 ____D C:\Users\1\AppData\Roaming\GameDownloader
2013-09-01 11:16 - 2013-09-01 11:16 - 00706916 _____ C:\Users\1\Downloads\delfix.exe
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\Users\Все пользователи\APN
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\ProgramData\APN
2013-08-31 12:59 - 2013-08-31 12:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-31 12:59 - 2013-08-31 12:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-30 19:09 - 2013-08-30 19:09 - 00000000 ____D C:\Users\1\AppData\Roaming\InstallShield
2013-08-30 19:09 - 2009-08-27 14:49 - 00092672 _____ (Razer Inc.) C:\Windows\system32\Abyssus.cpl
2013-08-30 18:57 - 2013-08-30 18:58 - 12895320 _____ (Razer Inc.) C:\Users\1\Downloads\Razer_Synapse_Framework_V1.12.08.exe
2013-08-30 08:49 - 2013-08-30 08:49 - 00001033 _____ C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00001009 _____ C:\Users\1\Desktop\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00000000 ____D C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroesGo
2013-08-30 08:43 - 2013-08-31 14:34 - 00000000 ____D C:\Program Files (x86)\HeroesGo
2013-08-27 17:29 - 2013-08-27 19:12 - 317036708 _____ C:\Users\1\Downloads\MSG00.S1.480.08.rar
2013-08-27 17:29 - 2013-08-27 19:06 - 333144244 _____ C:\Users\1\Downloads\MSG.S2.480.07.rar
2013-08-27 06:51 - 2013-08-27 08:34 - 317190324 _____ C:\Users\1\Downloads\MSG00.S1.480.04.rar
2013-08-27 06:51 - 2013-08-27 07:45 - 321960100 _____ C:\Users\1\Downloads\MSG00.S1.480.06.rar
2013-08-27 06:48 - 2013-08-27 06:48 - 00001099 _____ C:\Users\1\Desktop\4NiMEbyME.lnk
2013-08-27 06:48 - 2013-08-27 06:48 - 00000000 _____ C:\Users\1\Desktop\KEYD96QMD3S
2013-08-26 11:00 - 2013-08-26 11:00 - 00312320 _____ C:\Users\1\Downloads\SknGenerator.exe
2013-08-25 19:56 - 2013-08-25 21:40 - 317098148 _____ C:\Users\1\Downloads\MSG00.S1.480.05.rar
2013-08-25 14:37 - 2013-08-25 16:23 - 327618724 _____ C:\Users\1\Downloads\MSG00.S1.480.03.rar
2013-08-25 14:36 - 2013-08-25 17:57 - 317307060 _____ C:\Users\1\Downloads\MSG00.S1.480.02.rar
2013-08-25 12:05 - 2013-08-25 13:54 - 327878820 _____ C:\Users\1\Downloads\MSG00.S1.480.01.rar
2013-08-25 10:32 - 2013-08-25 12:22 - 338245812 _____ C:\Users\1\Downloads\MSG.S2.480.02.rar
2013-08-25 10:25 - 2013-08-25 11:33 - 338647220 _____ C:\Users\1\Downloads\MSG.S2.480.01.rar
2013-08-24 17:14 - 2013-08-24 17:16 - 00000000 ____D C:\AdwCleaner
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Users\1\AppData\Roaming\Malwarebytes
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 16:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-24 13:25 - 2013-09-12 16:41 - 00000000 ____D C:\Users\1\Desktop\PlayDGN
2013-08-24 02:06 - 2013-08-24 02:32 - 00000000 ____D C:\Windows\erdnt
2013-08-22 23:08 - 2013-08-22 23:37 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-18 22:22 - 2013-09-09 17:32 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
2013-08-15 20:19 - 2013-08-15 20:19 - 00000000 ____D C:\Users\1\AppData\Local\eclipse
2013-08-15 19:27 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 19:27 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 19:27 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 19:27 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 19:27 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 19:27 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 19:27 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 19:27 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 19:27 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 19:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 19:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 19:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-12 17:03 - 2010-10-04 21:26 - 00000027 _____ C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2013-09-12 17:03 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 17:03 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 17:02 - 2013-09-12 17:02 - 00000000 ____D C:\FRST
2013-09-12 16:59 - 2013-05-19 09:23 - 02040300 _____ C:\Windows\WindowsUpdate.log
2013-09-12 16:57 - 2012-02-19 13:55 - 00000000 ____D C:\Users\1\AppData\Roaming\Skype
2013-09-12 16:56 - 2012-02-16 14:46 - 00000000 ____D C:\Users\1\AppData\Roaming\uTorrent
2013-09-12 16:55 - 2013-05-19 09:20 - 00015058 _____ C:\Windows\setupact.log
2013-09-12 16:54 - 2013-09-12 16:54 - 00000574 _____ C:\Users\1\Downloads\defogger_disable.log
2013-09-12 16:54 - 2013-09-12 16:54 - 00000020 _____ C:\Users\1\defogger_reenable
2013-09-12 16:54 - 2011-02-25 15:25 - 00000000 ____D C:\Users\1
2013-09-12 16:48 - 2013-09-12 16:47 - 01949642 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-09-12 16:47 - 2013-09-12 16:47 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-09-12 16:41 - 2013-08-24 13:25 - 00000000 ____D C:\Users\1\Desktop\PlayDGN
2013-09-12 15:51 - 2011-06-24 13:56 - 00000000 ____D C:\Windows\system32\Service
2013-09-11 20:39 - 2009-07-14 07:13 - 01650206 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-11 20:39 - 2009-07-13 17:17 - 00717442 _____ C:\Windows\system32\perfh019.dat
2013-09-11 20:39 - 2009-07-13 17:17 - 00150260 _____ C:\Windows\system32\perfc019.dat
2013-09-11 16:02 - 2011-02-25 15:27 - 00000000 ___RD C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 16:02 - 2011-02-25 15:27 - 00000000 ___RD C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 15:59 - 2009-07-14 06:45 - 00416504 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 01:17 - 2011-03-12 15:17 - 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2013-09-11 01:17 - 2011-03-12 15:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 01:16 - 2013-07-13 22:46 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 01:12 - 2011-12-27 18:28 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 15:59 - 2013-05-20 09:32 - 00561154 _____ C:\Windows\PFRO.log
2013-09-10 07:31 - 2011-12-30 01:12 - 00001122 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA.job
2013-09-10 07:21 - 2012-04-29 01:16 - 00000896 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-10 07:14 - 2012-10-07 13:26 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 03:57 - 2013-06-22 12:22 - 00022173 _____ C:\autoupdate.log
2013-09-10 03:57 - 2012-10-07 13:26 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 03:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 17:32 - 2013-08-18 22:22 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-09-09 01:31 - 2011-12-30 01:12 - 00001100 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core.job
2013-09-08 17:00 - 2011-02-25 15:25 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-09-08 02:26 - 2013-09-08 02:26 - 00000000 ____D C:\Program Files (x86)\Tor
2013-09-07 22:13 - 2013-09-07 22:13 - 96533415 _____ C:\Windows\SysWOW64\倛挳痤“
2013-09-06 13:21 - 2013-09-06 13:21 - 96334488 _____ C:\Windows\SysWOW64\裆箤痤¦
2013-09-05 09:10 - 2013-09-05 09:10 - 00001400 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-09-05 09:10 - 2013-09-05 09:10 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-09-05 09:10 - 2012-02-10 19:01 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-09-05 09:09 - 2012-02-10 19:02 - 00000000 ____D C:\Users\1\AppData\Roaming\DVDVideoSoft
2013-09-05 08:23 - 2013-05-20 10:20 - 00002370 _____ C:\Windows\TMFilter.log
2013-09-04 16:16 - 2013-06-06 23:45 - 00000000 ____D C:\Users\1\AppData\Roaming\vlc
2013-09-04 11:37 - 2013-05-07 16:56 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 11:37 - 2013-03-28 03:41 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 11:37 - 2013-03-28 03:41 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 02:34 - 2013-09-04 02:34 - 00000000 ____D C:\Users\1\AppData\Roaming\taobao
2013-09-04 02:34 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\tmp
2013-09-03 10:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-02 17:56 - 2013-09-02 17:56 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-09-02 17:49 - 2013-09-02 14:32 - 00000000 ____D C:\Program Files\¿ìѹ
2013-09-02 17:49 - 2009-07-14 07:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-02 16:00 - 2013-06-05 22:12 - 00000000 ____D C:\Users\Все пользователи\BitRaider
2013-09-02 16:00 - 2013-06-05 22:12 - 00000000 ____D C:\ProgramData\BitRaider
2013-09-02 15:55 - 2013-09-02 15:54 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
2013-09-02 15:51 - 2013-09-02 14:41 - 00000000 ____D C:\Program Files (x86)\baidu
2013-09-02 15:51 - 2011-03-18 11:03 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-09-02 15:50 - 2013-09-02 14:31 - 00000000 ____D C:\Users\Все пользователи\SNDA
2013-09-02 15:50 - 2013-09-02 14:31 - 00000000 ____D C:\ProgramData\SNDA
2013-09-02 15:49 - 2013-09-02 15:49 - 00003056 _____ C:\Windows\System32\Tasks\{3A623D4C-6638-411C-990A-FA35665591DB}
2013-09-02 15:45 - 2013-09-02 15:45 - 00069560 _____ (盛大网络) C:\Windows\system32\SdoKeyCrypt.sys
2013-09-02 14:57 - 2013-09-02 14:41 - 00000000 ____D C:\Users\1\AppData\Roaming\Baidu
2013-09-02 14:41 - 2013-09-02 14:41 - 00000000 ____D C:\Users\Все пользователи\Baidu
2013-09-02 14:41 - 2013-09-02 14:41 - 00000000 ____D C:\ProgramData\Baidu
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\Все пользователи\did
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\1\AppData\Roaming\KuaiZip
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\ProgramData\did
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\Softlink
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Local\SNDAService
2013-09-02 14:32 - 2013-09-02 14:30 - 00000000 ____D C:\Users\1\AppData\Roaming\SNDA
2013-09-02 12:36 - 2013-09-02 12:36 - 00000000 ____D C:\Users\Public\Thunder Network
2013-09-02 12:36 - 2013-09-02 12:34 - 00000000 ____D C:\Users\Все пользователи\Thunder Network
2013-09-02 12:36 - 2013-09-02 12:34 - 00000000 ____D C:\ProgramData\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:34 - 01305048 _____ C:\Users\1\Downloads\lzg0629_setup.exe
2013-09-02 12:34 - 2013-09-02 12:34 - 00000000 ____D C:\Users\1\AppData\Roaming\GameDownloader
2013-09-01 11:27 - 2013-07-07 15:16 - 00001431 _____ C:\DelFix.txt
2013-09-01 11:16 - 2013-09-01 11:16 - 00706916 _____ C:\Users\1\Downloads\delfix.exe
2013-08-31 14:34 - 2013-08-30 08:43 - 00000000 ____D C:\Program Files (x86)\HeroesGo
2013-08-31 13:25 - 2010-10-04 21:41 - 00002392 _____ C:\Windows\system32\AutoRunFilter.ini
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\Users\Все пользователи\APN
2013-08-31 13:01 - 2013-08-31 13:01 - 00000000 ____D C:\ProgramData\APN
2013-08-31 12:59 - 2013-08-31 12:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-31 12:59 - 2013-08-31 12:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-31 12:59 - 2012-06-21 21:57 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-08-31 12:59 - 2012-02-11 18:22 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-30 19:13 - 2011-02-25 15:26 - 00110856 _____ C:\Users\1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-30 19:10 - 2013-06-15 18:46 - 00012790 _____ C:\Windows\DPINST.LOG
2013-08-30 19:09 - 2013-08-30 19:09 - 00000000 ____D C:\Users\1\AppData\Roaming\InstallShield
2013-08-30 19:09 - 2010-10-04 21:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-30 19:07 - 2013-02-18 00:27 - 00000000 ____D C:\Users\Все пользователи\Razer
2013-08-30 19:07 - 2013-02-18 00:27 - 00000000 ____D C:\ProgramData\Razer
2013-08-30 19:07 - 2013-02-18 00:27 - 00000000 ____D C:\Program Files (x86)\Razer
2013-08-30 19:00 - 2013-02-18 00:27 - 00000000 ____D C:\Users\1\AppData\Local\Razer
2013-08-30 18:58 - 2013-08-30 18:57 - 12895320 _____ (Razer Inc.) C:\Users\1\Downloads\Razer_Synapse_Framework_V1.12.08.exe
2013-08-30 08:49 - 2013-08-30 08:49 - 00001033 _____ C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00001009 _____ C:\Users\1\Desktop\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00000000 ____D C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroesGo
2013-08-30 07:56 - 2010-10-04 21:41 - 00001552 _____ C:\Windows\system32\ServiceFilter.ini
2013-08-27 19:12 - 2013-08-27 17:29 - 317036708 _____ C:\Users\1\Downloads\MSG00.S1.480.08.rar
2013-08-27 19:06 - 2013-08-27 17:29 - 333144244 _____ C:\Users\1\Downloads\MSG.S2.480.07.rar
2013-08-27 08:34 - 2013-08-27 06:51 - 317190324 _____ C:\Users\1\Downloads\MSG00.S1.480.04.rar
2013-08-27 07:45 - 2013-08-27 06:51 - 321960100 _____ C:\Users\1\Downloads\MSG00.S1.480.06.rar
2013-08-27 06:48 - 2013-08-27 06:48 - 00001099 _____ C:\Users\1\Desktop\4NiMEbyME.lnk
2013-08-27 06:48 - 2013-08-27 06:48 - 00000000 _____ C:\Users\1\Desktop\KEYD96QMD3S
2013-08-27 06:40 - 2011-02-28 11:15 - 00000000 ____D C:\Windows\Minidump
2013-08-26 11:49 - 2013-06-11 00:31 - 00000000 ____D C:\Users\1\Desktop\Mods
2013-08-26 11:00 - 2013-08-26 11:00 - 00312320 _____ C:\Users\1\Downloads\SknGenerator.exe
2013-08-25 21:40 - 2013-08-25 19:56 - 317098148 _____ C:\Users\1\Downloads\MSG00.S1.480.05.rar
2013-08-25 17:57 - 2013-08-25 14:36 - 317307060 _____ C:\Users\1\Downloads\MSG00.S1.480.02.rar
2013-08-25 16:23 - 2013-08-25 14:37 - 327618724 _____ C:\Users\1\Downloads\MSG00.S1.480.03.rar
2013-08-25 13:54 - 2013-08-25 12:05 - 327878820 _____ C:\Users\1\Downloads\MSG00.S1.480.01.rar
2013-08-25 12:22 - 2013-08-25 10:32 - 338245812 _____ C:\Users\1\Downloads\MSG.S2.480.02.rar
2013-08-25 11:33 - 2013-08-25 10:25 - 338647220 _____ C:\Users\1\Downloads\MSG.S2.480.01.rar
2013-08-24 19:11 - 2013-05-14 16:58 - 00000000 ____D C:\Users\1\Documents\DragonNest
2013-08-24 17:16 - 2013-08-24 17:14 - 00000000 ____D C:\AdwCleaner
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Users\1\AppData\Roaming\Malwarebytes
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 12:47 - 2011-11-27 18:49 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-24 12:46 - 2011-03-12 13:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-08-24 12:46 - 2011-03-12 13:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 02:34 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-24 02:32 - 2013-08-24 02:06 - 00000000 ____D C:\Windows\erdnt
2013-08-24 02:27 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-24 02:25 - 2009-07-14 04:34 - 81264640 _____ C:\Windows\system32\config\software.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 25690112 _____ C:\Windows\system32\config\system.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00360448 _____ C:\Windows\system32\config\default.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00090112 _____ C:\Windows\system32\config\sam.bak
2013-08-22 23:37 - 2013-08-22 23:08 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 22:49 - 2013-04-20 19:53 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
2013-08-15 20:19 - 2013-08-15 20:19 - 00000000 ____D C:\Users\1\AppData\Local\eclipse
2013-08-15 19:41 - 2012-04-14 23:39 - 00000994 _____ C:\Users\Гость\Desktop\Wakfu.lnk
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Все пользователи\hash.dat
C:\Users\1\AppData\Local\Temp\AiBoosterSetup.exe
C:\Users\1\AppData\Local\Temp\APNSetup.exe
C:\Users\1\AppData\Local\Temp\cloudisk_setup.exe
C:\Users\1\AppData\Local\Temp\Ku6_Speed_Setup.exe
C:\Users\1\AppData\Local\Temp\kzsetup.exe
C:\Users\1\AppData\Local\Temp\Quarantine.exe
C:\Users\1\AppData\Local\Temp\SDG_SHOWPOP.exe
C:\Users\1\AppData\Local\Temp\setup4088.exe
C:\Users\1\AppData\Local\Temp\silentoi-39005028_28-60.exe
C:\Users\1\AppData\Local\Temp\thunder20130902103523.exe
C:\Users\1\AppData\Local\Temp\vlc-2.0.8-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-25 22:40
==================== End Of Log ============================
|
|
12.09.2013, 17:10
| #2 | |
| /// the machine /// TB-Ausbilder    | Laptop langsam hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
12.09.2013, 18:05
| #3 |
| | Laptop langsam Combofix Logfile:
__________________Code:
ATTFilter ComboFix 13-09-12.01 - 1 12.09.2013 18:48:03.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1049.18.6142.4270 [GMT 2:00]
Eseguito da: c:\users\1\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Trend Micro Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Trend Micro Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\11569798
c:\windows\Downloaded Program Files\11569798\BaiduSetupAx_1.dll
c:\windows\Downloaded Program Files\11569798\npxbdsetup.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2013-08-12 al 2013-09-12 )))))))))))))))))))))))))))))))))))
.
.
2013-09-12 17:00 . 2013-09-12 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-12 17:00 . 2013-09-12 17:00 -------- d-----w- c:\users\8CED~1\AppData\Local\temp
2013-09-12 15:02 . 2013-09-12 15:02 -------- d-----w- C:\FRST
2013-09-10 19:59 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-08 00:26 . 2013-09-08 00:26 -------- d-----w- c:\program files (x86)\Tor
2013-09-04 00:34 . 2013-09-04 00:34 -------- d-----w- c:\users\1\AppData\Roaming\taobao
2013-09-02 13:54 . 2013-09-02 13:55 250912 ----a-w- c:\windows\SysWow64\kz.exe
2013-09-02 13:45 . 2013-09-02 13:45 69560 ----a-w- c:\windows\system32\SdoKeyCrypt.sys
2013-09-02 12:41 . 2013-09-02 12:41 -------- d-----w- c:\programdata\Baidu
2013-09-02 12:41 . 2013-09-02 13:51 -------- d-----w- c:\program files (x86)\baidu
2013-09-02 12:41 . 2013-09-02 12:57 -------- d-----w- c:\users\1\AppData\Roaming\Baidu
2013-09-02 12:33 . 2013-09-02 12:33 -------- d-----w- c:\programdata\did
2013-09-02 12:33 . 2013-09-02 12:33 -------- d-----w- c:\users\1\AppData\Roaming\KuaiZip
2013-09-02 12:33 . 2012-07-10 04:45 92976 ----a-w- c:\windows\system32\drivers\KuaiZipDrive.sys
2013-09-02 12:32 . 2013-09-04 00:34 -------- d-----w- c:\users\1\AppData\Roaming\tmp
2013-09-02 12:32 . 2013-09-02 12:32 -------- d-----w- c:\users\1\AppData\Local\SNDAService
2013-09-02 12:32 . 2013-09-02 12:32 -------- d-----w- c:\users\1\AppData\Roaming\Softlink
2013-09-02 12:32 . 2013-09-02 15:49 -------- d-----w- c:\program files\¿ìѹ
2013-09-02 12:31 . 2013-09-02 13:50 -------- d-----w- c:\programdata\SNDA
2013-09-02 12:30 . 2013-09-02 12:32 -------- d-----w- c:\users\1\AppData\Roaming\SNDA
2013-09-02 10:36 . 2013-09-02 10:36 -------- d-----w- c:\program files (x86)\Common Files\Thunder Network
2013-09-02 10:36 . 2013-09-02 10:36 -------- d-----w- c:\users\Public\Thunder Network
2013-09-02 10:34 . 2013-09-02 10:36 -------- d-----w- c:\programdata\Thunder Network
2013-09-02 10:34 . 2013-09-02 10:34 -------- d-----w- c:\users\1\AppData\Roaming\GameDownloader
2013-08-31 11:01 . 2013-08-31 11:01 -------- d-----w- c:\programdata\APN
2013-08-31 10:59 . 2013-08-31 10:59 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-31 10:59 . 2013-08-31 10:59 -------- d-----w- c:\program files (x86)\Java
2013-08-30 17:09 . 2009-08-27 12:49 92672 ----a-w- c:\windows\system32\Abyssus.cpl
2013-08-30 17:09 . 2013-08-30 17:09 -------- d-----w- c:\users\1\AppData\Roaming\InstallShield
2013-08-30 06:43 . 2013-08-31 12:34 -------- d-----w- c:\program files (x86)\HeroesGo
2013-08-24 15:14 . 2013-08-24 15:16 -------- d-----w- C:\AdwCleaner
2013-08-24 14:47 . 2013-08-24 14:47 -------- d-----w- c:\users\1\AppData\Roaming\Malwarebytes
2013-08-24 14:47 . 2013-08-24 14:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-24 14:47 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-15 18:19 . 2013-08-15 18:19 -------- d-----w- c:\users\1\AppData\Local\eclipse
2013-08-14 06:00 . 2013-08-14 06:00 24286400 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2013-08-14 05:53 . 2013-08-14 05:53 18634944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-10 23:12 . 2011-12-27 16:28 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-08 15:00 . 2011-02-25 13:25 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-09-04 09:37 . 2013-05-07 14:56 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-04 09:37 . 2013-03-28 01:41 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-04 09:37 . 2013-03-28 01:41 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-31 10:59 . 2012-06-21 19:57 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-08-31 10:59 . 2012-02-11 16:22 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-24 10:46 . 2011-03-12 11:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-08-24 10:46 . 2011-03-12 11:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-08-02 01:48 . 2013-09-10 19:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-05 20:03 . 2013-07-05 20:03 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-05 20:03 . 2013-07-05 20:03 312232 ----a-w- c:\windows\system32\javaws.exe
2013-07-05 20:03 . 2013-07-05 20:03 189352 ----a-w- c:\windows\system32\javaw.exe
2013-07-05 20:03 . 2013-07-05 20:03 188840 ----a-w- c:\windows\system32\java.exe
2013-07-05 20:03 . 2012-03-03 18:35 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-05 20:03 . 2012-03-03 18:35 1093032 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-07-04 23:50 . 2012-03-17 05:47 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2013-07-04 23:50 . 2012-03-17 05:47 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2013-06-20 05:04 . 2013-06-20 05:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-20 05:04 . 2013-06-20 05:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-20 05:04 . 2013-06-20 05:04 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-20 05:04 . 2013-06-20 05:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-20 05:04 . 2013-06-20 05:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-20 05:04 . 2013-06-20 05:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-20 05:04 . 2013-06-20 05:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-20 05:04 . 2013-06-20 05:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-20 05:04 . 2013-06-20 05:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-20 05:04 . 2013-06-20 05:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-20 05:04 . 2013-06-20 05:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-20 05:04 . 2013-06-20 05:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-20 05:04 . 2013-06-20 05:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-20 05:04 . 2013-06-20 05:04 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-20 05:04 . 2013-06-20 05:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-20 05:04 . 2013-06-20 05:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-20 05:04 . 2013-06-20 05:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-20 05:04 . 2013-06-20 05:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-20 05:04 . 2013-06-20 05:04 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-20 05:04 . 2013-06-20 05:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-20 05:04 . 2013-06-20 05:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-20 05:04 . 2013-06-20 05:04 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-20 05:04 . 2013-06-20 05:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-20 05:04 . 2013-06-20 05:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-20 05:04 . 2013-06-20 05:04 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-20 05:04 . 2013-06-20 05:04 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-20 05:04 . 2013-06-20 05:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-20 05:04 . 2013-06-20 05:04 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-20 05:04 . 2013-06-20 05:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-20 05:04 . 2013-06-20 05:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-20 05:04 . 2013-06-20 05:04 441856 ----a-w- c:\windows\system32\html.iec
2013-06-20 05:04 . 2013-06-20 05:04 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-20 05:04 . 2013-06-20 05:04 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-20 05:04 . 2013-06-20 05:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-20 05:04 . 2013-06-20 05:04 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-20 05:04 . 2013-06-20 05:04 235008 ----a-w- c:\windows\system32\url.dll
2013-06-20 05:04 . 2013-06-20 05:04 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-20 05:04 . 2013-06-20 05:04 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-20 05:04 . 2013-06-20 05:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-20 05:04 . 2013-06-20 05:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-20 05:04 . 2013-06-20 05:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-20 05:04 . 2013-06-20 05:04 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-20 05:04 . 2013-06-20 05:04 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-20 05:04 . 2013-06-20 05:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-20 05:04 . 2013-06-20 05:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-20 05:04 . 2013-06-20 05:04 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-20 05:04 . 2013-06-20 05:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-20 05:04 . 2013-06-20 05:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-20 05:04 . 2013-06-20 05:04 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-20 05:02 . 2013-06-20 05:02 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-20 05:02 . 2013-06-20 05:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-20 05:02 . 2013-06-20 05:02 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-20 05:02 . 2013-06-20 05:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-20 05:02 . 2013-06-20 05:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-20 05:02 . 2013-06-20 05:02 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-20 05:02 . 2013-06-20 05:02 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-20 05:02 . 2013-06-20 05:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-20 05:02 . 2013-06-20 05:02 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-20 05:02 . 2013-06-20 05:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-20 05:02 . 2013-06-20 05:02 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-20 05:02 . 2013-06-20 05:02 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-20 05:02 . 2013-06-20 05:02 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-20 05:02 . 2013-06-20 05:02 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-20 05:02 . 2013-06-20 05:02 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-20 05:02 . 2013-06-20 05:02 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-20 05:02 . 2013-06-20 05:02 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-20 05:02 . 2013-06-20 05:02 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NevoDRM"="c:\????\NevoDRM\NevoDRM.exe" [?]
"Facebook Update"="c:\users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Akamai NetSession Interface"="c:\users\1\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-01-25 969104]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19876456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-10-04 2429]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"autodetect"="c:\windows\SysWOW64\SupportAppXL\AutoDect.exe" [2010-03-02 129872]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-04 347192]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2010-10-4 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SDDUpdate;SDDUpdate;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 ncvet.dll;ncvet.dll;c:\windows\Temp\ncvet.dll;c:\windows\Temp\ncvet.dll [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SDGame;SDGame;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 SdoKeyCrypt;SdoKeyCrypt;c:\windows\system32\SdoKeyCrypt.sys;c:\windows\SYSNATIVE\SdoKeyCrypt.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vtany;vtany;c:\windows\vtany.sys;c:\windows\vtany.sys [x]
R3 X6va005;X6va005;c:\users\1\AppData\Local\Temp\005C0D5.tmp;c:\users\1\AppData\Local\Temp\005C0D5.tmp [x]
R3 X6va006;X6va006;c:\users\1\AppData\Local\Temp\006C740.tmp;c:\users\1\AppData\Local\Temp\006C740.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va010;X6va010;c:\windows\SysWOW64\Drivers\X6va010;c:\windows\SysWOW64\Drivers\X6va010 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbvoice.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys;c:\windows\SYSNATIVE\DRIVERS\tmpreflt.sys [x]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys;c:\windows\SYSNATIVE\drivers\Abyssus.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WINRING0_1_2_0
*Deregistered* - fxldqpow
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
SDDUpdate REG_MULTI_SZ SDDUpdate
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-05 19:59 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core.job
- c:\users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-29 23:26]
.
2013-09-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA.job
- c:\users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-29 23:26]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 11:26]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-07 11:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &????????? ? OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: &??????? ? Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\1\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - c:\program files (x86)\icq\Internet Explorer\icq.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Abyssus - c:\program files (x86)\Razer\Abyssus\razerhid.exe
BHO-{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-55A28800-614C-47F2-A956-9D85A4E10922_is1 - c:\atlus online\Shin Megami Tensei Imagine\unins000.exe
AddRemove-Atlantica - c:\nexon\Atlantica\uninst.exe
AddRemove-DMO - c:\joymax\DMO\uninstaller.exe
AddRemove-GrandFantasia-DE - c:\aeriagames\GrandFantasia-DE\Uninst.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-Lunia - c:\allm\Lunia\uninstall.exe
AddRemove-Mabinogi - c:\nexon\Mabinogi\Mabinogi.exe
AddRemove-OGPlanet Game Launcher US - c:\program files (x86)\OGPlanet\USLauncher\uninst.exe
AddRemove-Warhammer 40,000 Dawn of War II - Chaos Rising_is1 - c:\users\1\AppData\Roaming\Warhammer 40
AddRemove-{0C1B8079-5140-415A-AEB8-766FFB2024BD}_is1 - c:\program files (x86)\PlayDGN\unins000.exe
AddRemove-{30C01299-554C-4B62-BD0F-849F43E01C91}_is1 - c:\program files (x86)\Pokemon World Online\unins000.exe
AddRemove-{46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1 - c:\gpotato.eu\Dragonica\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\1\AppData\Local\Temp\005C0D5.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\1\AppData\Local\Temp\006C740.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va013]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-09-12 19:03:41
ComboFix-quarantined-files.txt 2013-09-12 17:03
.
Pre-Run: 13.661.097.984 bytes free
Post-Run: 13.069.168.640 bytes free
.
- - End Of File - - B5303B1B6F4C2EA58648C4DD99E44AC9
|
|
13.09.2013, 08:13
| #4 |
| /// the machine /// TB-Ausbilder | Laptop langsam Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.09.2013, 15:29
| #5 |
| | Laptop langsam AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.000 - Report created 24/08/2013 at 17:16:23
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : 1 - 1-??
# Running from : C:\Users\1\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Users\1\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
File Deleted : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\searchplugins\Babylon.xml
File Deleted : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\bprotector_extensions.sqlite
File Deleted : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\bprotector_prefs.js
File Deleted : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\user.js
File Deleted : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\BrowserProtect
File Deleted : C:\Windows\System32\Tasks\Dealply
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\590df8db769be45
Key Deleted : HKLM\SOFTWARE\590df8db769be45
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_visualboyadvance_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_visualboyadvance_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_warcraft-iii-the-frozen-throne_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_warcraft-iii-the-frozen-throne_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winds-pro_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winds-pro_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_driver-turbo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_driver-turbo_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsFinder
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v18.0.1 (en-US)
[ File : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\prefs.js ]
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{336D0C35-8A85-403a-B9D2-65C292C39087}\":{\"descriptor\":\"C:\\\\Program Files\\\\Web Assistant\\\\Firefox\",\"mtim[...]
-\\ Google Chrome v29.0.1547.57
[ File : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [4810 octets] - [24/08/2013 17:15:04]
AdwCleaner[S0].txt - [4553 octets] - [24/08/2013 17:16:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4613 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.003 - Report created 13/09/2013 at 16:13:24
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : 1 - 1-??
# Running from : C:\Users\1\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\Program Files (x86)\baidu
Folder Deleted : C:\Users\1\AppData\Roaming\baidu
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKCU\Software\Ciuvo
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v18.0.1 (en-US)
[ File : C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\prefs.js ]
-\\ Google Chrome v29.0.1547.66
[ File : C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6060 octets] - [24/08/2013 17:15:04]
AdwCleaner[S0].txt - [5789 octets] - [24/08/2013 17:16:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5849 octets] ##########
JRT Logfile: JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by 1 on 13.09.2013 at 16:20:03,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2836931342-2209172082-994582513-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.09.2013 at 16:26:27,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 1 :: 1-ПК [Administrator] 13.09.2013 15:31:05 mbam-log-2013-09-13 (15-31-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Heuristiks/Extra | P2P Durchsuchte Objekte: 33095 Laufzeit: 6 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by 1 on 13.09.2013 at 16:20:03,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2836931342-2209172082-994582513-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.09.2013 at 16:26:27,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
14.09.2013, 06:27
| #6 |
| /// the machine /// TB-Ausbilder | Laptop langsamESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Laptop langsam |
|
15.09.2013, 16:06
| #7 |
| | Laptop langsamCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d0a3d6ca8266624a9e067faef3222352
# engine=15135
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-15 02:38:21
# local_time=2013-09-15 04:38:21 )
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=513 16777085 100 97 18198 112337917 0 0
# compatibility_mode=1799 16775165 100 96 62300 244679191 11899 0
# compatibility_mode=5893 16776574 66 85 5833710 130885751 0 0
# scanned=308404
# found=2
# cleaned=0
# scan_time=14906
sh=60E3E4227497AD83885E859903CB98D769ED9B9C ft=1 fh=c71c0011e1c26d8e vn="Win32/Agent.PBI trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe"
sh=60E3E4227497AD83885E859903CB98D769ED9B9C ft=1 fh=c71c0011e1c26d8e vn="Win32/Agent.PBI trojan" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Trend Micro Internet Security Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader XI Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 Google Chrome dmlconf.dat.. ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe ESET ESET Online Scanner OnlineScannerApp.exe Trend Micro BM TMBMSRV.exe Trend Micro Internet Security SfCtlCom.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-09-2013 04
Ran by 1 (administrator) on 1-ПК on 15-09-2013 17:03:01
Running from C:\Users\1\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Russian
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
() C:\Program Files (x86)\Tor\tor.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Akamai Technologies, Inc.) C:\Users\1\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Akamai Technologies, Inc.) C:\Users\1\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Razer Game Booster\gbtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKCU\...\Run: [NevoDRM] - C:\Игры\NevoDRM\NevoDRM.exe [41984 2008-12-11] ()
HKCU\...\Run: [Facebook Update] - C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2013-01-25] (BitTorrent, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-12] (Adobe Systems Incorporated)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-04] ()
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [autodetect] - C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe [129872 2010-03-02] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No File
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO-x32: Помощник по входу в Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default
FF NetworkProxy: "no_proxies_on", "127.0.0.1"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 1
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\11569798\npxbdsetup.dll No File
FF Plugin-x32: @cloudisk.snda.com,version=1.0.5.6 - C:\ProgramData\SNDA\Cloud_plugin\np_plugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Webzen.com/NPBrowserExt - C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll No File
FF Plugin-x32: @xunlei.com/npxluser - C:\Program Files (x86)\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\1\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @TrianglePlayer - C:\Users\1\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @xunlei.com/npxluser - C:\Program Files (x86)\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: onlinehdtv - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\onlinehdtv@onlinehd.tv.xpi
FF Extension: No Name - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Kalydo Player Plugin for Mozilla) - C:\Users\1\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
CHR Plugin: (NPPlayerShell) - C:\Users\1\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (OGPlanet Game Plugin) - C:\Windows\system32\npOGPPlugin.dll No File
CHR Extension: (Docs) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Adblock Plus) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd10.crx
CHR HKLM-x32\...\Chrome\Extension: [nmpllndkedbnmonoomepeeglghdelffo] - C:\Program Files (x86)\icq\Chrome\icq-1.3.671.crx
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-09] (BitRaider, LLC)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4662936 2012-02-27] (INCA Internet Co., Ltd.)
R2 SDDUpdate; C:\Users\1\AppData\Roaming\SNDA\SDUpdate\SDDUpdateSvc.dll [227224 2013-09-02] (SNDA)
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.)
R2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-08] ()
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [661600 2012-11-19] (Wellbia.com Co., Ltd.)
S2 Guard.Mail.ru; "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" [x]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [x]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [x]
==================== Drivers (Whitelisted) ====================
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Корпорация Майкрософт)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
S3 SDGame; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 SDGame; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 SdoKeyCrypt; C:\Windows\system32\SdoKeyCrypt.sys [69560 2013-09-02] (盛大网络)
S3 SdoKeyCrypt; C:\Windows\system32\SdoKeyCrypt.sys [69560 2013-09-02] (盛大网络)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-02-26] (Duplex Secure Ltd.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Корпорация Майкрософт)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
R3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
R3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
U3 AppMgmt; %SystemRoot%\system32\svchost.exe -k netsvcs
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 CscService;
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 ncvet.dll; \??\C:\Windows\Temp\ncvet.dll [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
U3 PeerDistSvc;
U3 tmlwf;
U3 tmwfp;
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 X6va005; \??\C:\Users\1\AppData\Local\Temp\005C0D5.tmp [x]
S3 X6va006; \??\C:\Users\1\AppData\Local\Temp\006C740.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-15 17:02 - 2013-09-15 17:02 - 01951102 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-09-15 16:56 - 2013-09-15 12:17 - 00891144 _____ C:\Users\1\Desktop\SecurityCheck.exe
2013-09-15 12:27 - 2013-09-15 12:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-15 12:17 - 2013-09-15 12:17 - 00891144 _____ C:\Users\1\Downloads\SecurityCheck.exe
2013-09-15 12:15 - 2013-09-15 12:15 - 02347384 _____ (ESET) C:\Users\1\Downloads\esetsmartinstaller_enu.exe
2013-09-14 11:20 - 2013-09-14 23:20 - 97600188 _____ C:\Windows\SysWOW64\㠈蝭痤°
2013-09-13 21:22 - 2013-09-13 21:22 - 97503480 _____ C:\Windows\SysWOW64\俺饃痤¡
2013-09-13 16:26 - 2013-09-13 16:26 - 00001281 _____ C:\Users\1\Desktop\JRT.txt
2013-09-13 16:18 - 2013-09-13 16:19 - 01029509 _____ (Thisisu) C:\Users\1\Downloads\JRT.exe
2013-09-13 15:39 - 2013-09-13 15:39 - 01037278 _____ C:\Users\1\Downloads\adwcleaner.exe
2013-09-12 19:03 - 2013-09-12 19:03 - 00034229 _____ C:\ComboFix.txt
2013-09-12 18:45 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-12 18:45 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-12 18:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-12 18:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-12 18:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-12 18:45 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-12 18:45 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-12 18:45 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-12 18:44 - 2013-09-12 19:03 - 00000000 ____D C:\Qoobox
2013-09-12 18:43 - 2013-09-12 18:43 - 05124368 ____R (Swearware) C:\Users\1\Desktop\ComboFix.exe
2013-09-12 18:43 - 2013-09-12 18:43 - 05124368 _____ (Swearware) C:\Users\1\Downloads\ComboFix.exe
2013-09-12 17:17 - 2013-09-12 17:17 - 00014956 _____ C:\Users\1\Desktop\GMER.log
2013-09-12 17:04 - 2013-09-12 17:05 - 00043868 _____ C:\Users\1\Downloads\Addition.txt
2013-09-12 17:02 - 2013-09-12 17:02 - 00000000 ____D C:\FRST
2013-09-12 16:54 - 2013-09-12 16:54 - 00000574 _____ C:\Users\1\Downloads\defogger_disable.log
2013-09-12 16:54 - 2013-09-12 16:54 - 00000020 _____ C:\Users\1\defogger_reenable
2013-09-12 16:47 - 2013-09-12 16:47 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-09-11 01:16 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 01:16 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 01:16 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 01:16 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 01:16 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 01:16 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 01:16 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 01:16 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 01:16 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 01:16 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 01:16 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 01:16 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 21:59 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 21:59 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-10 21:59 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-10 21:59 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-10 21:59 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-10 21:59 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-10 21:59 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-10 21:59 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-10 21:59 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-10 21:59 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-10 21:59 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 21:59 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 21:59 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 21:59 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 21:59 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 21:59 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-10 21:59 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-10 21:59 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 21:59 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 21:59 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 21:59 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 21:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 21:59 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-10 21:59 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 21:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 21:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 02:26 - 2013-09-08 02:26 - 00000000 ____D C:\Program Files (x86)\Tor
2013-09-07 22:13 - 2013-09-07 22:13 - 96533415 _____ C:\Windows\SysWOW64\倛挳痤“
2013-09-06 13:21 - 2013-09-06 13:21 - 96334488 _____ C:\Windows\SysWOW64\裆箤痤¦
2013-09-05 09:10 - 2013-09-05 09:10 - 00001400 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-09-05 09:10 - 2013-09-05 09:10 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-09-04 02:34 - 2013-09-04 02:34 - 00000000 ____D C:\Users\1\AppData\Roaming\taobao
2013-09-02 17:56 - 2013-09-02 17:56 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-09-02 15:54 - 2013-09-02 15:55 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
2013-09-02 15:49 - 2013-09-02 15:49 - 00003056 _____ C:\Windows\System32\Tasks\{3A623D4C-6638-411C-990A-FA35665591DB}
2013-09-02 15:45 - 2013-09-02 15:45 - 00069560 _____ (盛大网络) C:\Windows\system32\SdoKeyCrypt.sys
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\Все пользователи\did
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\1\AppData\Roaming\KuaiZip
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\ProgramData\did
2013-09-02 14:33 - 2012-07-10 06:45 - 00092976 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
2013-09-02 14:32 - 2013-09-04 02:34 - 00000000 ____D C:\Users\1\AppData\Roaming\tmp
2013-09-02 14:32 - 2013-09-02 17:49 - 00000000 ____D C:\Program Files\¿ìѹ
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\Softlink
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Local\SNDAService
2013-09-02 14:31 - 2013-09-02 15:50 - 00000000 ____D C:\Users\Все пользователи\SNDA
2013-09-02 14:31 - 2013-09-02 15:50 - 00000000 ____D C:\ProgramData\SNDA
2013-09-02 14:30 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\SNDA
2013-09-02 12:36 - 2013-09-02 12:36 - 00000000 ____D C:\Users\Public\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:36 - 00000000 ____D C:\Users\Все пользователи\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:36 - 00000000 ____D C:\ProgramData\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:34 - 01305048 _____ C:\Users\1\Downloads\lzg0629_setup.exe
2013-09-02 12:34 - 2013-09-02 12:34 - 00000000 ____D C:\Users\1\AppData\Roaming\GameDownloader
2013-09-01 11:16 - 2013-09-01 11:16 - 00706916 _____ C:\Users\1\Downloads\delfix.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-31 12:59 - 2013-08-31 12:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-30 19:09 - 2013-08-30 19:09 - 00000000 ____D C:\Users\1\AppData\Roaming\InstallShield
2013-08-30 19:09 - 2009-08-27 14:49 - 00092672 _____ (Razer Inc.) C:\Windows\system32\Abyssus.cpl
2013-08-30 18:57 - 2013-08-30 18:58 - 12895320 _____ (Razer Inc.) C:\Users\1\Downloads\Razer_Synapse_Framework_V1.12.08.exe
2013-08-30 08:49 - 2013-08-30 08:49 - 00001033 _____ C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00001009 _____ C:\Users\1\Desktop\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00000000 ____D C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroesGo
2013-08-30 08:43 - 2013-08-31 14:34 - 00000000 ____D C:\Program Files (x86)\HeroesGo
2013-08-27 17:29 - 2013-08-27 19:12 - 317036708 _____ C:\Users\1\Downloads\MSG00.S1.480.08.rar
2013-08-27 17:29 - 2013-08-27 19:06 - 333144244 _____ C:\Users\1\Downloads\MSG.S2.480.07.rar
2013-08-27 06:51 - 2013-08-27 08:34 - 317190324 _____ C:\Users\1\Downloads\MSG00.S1.480.04.rar
2013-08-27 06:51 - 2013-08-27 07:45 - 321960100 _____ C:\Users\1\Downloads\MSG00.S1.480.06.rar
2013-08-27 06:48 - 2013-08-27 06:48 - 00001099 _____ C:\Users\1\Desktop\4NiMEbyME.lnk
2013-08-27 06:48 - 2013-08-27 06:48 - 00000000 _____ C:\Users\1\Desktop\KEYD96QMD3S
2013-08-26 11:00 - 2013-08-26 11:00 - 00312320 _____ C:\Users\1\Downloads\SknGenerator.exe
2013-08-25 19:56 - 2013-08-25 21:40 - 317098148 _____ C:\Users\1\Downloads\MSG00.S1.480.05.rar
2013-08-25 14:37 - 2013-08-25 16:23 - 327618724 _____ C:\Users\1\Downloads\MSG00.S1.480.03.rar
2013-08-25 14:36 - 2013-08-25 17:57 - 317307060 _____ C:\Users\1\Downloads\MSG00.S1.480.02.rar
2013-08-25 12:05 - 2013-08-25 13:54 - 327878820 _____ C:\Users\1\Downloads\MSG00.S1.480.01.rar
2013-08-25 10:32 - 2013-08-25 12:22 - 338245812 _____ C:\Users\1\Downloads\MSG.S2.480.02.rar
2013-08-25 10:25 - 2013-08-25 11:33 - 338647220 _____ C:\Users\1\Downloads\MSG.S2.480.01.rar
2013-08-24 17:14 - 2013-09-13 16:13 - 00000000 ____D C:\AdwCleaner
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Users\1\AppData\Roaming\Malwarebytes
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 16:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-24 13:25 - 2013-09-12 16:41 - 00000000 ____D C:\Users\1\Desktop\PlayDGN
2013-08-24 02:06 - 2013-08-24 02:32 - 00000000 ____D C:\Windows\erdnt
2013-08-22 23:08 - 2013-08-22 23:37 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-18 22:22 - 2013-09-13 17:50 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
==================== One Month Modified Files and Folders =======
2013-09-15 17:02 - 2013-09-15 17:02 - 01951102 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-09-15 16:04 - 2013-05-19 09:23 - 01087710 _____ C:\Windows\WindowsUpdate.log
2013-09-15 12:27 - 2013-09-15 12:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-15 12:17 - 2013-09-15 16:56 - 00891144 _____ C:\Users\1\Desktop\SecurityCheck.exe
2013-09-15 12:17 - 2013-09-15 12:17 - 00891144 _____ C:\Users\1\Downloads\SecurityCheck.exe
2013-09-15 12:15 - 2013-09-15 12:15 - 02347384 _____ (ESET) C:\Users\1\Downloads\esetsmartinstaller_enu.exe
2013-09-15 10:48 - 2012-01-16 18:22 - 00000027 _____ C:\Windows\system32\Drivers\etc\tmvsthfud.bin
2013-09-15 10:48 - 2010-10-04 21:26 - 00000027 _____ C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2013-09-14 23:20 - 2013-09-14 11:20 - 97600188 _____ C:\Windows\SysWOW64\㠈蝭痤°
2013-09-14 23:02 - 2012-02-19 13:55 - 00000000 ____D C:\Users\1\AppData\Roaming\Skype
2013-09-14 17:45 - 2013-05-20 10:20 - 00002476 _____ C:\Windows\TMFilter.log
2013-09-14 11:27 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 11:27 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 11:20 - 2012-02-16 14:46 - 00000000 ____D C:\Users\1\AppData\Roaming\uTorrent
2013-09-14 11:19 - 2013-05-19 09:20 - 00015282 _____ C:\Windows\setupact.log
2013-09-13 21:22 - 2013-09-13 21:22 - 97503480 _____ C:\Windows\SysWOW64\俺饃痤¡
2013-09-13 17:50 - 2013-08-18 22:22 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-09-13 16:26 - 2013-09-13 16:26 - 00001281 _____ C:\Users\1\Desktop\JRT.txt
2013-09-13 16:20 - 2009-07-14 07:13 - 01650206 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 16:20 - 2009-07-13 17:17 - 00717442 _____ C:\Windows\system32\perfh019.dat
2013-09-13 16:20 - 2009-07-13 17:17 - 00150260 _____ C:\Windows\system32\perfc019.dat
2013-09-13 16:19 - 2013-09-13 16:18 - 01029509 _____ (Thisisu) C:\Users\1\Downloads\JRT.exe
2013-09-13 16:15 - 2011-06-24 13:56 - 00000000 ____D C:\Windows\system32\Service
2013-09-13 16:13 - 2013-08-24 17:14 - 00000000 ____D C:\AdwCleaner
2013-09-13 15:39 - 2013-09-13 15:39 - 01037278 _____ C:\Users\1\Downloads\adwcleaner.exe
2013-09-13 15:20 - 2013-05-20 09:32 - 00561706 _____ C:\Windows\PFRO.log
2013-09-12 19:03 - 2013-09-12 19:03 - 00034229 _____ C:\ComboFix.txt
2013-09-12 19:03 - 2013-09-12 18:44 - 00000000 ____D C:\Qoobox
2013-09-12 19:00 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-12 18:43 - 2013-09-12 18:43 - 05124368 ____R (Swearware) C:\Users\1\Desktop\ComboFix.exe
2013-09-12 18:43 - 2013-09-12 18:43 - 05124368 _____ (Swearware) C:\Users\1\Downloads\ComboFix.exe
2013-09-12 17:17 - 2013-09-12 17:17 - 00014956 _____ C:\Users\1\Desktop\GMER.log
2013-09-12 17:05 - 2013-09-12 17:04 - 00043868 _____ C:\Users\1\Downloads\Addition.txt
2013-09-12 17:02 - 2013-09-12 17:02 - 00000000 ____D C:\FRST
2013-09-12 16:54 - 2013-09-12 16:54 - 00000574 _____ C:\Users\1\Downloads\defogger_disable.log
2013-09-12 16:54 - 2013-09-12 16:54 - 00000020 _____ C:\Users\1\defogger_reenable
2013-09-12 16:54 - 2011-02-25 15:25 - 00000000 ____D C:\Users\1
2013-09-12 16:47 - 2013-09-12 16:47 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-09-12 16:41 - 2013-08-24 13:25 - 00000000 ____D C:\Users\1\Desktop\PlayDGN
2013-09-11 16:02 - 2011-02-25 15:27 - 00000000 ___RD C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 16:02 - 2011-02-25 15:27 - 00000000 ___RD C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 15:59 - 2009-07-14 06:45 - 00416504 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 01:17 - 2011-03-12 15:17 - 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2013-09-11 01:17 - 2011-03-12 15:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 01:16 - 2013-07-13 22:46 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 01:12 - 2011-12-27 18:28 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 07:31 - 2011-12-30 01:12 - 00001122 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA.job
2013-09-10 07:14 - 2012-10-07 13:26 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 03:57 - 2013-06-22 12:22 - 00022173 _____ C:\autoupdate.log
2013-09-10 03:57 - 2012-10-07 13:26 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 03:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 01:31 - 2011-12-30 01:12 - 00001100 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core.job
2013-09-08 17:00 - 2011-02-25 15:25 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-09-08 02:26 - 2013-09-08 02:26 - 00000000 ____D C:\Program Files (x86)\Tor
2013-09-07 22:13 - 2013-09-07 22:13 - 96533415 _____ C:\Windows\SysWOW64\倛挳痤“
2013-09-06 13:21 - 2013-09-06 13:21 - 96334488 _____ C:\Windows\SysWOW64\裆箤痤¦
2013-09-05 09:10 - 2013-09-05 09:10 - 00001400 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-09-05 09:10 - 2013-09-05 09:10 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-09-05 09:10 - 2012-02-10 19:01 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-09-05 09:09 - 2012-02-10 19:02 - 00000000 ____D C:\Users\1\AppData\Roaming\DVDVideoSoft
2013-09-04 16:16 - 2013-06-06 23:45 - 00000000 ____D C:\Users\1\AppData\Roaming\vlc
2013-09-04 11:37 - 2013-05-07 16:56 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 11:37 - 2013-03-28 03:41 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 11:37 - 2013-03-28 03:41 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 02:34 - 2013-09-04 02:34 - 00000000 ____D C:\Users\1\AppData\Roaming\taobao
2013-09-04 02:34 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\tmp
2013-09-03 10:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-02 17:56 - 2013-09-02 17:56 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-09-02 17:49 - 2013-09-02 14:32 - 00000000 ____D C:\Program Files\¿ìѹ
2013-09-02 17:49 - 2009-07-14 07:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-02 16:00 - 2013-06-05 22:12 - 00000000 ____D C:\Users\Все пользователи\BitRaider
2013-09-02 16:00 - 2013-06-05 22:12 - 00000000 ____D C:\ProgramData\BitRaider
2013-09-02 15:55 - 2013-09-02 15:54 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
2013-09-02 15:51 - 2011-03-18 11:03 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-09-02 15:50 - 2013-09-02 14:31 - 00000000 ____D C:\Users\Все пользователи\SNDA
2013-09-02 15:50 - 2013-09-02 14:31 - 00000000 ____D C:\ProgramData\SNDA
2013-09-02 15:49 - 2013-09-02 15:49 - 00003056 _____ C:\Windows\System32\Tasks\{3A623D4C-6638-411C-990A-FA35665591DB}
2013-09-02 15:45 - 2013-09-02 15:45 - 00069560 _____ (盛大网络) C:\Windows\system32\SdoKeyCrypt.sys
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\Все пользователи\did
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\1\AppData\Roaming\KuaiZip
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\ProgramData\did
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\Softlink
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Local\SNDAService
2013-09-02 14:32 - 2013-09-02 14:30 - 00000000 ____D C:\Users\1\AppData\Roaming\SNDA
2013-09-02 12:36 - 2013-09-02 12:36 - 00000000 ____D C:\Users\Public\Thunder Network
2013-09-02 12:36 - 2013-09-02 12:34 - 00000000 ____D C:\Users\Все пользователи\Thunder Network
2013-09-02 12:36 - 2013-09-02 12:34 - 00000000 ____D C:\ProgramData\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:34 - 01305048 _____ C:\Users\1\Downloads\lzg0629_setup.exe
2013-09-02 12:34 - 2013-09-02 12:34 - 00000000 ____D C:\Users\1\AppData\Roaming\GameDownloader
2013-09-01 11:27 - 2013-07-07 15:16 - 00001431 _____ C:\DelFix.txt
2013-09-01 11:16 - 2013-09-01 11:16 - 00706916 _____ C:\Users\1\Downloads\delfix.exe
2013-08-31 14:34 - 2013-08-30 08:43 - 00000000 ____D C:\Program Files (x86)\HeroesGo
2013-08-31 13:25 - 2010-10-04 21:41 - 00002392 _____ C:\Windows\system32\AutoRunFilter.ini
2013-08-31 12:59 - 2013-08-31 12:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-31 12:59 - 2013-08-31 12:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-31 12:59 - 2012-06-21 21:57 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-08-31 12:59 - 2012-02-11 18:22 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-30 19:13 - 2011-02-25 15:26 - 00110856 _____ C:\Users\1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-30 19:10 - 2013-06-15 18:46 - 00012790 _____ C:\Windows\DPINST.LOG
2013-08-30 19:09 - 2013-08-30 19:09 - 00000000 ____D C:\Users\1\AppData\Roaming\InstallShield
2013-08-30 19:09 - 2010-10-04 21:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-30 19:07 - 2013-02-18 00:27 - 00000000 ____D C:\Users\Все пользователи\Razer
2013-08-30 19:07 - 2013-02-18 00:27 - 00000000 ____D C:\ProgramData\Razer
2013-08-30 19:07 - 2013-02-18 00:27 - 00000000 ____D C:\Program Files (x86)\Razer
2013-08-30 19:00 - 2013-02-18 00:27 - 00000000 ____D C:\Users\1\AppData\Local\Razer
2013-08-30 18:58 - 2013-08-30 18:57 - 12895320 _____ (Razer Inc.) C:\Users\1\Downloads\Razer_Synapse_Framework_V1.12.08.exe
2013-08-30 08:49 - 2013-08-30 08:49 - 00001033 _____ C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00001009 _____ C:\Users\1\Desktop\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00000000 ____D C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroesGo
2013-08-30 07:56 - 2010-10-04 21:41 - 00001552 _____ C:\Windows\system32\ServiceFilter.ini
2013-08-27 19:12 - 2013-08-27 17:29 - 317036708 _____ C:\Users\1\Downloads\MSG00.S1.480.08.rar
2013-08-27 19:06 - 2013-08-27 17:29 - 333144244 _____ C:\Users\1\Downloads\MSG.S2.480.07.rar
2013-08-27 08:34 - 2013-08-27 06:51 - 317190324 _____ C:\Users\1\Downloads\MSG00.S1.480.04.rar
2013-08-27 07:45 - 2013-08-27 06:51 - 321960100 _____ C:\Users\1\Downloads\MSG00.S1.480.06.rar
2013-08-27 06:48 - 2013-08-27 06:48 - 00001099 _____ C:\Users\1\Desktop\4NiMEbyME.lnk
2013-08-27 06:48 - 2013-08-27 06:48 - 00000000 _____ C:\Users\1\Desktop\KEYD96QMD3S
2013-08-27 06:40 - 2011-02-28 11:15 - 00000000 ____D C:\Windows\Minidump
2013-08-26 11:49 - 2013-06-11 00:31 - 00000000 ____D C:\Users\1\Desktop\Mods
2013-08-26 11:00 - 2013-08-26 11:00 - 00312320 _____ C:\Users\1\Downloads\SknGenerator.exe
2013-08-25 21:40 - 2013-08-25 19:56 - 317098148 _____ C:\Users\1\Downloads\MSG00.S1.480.05.rar
2013-08-25 17:57 - 2013-08-25 14:36 - 317307060 _____ C:\Users\1\Downloads\MSG00.S1.480.02.rar
2013-08-25 16:23 - 2013-08-25 14:37 - 327618724 _____ C:\Users\1\Downloads\MSG00.S1.480.03.rar
2013-08-25 13:54 - 2013-08-25 12:05 - 327878820 _____ C:\Users\1\Downloads\MSG00.S1.480.01.rar
2013-08-25 12:22 - 2013-08-25 10:32 - 338245812 _____ C:\Users\1\Downloads\MSG.S2.480.02.rar
2013-08-25 11:33 - 2013-08-25 10:25 - 338647220 _____ C:\Users\1\Downloads\MSG.S2.480.01.rar
2013-08-24 19:11 - 2013-05-14 16:58 - 00000000 ____D C:\Users\1\Documents\DragonNest
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Users\1\AppData\Roaming\Malwarebytes
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 12:47 - 2011-11-27 18:49 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-24 12:46 - 2011-03-12 13:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-08-24 12:46 - 2011-03-12 13:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 02:34 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-24 02:32 - 2013-08-24 02:06 - 00000000 ____D C:\Windows\erdnt
2013-08-24 02:25 - 2009-07-14 04:34 - 81264640 _____ C:\Windows\system32\config\software.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 25690112 _____ C:\Windows\system32\config\system.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00360448 _____ C:\Windows\system32\config\default.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00090112 _____ C:\Windows\system32\config\sam.bak
2013-08-22 23:37 - 2013-08-22 23:08 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 22:49 - 2013-04-20 19:53 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Все пользователи\hash.dat
Some content of TEMP:
====================
C:\Users\1\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-25 22:40
==================== End Of Log ============================
und es ist aufeinmal eine tor.exe bei meinem taskmanager aufgetaucht was ist das --- --- --- |
|
15.09.2013, 20:07
| #8 |
| /// the machine /// TB-Ausbilder | Laptop langsam Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
C:\Program Files (x86)\Tor
FF NetworkProxy: "no_proxies_on", "127.0.0.1"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9050
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-08] ()
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 X6va005; \??\C:\Users\1\AppData\Local\Temp\005C0D5.tmp [x]
S3 X6va006; \??\C:\Users\1\AppData\Local\Temp\006C740.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [x]
C:\ProgramData\hash.dat
C:\Users\Все пользователи\hash.dat
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte. noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.09.2013, 20:39
| #9 |
| | Laptop langsamCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-09-2013 04
Ran by 1 at 2013-09-15 21:34:13 Run:1
Running from C:\Users\1\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
C:\Program Files (x86)\Tor
FF NetworkProxy: "no_proxies_on", "127.0.0.1"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9050
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-08] ()
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 X6va005; \??\C:\Users\1\AppData\Local\Temp\005C0D5.tmp [x]
S3 X6va006; \??\C:\Users\1\AppData\Local\Temp\006C740.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [x]
C:\ProgramData\hash.dat
C:\Users\??? ????????????\hash.dat
*****************
"C:\Windows\System32\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe" => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe => Moved successfully.
C:\Program Files (x86)\Tor => Moved successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
tor => Service deleted successfully.
vtany => Service deleted successfully.
X6va005 => Service deleted successfully.
X6va006 => Service deleted successfully.
X6va008 => Service deleted successfully.
X6va009 => Service deleted successfully.
X6va010 => Service deleted successfully.
X6va011 => Service deleted successfully.
X6va012 => Service deleted successfully.
X6va013 => Service deleted successfully.
C:\ProgramData\hash.dat => Moved successfully.
"C:\Users\??? ????????????\hash.dat" => File/Directory not found.
The system needs a manual reboot.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-09-2013 04
Ran by 1 (administrator) on 1-ПК on 15-09-2013 21:36:07
Running from C:\Users\1\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Russian
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Razer Game Booster\gbtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [UfSeAgnt.exe] - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [1022904 2010-02-23] (Trend Micro Inc.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-01-18] (Alcor Micro Corp.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKCU\...\Run: [NevoDRM] - C:\Игры\NevoDRM\NevoDRM.exe [41984 2008-12-11] ()
HKCU\...\Run: [Facebook Update] - C:\Users\1\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2013-01-25] (BitTorrent, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876456 2013-06-21] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-12] (Adobe Systems Incorporated)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-10-04] ()
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [autodetect] - C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe [129872 2010-03-02] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No File
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO-x32: Помощник по входу в Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\11569798\npxbdsetup.dll No File
FF Plugin-x32: @cloudisk.snda.com,version=1.0.5.6 - C:\ProgramData\SNDA\Cloud_plugin\np_plugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Webzen.com/NPBrowserExt - C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll No File
FF Plugin-x32: @xunlei.com/npxluser - C:\Program Files (x86)\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\1\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @TrianglePlayer - C:\Users\1\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @xunlei.com/npxluser - C:\Program Files (x86)\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: onlinehdtv - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\onlinehdtv@onlinehd.tv.xpi
FF Extension: No Name - C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\hunxdy1z.default\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
Chrome:
=======
CHR Extension: (Docs) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Adblock Plus) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd10.crx
CHR HKLM-x32\...\Chrome\Extension: [nmpllndkedbnmonoomepeeglghdelffo] - C:\Program Files (x86)\icq\Chrome\icq-1.3.671.crx
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-09] (BitRaider, LLC)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4662936 2012-02-27] (INCA Internet Co., Ltd.)
R2 SDDUpdate; C:\Users\1\AppData\Roaming\SNDA\SDUpdate\SDDUpdateSvc.dll [227224 2013-09-02] (SNDA)
R2 SfCtlCom; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [859712 2010-10-09] (Trend Micro Inc.)
R2 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [570632 2010-02-23] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [917768 2010-02-23] (Trend Micro Inc.)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт)
S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [661600 2012-11-19] (Wellbia.com Co., Ltd.)
S2 Guard.Mail.ru; "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" [x]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [x]
S2 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [x]
==================== Drivers (Whitelisted) ====================
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 1394hub; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Корпорация Майкрософт)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)
S3 SDGame; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 SDGame; C:\Windows\SysWow64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 SdoKeyCrypt; C:\Windows\system32\SdoKeyCrypt.sys [69560 2013-09-02] (盛大网络)
S3 SdoKeyCrypt; C:\Windows\system32\SdoKeyCrypt.sys [69560 2013-09-02] (盛大网络)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-02-26] (Duplex Secure Ltd.)
R2 tmpreflt; C:\Windows\System32\DRIVERS\tmpreflt.sys [42768 2011-07-12] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [107536 2010-02-23] (Trend Micro Inc.)
R2 tmxpflt; C:\Windows\System32\DRIVERS\tmxpflt.sys [342288 2011-07-12] (Trend Micro Inc.)
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Корпорация Майкрософт)
R2 vsapint; C:\Windows\System32\DRIVERS\vsapint.sys [2077456 2011-07-12] (Trend Micro Inc.)
R3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
R3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)
U3 AppMgmt; %SystemRoot%\system32\svchost.exe -k netsvcs
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U2 CscService;
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 ncvet.dll; \??\C:\Windows\Temp\ncvet.dll [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
U3 PeerDistSvc;
U3 tmlwf;
U3 tmwfp;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-15 17:02 - 2013-09-15 17:02 - 01951102 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-09-15 16:56 - 2013-09-15 12:17 - 00891144 _____ C:\Users\1\Desktop\SecurityCheck.exe
2013-09-15 12:17 - 2013-09-15 12:17 - 00891144 _____ C:\Users\1\Downloads\SecurityCheck.exe
2013-09-15 12:15 - 2013-09-15 12:15 - 02347384 _____ (ESET) C:\Users\1\Downloads\esetsmartinstaller_enu.exe
2013-09-14 11:20 - 2013-09-15 17:20 - 97671483 _____ C:\Windows\SysWOW64\㠈蝭痤°
2013-09-13 21:22 - 2013-09-13 21:22 - 97503480 _____ C:\Windows\SysWOW64\俺饃痤¡
2013-09-13 16:26 - 2013-09-13 16:26 - 00001281 _____ C:\Users\1\Desktop\JRT.txt
2013-09-13 16:18 - 2013-09-13 16:19 - 01029509 _____ (Thisisu) C:\Users\1\Downloads\JRT.exe
2013-09-13 15:39 - 2013-09-13 15:39 - 01037278 _____ C:\Users\1\Downloads\adwcleaner.exe
2013-09-12 19:03 - 2013-09-12 19:03 - 00034229 _____ C:\ComboFix.txt
2013-09-12 18:45 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-12 18:45 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-12 18:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-12 18:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-12 18:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-12 18:45 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-12 18:45 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-12 18:45 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-12 18:44 - 2013-09-12 19:03 - 00000000 ____D C:\Qoobox
2013-09-12 18:43 - 2013-09-12 18:43 - 05124368 ____R (Swearware) C:\Users\1\Desktop\ComboFix.exe
2013-09-12 18:43 - 2013-09-12 18:43 - 05124368 _____ (Swearware) C:\Users\1\Downloads\ComboFix.exe
2013-09-12 17:17 - 2013-09-12 17:17 - 00014956 _____ C:\Users\1\Desktop\GMER.log
2013-09-12 17:04 - 2013-09-12 17:05 - 00043868 _____ C:\Users\1\Downloads\Addition.txt
2013-09-12 17:02 - 2013-09-15 21:34 - 00000000 ____D C:\FRST
2013-09-12 16:54 - 2013-09-12 16:54 - 00000020 _____ C:\Users\1\defogger_reenable
2013-09-12 16:47 - 2013-09-12 16:47 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-09-11 01:16 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 01:16 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 01:16 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 01:16 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 01:16 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 01:16 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 01:16 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 01:16 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 01:16 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 01:16 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 01:16 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 01:16 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 01:16 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 01:16 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 21:59 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 21:59 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-10 21:59 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-10 21:59 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-10 21:59 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-10 21:59 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-10 21:59 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-10 21:59 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-10 21:59 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-10 21:59 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-10 21:59 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 21:59 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 21:59 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 21:59 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 21:59 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 21:59 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-10 21:59 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-10 21:59 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 21:59 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 21:59 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 21:59 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 21:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 21:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 21:59 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-10 21:59 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 21:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 21:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-07 22:13 - 2013-09-07 22:13 - 96533415 _____ C:\Windows\SysWOW64\倛挳痤“
2013-09-06 13:21 - 2013-09-06 13:21 - 96334488 _____ C:\Windows\SysWOW64\裆箤痤¦
2013-09-05 09:10 - 2013-09-05 09:10 - 00001400 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-09-05 09:10 - 2013-09-05 09:10 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-09-04 02:34 - 2013-09-04 02:34 - 00000000 ____D C:\Users\1\AppData\Roaming\taobao
2013-09-02 17:56 - 2013-09-02 17:56 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-09-02 15:54 - 2013-09-02 15:55 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
2013-09-02 15:49 - 2013-09-02 15:49 - 00003056 _____ C:\Windows\System32\Tasks\{3A623D4C-6638-411C-990A-FA35665591DB}
2013-09-02 15:45 - 2013-09-02 15:45 - 00069560 _____ (盛大网络) C:\Windows\system32\SdoKeyCrypt.sys
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\Все пользователи\did
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\1\AppData\Roaming\KuaiZip
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\ProgramData\did
2013-09-02 14:33 - 2012-07-10 06:45 - 00092976 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
2013-09-02 14:32 - 2013-09-04 02:34 - 00000000 ____D C:\Users\1\AppData\Roaming\tmp
2013-09-02 14:32 - 2013-09-02 17:49 - 00000000 ____D C:\Program Files\¿ìѹ
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\Softlink
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Local\SNDAService
2013-09-02 14:31 - 2013-09-02 15:50 - 00000000 ____D C:\Users\Все пользователи\SNDA
2013-09-02 14:31 - 2013-09-02 15:50 - 00000000 ____D C:\ProgramData\SNDA
2013-09-02 14:30 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\SNDA
2013-09-02 12:36 - 2013-09-02 12:36 - 00000000 ____D C:\Users\Public\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:36 - 00000000 ____D C:\Users\Все пользователи\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:36 - 00000000 ____D C:\ProgramData\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:34 - 01305048 _____ C:\Users\1\Downloads\lzg0629_setup.exe
2013-09-02 12:34 - 2013-09-02 12:34 - 00000000 ____D C:\Users\1\AppData\Roaming\GameDownloader
2013-09-01 11:16 - 2013-09-01 11:16 - 00706916 _____ C:\Users\1\Downloads\delfix.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-31 12:59 - 2013-08-31 12:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-30 19:09 - 2013-08-30 19:09 - 00000000 ____D C:\Users\1\AppData\Roaming\InstallShield
2013-08-30 19:09 - 2009-08-27 14:49 - 00092672 _____ (Razer Inc.) C:\Windows\system32\Abyssus.cpl
2013-08-30 18:57 - 2013-08-30 18:58 - 12895320 _____ (Razer Inc.) C:\Users\1\Downloads\Razer_Synapse_Framework_V1.12.08.exe
2013-08-30 08:49 - 2013-08-30 08:49 - 00001033 _____ C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00001009 _____ C:\Users\1\Desktop\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00000000 ____D C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroesGo
2013-08-30 08:43 - 2013-08-31 14:34 - 00000000 ____D C:\Program Files (x86)\HeroesGo
2013-08-27 17:29 - 2013-08-27 19:12 - 317036708 _____ C:\Users\1\Downloads\MSG00.S1.480.08.rar
2013-08-27 17:29 - 2013-08-27 19:06 - 333144244 _____ C:\Users\1\Downloads\MSG.S2.480.07.rar
2013-08-27 06:51 - 2013-08-27 08:34 - 317190324 _____ C:\Users\1\Downloads\MSG00.S1.480.04.rar
2013-08-27 06:51 - 2013-08-27 07:45 - 321960100 _____ C:\Users\1\Downloads\MSG00.S1.480.06.rar
2013-08-27 06:48 - 2013-08-27 06:48 - 00001099 _____ C:\Users\1\Desktop\4NiMEbyME.lnk
2013-08-27 06:48 - 2013-08-27 06:48 - 00000000 _____ C:\Users\1\Desktop\KEYD96QMD3S
2013-08-26 11:00 - 2013-08-26 11:00 - 00312320 _____ C:\Users\1\Downloads\SknGenerator.exe
2013-08-25 19:56 - 2013-08-25 21:40 - 317098148 _____ C:\Users\1\Downloads\MSG00.S1.480.05.rar
2013-08-25 14:37 - 2013-08-25 16:23 - 327618724 _____ C:\Users\1\Downloads\MSG00.S1.480.03.rar
2013-08-25 14:36 - 2013-08-25 17:57 - 317307060 _____ C:\Users\1\Downloads\MSG00.S1.480.02.rar
2013-08-25 12:05 - 2013-08-25 13:54 - 327878820 _____ C:\Users\1\Downloads\MSG00.S1.480.01.rar
2013-08-25 10:32 - 2013-08-25 12:22 - 338245812 _____ C:\Users\1\Downloads\MSG.S2.480.02.rar
2013-08-25 10:25 - 2013-08-25 11:33 - 338647220 _____ C:\Users\1\Downloads\MSG.S2.480.01.rar
2013-08-24 17:14 - 2013-09-13 16:13 - 00000000 ____D C:\AdwCleaner
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Users\1\AppData\Roaming\Malwarebytes
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 16:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-24 13:25 - 2013-09-12 16:41 - 00000000 ____D C:\Users\1\Desktop\PlayDGN
2013-08-24 02:06 - 2013-08-24 02:32 - 00000000 ____D C:\Windows\erdnt
2013-08-22 23:08 - 2013-08-22 23:37 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-18 22:22 - 2013-09-13 17:50 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
==================== One Month Modified Files and Folders =======
2013-09-15 21:34 - 2013-09-12 17:02 - 00000000 ____D C:\FRST
2013-09-15 18:39 - 2013-05-19 09:23 - 01129743 _____ C:\Windows\WindowsUpdate.log
2013-09-15 17:20 - 2013-09-14 11:20 - 97671483 _____ C:\Windows\SysWOW64\㠈蝭痤°
2013-09-15 17:02 - 2013-09-15 17:02 - 01951102 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe
2013-09-15 12:17 - 2013-09-15 16:56 - 00891144 _____ C:\Users\1\Desktop\SecurityCheck.exe
2013-09-15 12:17 - 2013-09-15 12:17 - 00891144 _____ C:\Users\1\Downloads\SecurityCheck.exe
2013-09-15 12:15 - 2013-09-15 12:15 - 02347384 _____ (ESET) C:\Users\1\Downloads\esetsmartinstaller_enu.exe
2013-09-15 10:48 - 2012-01-16 18:22 - 00000027 _____ C:\Windows\system32\Drivers\etc\tmvsthfud.bin
2013-09-15 10:48 - 2010-10-04 21:26 - 00000027 _____ C:\Windows\system32\Drivers\etc\tmvsthfss.bin
2013-09-14 23:02 - 2012-02-19 13:55 - 00000000 ____D C:\Users\1\AppData\Roaming\Skype
2013-09-14 17:45 - 2013-05-20 10:20 - 00002476 _____ C:\Windows\TMFilter.log
2013-09-14 11:27 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 11:27 - 2009-07-14 06:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 11:20 - 2012-02-16 14:46 - 00000000 ____D C:\Users\1\AppData\Roaming\uTorrent
2013-09-14 11:19 - 2013-05-19 09:20 - 00015282 _____ C:\Windows\setupact.log
2013-09-13 21:22 - 2013-09-13 21:22 - 97503480 _____ C:\Windows\SysWOW64\俺饃痤¡
2013-09-13 17:50 - 2013-08-18 22:22 - 00000000 ____D C:\Users\1\Desktop\Anime
2013-09-13 16:26 - 2013-09-13 16:26 - 00001281 _____ C:\Users\1\Desktop\JRT.txt
2013-09-13 16:20 - 2009-07-14 07:13 - 01650206 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-13 16:20 - 2009-07-13 17:17 - 00717442 _____ C:\Windows\system32\perfh019.dat
2013-09-13 16:20 - 2009-07-13 17:17 - 00150260 _____ C:\Windows\system32\perfc019.dat
2013-09-13 16:19 - 2013-09-13 16:18 - 01029509 _____ (Thisisu) C:\Users\1\Downloads\JRT.exe
2013-09-13 16:15 - 2011-06-24 13:56 - 00000000 ____D C:\Windows\system32\Service
2013-09-13 16:13 - 2013-08-24 17:14 - 00000000 ____D C:\AdwCleaner
2013-09-13 15:39 - 2013-09-13 15:39 - 01037278 _____ C:\Users\1\Downloads\adwcleaner.exe
2013-09-13 15:20 - 2013-05-20 09:32 - 00561706 _____ C:\Windows\PFRO.log
2013-09-12 19:03 - 2013-09-12 19:03 - 00034229 _____ C:\ComboFix.txt
2013-09-12 19:03 - 2013-09-12 18:44 - 00000000 ____D C:\Qoobox
2013-09-12 19:00 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-12 18:43 - 2013-09-12 18:43 - 05124368 ____R (Swearware) C:\Users\1\Desktop\ComboFix.exe
2013-09-12 18:43 - 2013-09-12 18:43 - 05124368 _____ (Swearware) C:\Users\1\Downloads\ComboFix.exe
2013-09-12 17:17 - 2013-09-12 17:17 - 00014956 _____ C:\Users\1\Desktop\GMER.log
2013-09-12 17:05 - 2013-09-12 17:04 - 00043868 _____ C:\Users\1\Downloads\Addition.txt
2013-09-12 16:54 - 2013-09-12 16:54 - 00000020 _____ C:\Users\1\defogger_reenable
2013-09-12 16:54 - 2011-02-25 15:25 - 00000000 ____D C:\Users\1
2013-09-12 16:47 - 2013-09-12 16:47 - 00377856 _____ C:\Users\1\Downloads\gmer_2.1.19163.exe
2013-09-12 16:41 - 2013-08-24 13:25 - 00000000 ____D C:\Users\1\Desktop\PlayDGN
2013-09-11 16:02 - 2011-02-25 15:27 - 00000000 ___RD C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 16:02 - 2011-02-25 15:27 - 00000000 ___RD C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 15:59 - 2009-07-14 06:45 - 00416504 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 01:17 - 2011-03-12 15:17 - 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2013-09-11 01:17 - 2011-03-12 15:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 01:16 - 2013-07-13 22:46 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 01:12 - 2011-12-27 18:28 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 07:31 - 2011-12-30 01:12 - 00001122 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000UA.job
2013-09-10 07:14 - 2012-10-07 13:26 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 03:57 - 2013-06-22 12:22 - 00022173 _____ C:\autoupdate.log
2013-09-10 03:57 - 2012-10-07 13:26 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 03:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-09 01:31 - 2011-12-30 01:12 - 00001100 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2836931342-2209172082-994582513-1000Core.job
2013-09-08 17:00 - 2011-02-25 15:25 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-09-07 22:13 - 2013-09-07 22:13 - 96533415 _____ C:\Windows\SysWOW64\倛挳痤“
2013-09-06 13:21 - 2013-09-06 13:21 - 96334488 _____ C:\Windows\SysWOW64\裆箤痤¦
2013-09-05 09:10 - 2013-09-05 09:10 - 00001400 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-09-05 09:10 - 2013-09-05 09:10 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2013-09-05 09:10 - 2012-02-10 19:01 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-09-05 09:09 - 2012-02-10 19:02 - 00000000 ____D C:\Users\1\AppData\Roaming\DVDVideoSoft
2013-09-04 16:16 - 2013-06-06 23:45 - 00000000 ____D C:\Users\1\AppData\Roaming\vlc
2013-09-04 11:37 - 2013-05-07 16:56 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 11:37 - 2013-03-28 03:41 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 11:37 - 2013-03-28 03:41 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 02:34 - 2013-09-04 02:34 - 00000000 ____D C:\Users\1\AppData\Roaming\taobao
2013-09-04 02:34 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\tmp
2013-09-03 10:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-02 17:56 - 2013-09-02 17:56 - 00050477 _____ C:\Users\1\Downloads\Defogger.exe
2013-09-02 17:49 - 2013-09-02 14:32 - 00000000 ____D C:\Program Files\¿ìѹ
2013-09-02 17:49 - 2009-07-14 07:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-02 16:00 - 2013-06-05 22:12 - 00000000 ____D C:\Users\Все пользователи\BitRaider
2013-09-02 16:00 - 2013-06-05 22:12 - 00000000 ____D C:\ProgramData\BitRaider
2013-09-02 15:55 - 2013-09-02 15:54 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
2013-09-02 15:51 - 2011-03-18 11:03 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-09-02 15:50 - 2013-09-02 14:31 - 00000000 ____D C:\Users\Все пользователи\SNDA
2013-09-02 15:50 - 2013-09-02 14:31 - 00000000 ____D C:\ProgramData\SNDA
2013-09-02 15:49 - 2013-09-02 15:49 - 00003056 _____ C:\Windows\System32\Tasks\{3A623D4C-6638-411C-990A-FA35665591DB}
2013-09-02 15:45 - 2013-09-02 15:45 - 00069560 _____ (盛大网络) C:\Windows\system32\SdoKeyCrypt.sys
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\Все пользователи\did
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\Users\1\AppData\Roaming\KuaiZip
2013-09-02 14:33 - 2013-09-02 14:33 - 00000000 ____D C:\ProgramData\did
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Roaming\Softlink
2013-09-02 14:32 - 2013-09-02 14:32 - 00000000 ____D C:\Users\1\AppData\Local\SNDAService
2013-09-02 14:32 - 2013-09-02 14:30 - 00000000 ____D C:\Users\1\AppData\Roaming\SNDA
2013-09-02 12:36 - 2013-09-02 12:36 - 00000000 ____D C:\Users\Public\Thunder Network
2013-09-02 12:36 - 2013-09-02 12:34 - 00000000 ____D C:\Users\Все пользователи\Thunder Network
2013-09-02 12:36 - 2013-09-02 12:34 - 00000000 ____D C:\ProgramData\Thunder Network
2013-09-02 12:34 - 2013-09-02 12:34 - 01305048 _____ C:\Users\1\Downloads\lzg0629_setup.exe
2013-09-02 12:34 - 2013-09-02 12:34 - 00000000 ____D C:\Users\1\AppData\Roaming\GameDownloader
2013-09-01 11:27 - 2013-07-07 15:16 - 00001431 _____ C:\DelFix.txt
2013-09-01 11:16 - 2013-09-01 11:16 - 00706916 _____ C:\Users\1\Downloads\delfix.exe
2013-08-31 14:34 - 2013-08-30 08:43 - 00000000 ____D C:\Program Files (x86)\HeroesGo
2013-08-31 13:25 - 2010-10-04 21:41 - 00002392 _____ C:\Windows\system32\AutoRunFilter.ini
2013-08-31 12:59 - 2013-08-31 12:59 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-31 12:59 - 2013-08-31 12:59 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-31 12:59 - 2013-08-31 12:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-31 12:59 - 2012-06-21 21:57 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-08-31 12:59 - 2012-02-11 18:22 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-30 19:13 - 2011-02-25 15:26 - 00110856 _____ C:\Users\1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-30 19:10 - 2013-06-15 18:46 - 00012790 _____ C:\Windows\DPINST.LOG
2013-08-30 19:09 - 2013-08-30 19:09 - 00000000 ____D C:\Users\1\AppData\Roaming\InstallShield
2013-08-30 19:09 - 2010-10-04 21:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-30 19:07 - 2013-02-18 00:27 - 00000000 ____D C:\Users\Все пользователи\Razer
2013-08-30 19:07 - 2013-02-18 00:27 - 00000000 ____D C:\ProgramData\Razer
2013-08-30 19:07 - 2013-02-18 00:27 - 00000000 ____D C:\Program Files (x86)\Razer
2013-08-30 19:00 - 2013-02-18 00:27 - 00000000 ____D C:\Users\1\AppData\Local\Razer
2013-08-30 18:58 - 2013-08-30 18:57 - 12895320 _____ (Razer Inc.) C:\Users\1\Downloads\Razer_Synapse_Framework_V1.12.08.exe
2013-08-30 08:49 - 2013-08-30 08:49 - 00001033 _____ C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00001009 _____ C:\Users\1\Desktop\HeroesGo.lnk
2013-08-30 08:49 - 2013-08-30 08:49 - 00000000 ____D C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroesGo
2013-08-30 07:56 - 2010-10-04 21:41 - 00001552 _____ C:\Windows\system32\ServiceFilter.ini
2013-08-27 19:12 - 2013-08-27 17:29 - 317036708 _____ C:\Users\1\Downloads\MSG00.S1.480.08.rar
2013-08-27 19:06 - 2013-08-27 17:29 - 333144244 _____ C:\Users\1\Downloads\MSG.S2.480.07.rar
2013-08-27 08:34 - 2013-08-27 06:51 - 317190324 _____ C:\Users\1\Downloads\MSG00.S1.480.04.rar
2013-08-27 07:45 - 2013-08-27 06:51 - 321960100 _____ C:\Users\1\Downloads\MSG00.S1.480.06.rar
2013-08-27 06:48 - 2013-08-27 06:48 - 00001099 _____ C:\Users\1\Desktop\4NiMEbyME.lnk
2013-08-27 06:48 - 2013-08-27 06:48 - 00000000 _____ C:\Users\1\Desktop\KEYD96QMD3S
2013-08-27 06:40 - 2011-02-28 11:15 - 00000000 ____D C:\Windows\Minidump
2013-08-26 11:49 - 2013-06-11 00:31 - 00000000 ____D C:\Users\1\Desktop\Mods
2013-08-26 11:00 - 2013-08-26 11:00 - 00312320 _____ C:\Users\1\Downloads\SknGenerator.exe
2013-08-25 21:40 - 2013-08-25 19:56 - 317098148 _____ C:\Users\1\Downloads\MSG00.S1.480.05.rar
2013-08-25 17:57 - 2013-08-25 14:36 - 317307060 _____ C:\Users\1\Downloads\MSG00.S1.480.02.rar
2013-08-25 16:23 - 2013-08-25 14:37 - 327618724 _____ C:\Users\1\Downloads\MSG00.S1.480.03.rar
2013-08-25 13:54 - 2013-08-25 12:05 - 327878820 _____ C:\Users\1\Downloads\MSG00.S1.480.01.rar
2013-08-25 12:22 - 2013-08-25 10:32 - 338245812 _____ C:\Users\1\Downloads\MSG.S2.480.02.rar
2013-08-25 11:33 - 2013-08-25 10:25 - 338647220 _____ C:\Users\1\Downloads\MSG.S2.480.01.rar
2013-08-24 19:11 - 2013-05-14 16:58 - 00000000 ____D C:\Users\1\Documents\DragonNest
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Users\1\AppData\Roaming\Malwarebytes
2013-08-24 16:47 - 2013-08-24 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 12:47 - 2011-11-27 18:49 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-08-24 12:46 - 2011-03-12 13:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-08-24 12:46 - 2011-03-12 13:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 12:45 - 2013-05-25 21:03 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2013-08-24 02:34 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-24 02:32 - 2013-08-24 02:06 - 00000000 ____D C:\Windows\erdnt
2013-08-24 02:25 - 2009-07-14 04:34 - 81264640 _____ C:\Windows\system32\config\software.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 25690112 _____ C:\Windows\system32\config\system.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00360448 _____ C:\Windows\system32\config\default.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-08-24 02:25 - 2009-07-14 04:34 - 00090112 _____ C:\Windows\system32\config\sam.bak
2013-08-22 23:37 - 2013-08-22 23:08 - 1108531470 _____ (mmoTM ) C:\Users\1\Downloads\Divinesouls.exe
2013-08-22 22:49 - 2013-04-20 19:53 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-22 22:40 - 2013-08-22 22:40 - 00318216 _____ C:\Windows\Minidump\082213-74927-01.dmp
2013-08-18 18:41 - 2013-08-18 18:41 - 00275144 _____ C:\Windows\Minidump\081813-51854-01.dmp
Some content of TEMP:
====================
C:\Users\1\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-25 22:40
==================== End Of Log ============================
bin ich jetzt schön sauber oder machen wir noch was ? |
|
16.09.2013, 10:01
| #10 |
| /// the machine /// TB-Ausbilder | Laptop langsam Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.09.2013, 16:16
| #11 |
| | Laptop langsam okay alles gut danke dir  D |
|
16.09.2013, 19:50
| #12 |
| /// the machine /// TB-Ausbilder | Laptop langsam Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Laptop langsam |
| .com, adblock, antivirus, branding, browser, combofix, computer, converter, desktop, downloader, error, excel, farbar, farbar recovery scan tool, flash player, help, helper, homepage, iexplore.exe, installation, langsam, minidump, mp3, msiexec.exe, msiinstaller, ntdll.dll, plug-in, registry, scan, security, server, software, spielen, system, windows |
Linear-Darstellung
