Jump to content

TimofeyT

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Dear Kevin, I read the instructions before posting and uninstalled the torrent before posting here, as it was asked. I rechecked - There should be no P2P files now , as well I uninstalled the illegal software. Could you please let me know if its fine or not: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01Ran by Timofey Tyagur (administrator) on TIMOFEY on 31-05-2015 21:55:13Running from C:\Users\Timofey Tyagur\DownloadsLoaded Profiles: Timofey Tyagur (Available Profiles: Timofey Tyagur)Platform: Windows 8 Single Language (X64) OS Language: Русский (Россия)Internet Explorer Version 10 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\ps64ldr.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe(Microsoft Corporation) C:\Windows\System32\mspaint.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)Startup: C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-09-11]ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Вырезка экрана и программа запуска для OneNote 2010.lnk [2013-08-11]ShortcutTarget: Вырезка экрана и программа запуска для OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyServer: [s-1-5-21-1532010537-4047090494-72995704-1001] => http=210.211.125.25:3128HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.comHKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ru.msn.com/HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=profitraf2SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-20] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.defaultFF DefaultSearchEngine: Поиск@Mail.RuFF SelectedSearchEngine: Поиск@Mail.RuFF Homepage: hxxp://mail.ru/cnt/10445?gp=profitraf2FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=FF NetworkProxy: "type", 1FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] ()FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)FF Plugin HKU\S-1-5-21-1532010537-4047090494-72995704-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Timofey Tyagur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-31] (Unity Technologies ApS)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll [2013-03-11] ()FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] ()FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()FF SearchPlugin: C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default\searchplugins\mailru.xml [2014-10-04]FF Extension: Визуальные закладки @Mail.Ru - C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2014-10-04]FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKFF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-12]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: =======CHR Profile: C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-28]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-05-28]CHR Extension: (YouTube) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]CHR Extension: (Adblock Plus) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-28]CHR Extension: (Pixlr-o-matic) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2015-05-28]CHR Extension: (timeStats) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2015-05-28]CHR Extension: (Google Calendar) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-28]CHR Extension: (PanicButton) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-05-28]CHR Extension: (AdBlock) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-28]CHR Extension: (Bookmark Manager) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]CHR Extension: (Google Forms) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-05-28]CHR Extension: (StayFocusd) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-05-28]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-05]CHR Extension: (Google Wallet) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]CHR Extension: (Fusion Tables (experimental)) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfoeakahkgllhkommkfeehmkfcloagkl [2015-05-28]CHR HKLM-x32\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [jggbjbmnfmipgcanidamjfpechdeekoi] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [nidmnchoekibbojpkbcojafkodobelld] - C:\Program Files (x86)\Crx\Files\nidmnchoekibbojpkbcojafkodobelld_0.1.4.crx [2013-08-10]CHR HKLM-x32\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)R3 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [30080 2012-10-01] (Intel Corporation)R3 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [31616 2012-10-01] (Intel Corporation)R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1333424 2012-12-21] (ESET)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)R3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-25] ()S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)R3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-25] (Intel® Corporation)S3 updater; C:\Program Files (x86)\mediainformationaccess\updater.exe run options=0000000777000000000000000000000 source=mia [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-05-28] (Emsisoft GmbH)R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [112640 2012-10-29] (ASIX Electronics Corp.)S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-02] (Motorola Solutions, Inc.)S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-02] (Motorola Solutions, Inc.)R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-05-28] (Emsisoft GmbH)R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-10-01] (Intel Corporation)R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-10-01] (Intel Corporation)R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-10-01] (Intel Corporation)R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96576 2012-10-01] (Intel Corporation)R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229184 2012-10-01] (Intel Corporation)R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363328 2012-10-01] (Intel Corporation)R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-08-12] (Disc Soft Ltd)R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-01-10] (ESET)R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2013-01-10] (ESET)R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-31] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-12] (Duplex Secure Ltd.)S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows ® Win 7 DDK provider)R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows ® Win 7 DDK provider)U0 msahci; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-28 23:51 - 2015-05-28 23:52 - 00037061 _____ () C:\Users\Timofey Tyagur\Downloads\Addition.txt2015-05-28 23:49 - 2015-05-31 21:55 - 00024845 _____ () C:\Users\Timofey Tyagur\Downloads\FRST.txt2015-05-28 23:49 - 2015-05-31 21:55 - 00000000 ____D () C:\FRST2015-05-28 23:49 - 2015-05-28 23:49 - 02108928 _____ (Farbar) C:\Users\Timofey Tyagur\Downloads\FRST64.exe2015-05-28 21:29 - 2015-05-28 21:42 - 00000000 ____D () C:\EEK2015-05-28 21:29 - 2015-05-28 21:29 - 00000745 _____ () C:\Users\Timofey Tyagur\Desktop\Start Emsisoft Emergency Kit.lnk2015-05-28 21:27 - 2015-05-28 21:28 - 20781656 _____ () C:\Users\Timofey Tyagur\Downloads\RogueKillerX64.exe2015-05-28 21:24 - 2015-05-28 21:28 - 155048408 _____ () C:\Users\Timofey Tyagur\Downloads\EmsisoftEmergencyKit.exe2015-05-28 21:09 - 2015-05-28 21:09 - 00283258 _____ () C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe_20150528.210920.5148.log2015-05-28 21:09 - 2015-05-28 21:09 - 00000022 _____ () C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe_20150528.210920.5148.zip2015-05-28 20:31 - 2015-05-28 20:31 - 00001294 _____ () C:\Windows\system32\.crusader2015-05-28 20:02 - 2015-05-28 20:13 - 00000000 ____D () C:\ProgramData\HitmanPro2015-05-28 20:01 - 2015-05-28 20:01 - 11024496 _____ (SurfRight B.V.) C:\Users\Timofey Tyagur\Downloads\HitmanPro_x64.exe2015-05-28 08:19 - 2015-05-28 08:19 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\ParetoLogic2015-05-28 08:18 - 2015-05-28 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic2015-05-28 08:18 - 2015-05-28 08:18 - 00000000 _____ () C:\autoexec.bat2015-05-27 23:43 - 2015-05-27 23:55 - 00014996 _____ () C:\Users\Timofey Tyagur\Downloads\Travel plans 2015 .xlsm2015-05-27 23:43 - 2015-05-27 23:43 - 00000165 ____H () C:\Users\Timofey Tyagur\Downloads\~$Travel plans 2015 .xlsm2015-05-27 23:26 - 2015-05-28 09:26 - 00085356 _____ () C:\Windows\PFRO.log2015-05-27 23:20 - 2015-05-31 17:35 - 00463814 _____ () C:\Windows\WindowsUpdate.log2015-05-27 23:02 - 2015-05-31 20:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-05-27 23:02 - 2015-05-27 23:02 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-05-27 23:02 - 2015-05-27 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-05-27 23:01 - 2015-05-27 23:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-05-27 23:01 - 2015-05-27 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-05-27 23:01 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-05-27 23:01 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-05-27 23:01 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-05-27 22:59 - 2015-05-27 23:01 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Timofey Tyagur\Downloads\mbam-setup-2.1.6.1022.exe2015-05-27 22:58 - 2015-05-27 22:58 - 00221384 _____ (ESET) C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner (1).exe2015-05-27 22:56 - 2015-05-27 22:56 - 00221384 _____ (ESET) C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe2015-05-02 10:54 - 2015-04-18 11:18 - 00000080 _____ () C:\Users\Timofey Tyagur\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦2015-05-02 04:21 - 2015-05-28 20:27 - 00000000 ____D () C:\Program Files\Rockstar Games2015-05-02 04:21 - 2015-05-28 20:27 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games2015-05-01 19:11 - 2015-05-01 19:11 - 00002840 _____ () C:\Users\Timofey Tyagur\Downloads\latest.edemo.jnlp2015-05-01 19:11 - 2015-05-01 19:11 - 00000008 ___RH () C:\Users\Timofey Tyagur\hwid2015-05-01 16:43 - 2015-05-01 16:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Saxo Bank2015-05-01 16:43 - 2015-05-01 16:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Local\Saxo Bank2015-05-01 16:41 - 2015-05-01 16:41 - 00002070 _____ () C:\Users\Timofey Tyagur\Desktop\SaxoTrader.lnk2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saxo Bank2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Program Files (x86)\Saxo Bank2015-05-01 16:38 - 2015-05-01 16:38 - 00301352 _____ (Saxo Bank) C:\Users\Timofey Tyagur\Downloads\SaxoTrader2_webdeploy.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-31 21:22 - 2014-08-15 15:05 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-05-31 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru2015-05-31 18:45 - 2013-10-09 18:45 - 00000250 _____ () C:\Windows\Tasks\AutoKMSDaily.job2015-05-28 22:41 - 2013-08-10 09:01 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1532010537-4047090494-72995704-10012015-05-28 21:50 - 2012-09-27 13:49 - 00797086 _____ () C:\Windows\system32\perfh019.dat2015-05-28 21:50 - 2012-09-27 13:49 - 00167944 _____ () C:\Windows\system32\perfc019.dat2015-05-28 21:50 - 2012-07-26 09:28 - 01774770 _____ () C:\Windows\system32\PerfStringBackup.INI2015-05-28 21:42 - 2015-01-18 18:25 - 00003264 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1532010537-4047090494-72995704-10012015-05-28 21:42 - 2014-01-03 13:01 - 00003384 _____ () C:\Windows\System32\Tasks\Update Checker2015-05-28 21:42 - 2013-10-09 18:45 - 00003760 _____ () C:\Windows\System32\Tasks\AutoKMS2015-05-28 21:42 - 2013-02-01 13:42 - 00003052 _____ () C:\Windows\System32\Tasks\ASUS P4G2015-05-28 21:42 - 2013-02-01 13:42 - 00003024 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus2015-05-28 21:42 - 2013-02-01 13:38 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)2015-05-28 21:41 - 2013-08-10 08:54 - 00000423 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\sp_data.sys2015-05-28 21:41 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-05-28 20:55 - 2015-01-18 18:25 - 00003380 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1532010537-4047090494-72995704-10012015-05-28 20:51 - 2014-05-11 13:32 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\.ACEStream2015-05-28 20:51 - 2014-05-11 13:31 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\ACEStream2015-05-28 20:42 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI2015-05-28 20:34 - 2013-02-01 13:48 - 00004280 _____ () C:\Windows\system32\ServiceFilter.ini2015-05-28 08:17 - 2013-08-10 08:54 - 00000000 ____D () C:\Users\Timofey Tyagur2015-05-27 23:26 - 2014-10-06 23:05 - 00000000 ____D () C:\Program Files\biforder2015-05-27 23:05 - 2014-03-23 21:15 - 00000000 ____D () C:\temp2015-05-27 22:41 - 2013-09-05 13:05 - 02318336 ___SH () C:\Users\Timofey Tyagur\Desktop\Thumbs.db2015-05-27 22:25 - 2013-08-24 11:34 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Skype2015-05-21 20:44 - 2013-08-21 20:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\vlc2015-05-18 08:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent2015-05-05 21:02 - 2014-01-16 18:29 - 00575488 ___SH () C:\Users\Timofey Tyagur\Downloads\Thumbs.db2015-05-02 12:57 - 2013-08-09 21:36 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\DAEMON Tools Lite2015-05-02 10:51 - 2014-04-29 23:41 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Local\Rockstar Games2015-05-02 04:21 - 2013-11-19 14:21 - 00000000 ____D () C:\ProgramData\Package Cache2015-05-01 00:41 - 2014-11-09 21:05 - 00000000 ____D () C:\Users\Timofey Tyagur\Downloads\Cities XL ==================== Files in the root of some directories ======= 2015-05-28 08:19 - 2015-05-28 20:37 - 0000115 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\LogFile.txt2013-09-29 19:55 - 2013-09-29 19:55 - 0000021 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\my_intel.sys2014-09-03 00:18 - 2014-09-03 00:18 - 0611500 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\Scorch_Install.log2013-08-10 08:54 - 2015-05-28 21:41 - 0000423 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\sp_data.sys2015-04-08 20:46 - 2015-04-08 21:24 - 0004608 _____ () C:\Users\Timofey Tyagur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-12-07 18:53 - 2014-12-11 00:30 - 0000112 _____ () C:\ProgramData\j75O8Et0M.dat2012-11-24 03:25 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd2012-11-24 03:25 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe2012-11-24 03:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Files to move or delete:====================C:\ProgramData\j75O8Et0M.datC:\ProgramData\SetStretch.exeC:\ProgramData\SetStretch.VBS ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-23 10:47 ==================== End of log ============================ Thank you very much in advance. Timofey
  2. Dear experts, I got infected some time ago and now dozens of Chrome.exe processes eat up to 80% of the memeory. I would be extremely grateful if you could help me solve the problem. Please find below the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01Ran by Timofey Tyagur (administrator) on TIMOFEY on 31-05-2015 18:23:30Running from C:\Users\Timofey Tyagur\DownloadsLoaded Profiles: Timofey Tyagur (Available Profiles: Timofey Tyagur)Platform: Windows 8 Single Language (X64) OS Language: Русский (Россия)Internet Explorer Version 10 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(ООО Яндекс) C:\Program Files (x86)\Yandex\Punto Switcher\ps64ldr.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe(Microsoft Corporation) C:\Windows\System32\mspaint.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)Startup: C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-09-11]ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Вырезка экрана и программа запуска для OneNote 2010.lnk [2013-08-11]ShortcutTarget: Вырезка экрана и программа запуска для OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyServer: [s-1-5-21-1532010537-4047090494-72995704-1001] => http=210.211.125.25:3128HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.comHKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ru.msn.com/HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=profitraf2SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-20] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.defaultFF DefaultSearchEngine: Поиск@Mail.RuFF SelectedSearchEngine: Поиск@Mail.RuFF Homepage: hxxp://mail.ru/cnt/10445?gp=profitraf2FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=FF NetworkProxy: "type", 1FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)FF Plugin-x32: @Sibelius.com/Scorch Plugin,version=6.2.0.88 -> C:\Program Files (x86)\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] ()FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)FF Plugin HKU\S-1-5-21-1532010537-4047090494-72995704-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Timofey Tyagur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-31] (Unity Technologies ApS)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll [2013-03-11] ()FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchAxPlugin.dll [2010-04-08] ()FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()FF SearchPlugin: C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default\searchplugins\mailru.xml [2014-10-04]FF Extension: Визуальные закладки @Mail.Ru - C:\Users\Timofey Tyagur\AppData\Roaming\Mozilla\Firefox\Profiles\ps1ujyna.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2014-10-04]FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKFF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-08-12]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found] Chrome: =======CHR Profile: C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-28]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-05-28]CHR Extension: (YouTube) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]CHR Extension: (Adblock Plus) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-28]CHR Extension: (Pixlr-o-matic) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2015-05-28]CHR Extension: (timeStats) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejifodhjoeeenihgfpjijjmpomaphmah [2015-05-28]CHR Extension: (Google Calendar) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-28]CHR Extension: (PanicButton) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2015-05-28]CHR Extension: (AdBlock) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-28]CHR Extension: (Bookmark Manager) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]CHR Extension: (Google Forms) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2015-05-28]CHR Extension: (StayFocusd) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-05-28]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-05]CHR Extension: (Google Wallet) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]CHR Extension: (Fusion Tables (experimental)) - C:\Users\Timofey Tyagur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfoeakahkgllhkommkfeehmkfcloagkl [2015-05-28]CHR HKLM-x32\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [jggbjbmnfmipgcanidamjfpechdeekoi] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [nidmnchoekibbojpkbcojafkodobelld] - C:\Program Files (x86)\Crx\Files\nidmnchoekibbojpkbcojafkodobelld_0.1.4.crx [2013-08-10]CHR HKLM-x32\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)R3 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [30080 2012-10-01] (Intel Corporation)R3 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [31616 2012-10-01] (Intel Corporation)R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1333424 2012-12-21] (ESET)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)R3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-25] ()S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)R3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-25] (Intel® Corporation)S3 updater; C:\Program Files (x86)\mediainformationaccess\updater.exe run options=0000000777000000000000000000000 source=mia [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-05-28] (Emsisoft GmbH)R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [112640 2012-10-29] (ASIX Electronics Corp.)S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-02] (Motorola Solutions, Inc.)S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-02] (Motorola Solutions, Inc.)R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-05-28] (Emsisoft GmbH)R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-10-01] (Intel Corporation)R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-10-01] (Intel Corporation)R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-10-01] (Intel Corporation)R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96576 2012-10-01] (Intel Corporation)R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229184 2012-10-01] (Intel Corporation)R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363328 2012-10-01] (Intel Corporation)R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-08-12] (Disc Soft Ltd)R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-01-10] (ESET)R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [190232 2013-01-10] (ESET)R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [59440 2013-01-10] (ESET)R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2013-01-10] (ESET)R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-31] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-08-12] (Duplex Secure Ltd.)S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows ® Win 7 DDK provider)R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows ® Win 7 DDK provider)U0 msahci; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-28 23:51 - 2015-05-28 23:52 - 00037061 _____ () C:\Users\Timofey Tyagur\Downloads\Addition.txt2015-05-28 23:49 - 2015-05-31 18:23 - 00023468 _____ () C:\Users\Timofey Tyagur\Downloads\FRST.txt2015-05-28 23:49 - 2015-05-31 18:23 - 00000000 ____D () C:\FRST2015-05-28 23:49 - 2015-05-28 23:49 - 02108928 _____ (Farbar) C:\Users\Timofey Tyagur\Downloads\FRST64.exe2015-05-28 21:29 - 2015-05-28 21:42 - 00000000 ____D () C:\EEK2015-05-28 21:29 - 2015-05-28 21:29 - 00000745 _____ () C:\Users\Timofey Tyagur\Desktop\Start Emsisoft Emergency Kit.lnk2015-05-28 21:27 - 2015-05-28 21:28 - 20781656 _____ () C:\Users\Timofey Tyagur\Downloads\RogueKillerX64.exe2015-05-28 21:24 - 2015-05-28 21:28 - 155048408 _____ () C:\Users\Timofey Tyagur\Downloads\EmsisoftEmergencyKit.exe2015-05-28 21:09 - 2015-05-28 21:09 - 00283258 _____ () C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe_20150528.210920.5148.log2015-05-28 21:09 - 2015-05-28 21:09 - 00000022 _____ () C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe_20150528.210920.5148.zip2015-05-28 20:31 - 2015-05-28 20:31 - 00001294 _____ () C:\Windows\system32\.crusader2015-05-28 20:02 - 2015-05-28 20:13 - 00000000 ____D () C:\ProgramData\HitmanPro2015-05-28 20:01 - 2015-05-28 20:01 - 11024496 _____ (SurfRight B.V.) C:\Users\Timofey Tyagur\Downloads\HitmanPro_x64.exe2015-05-28 08:19 - 2015-05-28 08:19 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\ParetoLogic2015-05-28 08:18 - 2015-05-28 20:37 - 00000000 ____D () C:\ProgramData\ParetoLogic2015-05-28 08:18 - 2015-05-28 08:18 - 00000000 _____ () C:\autoexec.bat2015-05-27 23:43 - 2015-05-27 23:55 - 00014996 _____ () C:\Users\Timofey Tyagur\Downloads\Travel plans 2015 .xlsm2015-05-27 23:43 - 2015-05-27 23:43 - 00000165 ____H () C:\Users\Timofey Tyagur\Downloads\~$Travel plans 2015 .xlsm2015-05-27 23:26 - 2015-05-28 09:26 - 00085356 _____ () C:\Windows\PFRO.log2015-05-27 23:20 - 2015-05-31 17:35 - 00463814 _____ () C:\Windows\WindowsUpdate.log2015-05-27 23:02 - 2015-05-31 14:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-05-27 23:02 - 2015-05-27 23:02 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-05-27 23:02 - 2015-05-27 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-05-27 23:01 - 2015-05-27 23:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-05-27 23:01 - 2015-05-27 23:01 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-05-27 23:01 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-05-27 23:01 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-05-27 23:01 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-05-27 22:59 - 2015-05-27 23:01 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Timofey Tyagur\Downloads\mbam-setup-2.1.6.1022.exe2015-05-27 22:58 - 2015-05-27 22:58 - 00221384 _____ (ESET) C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner (1).exe2015-05-27 22:56 - 2015-05-27 22:56 - 00221384 _____ (ESET) C:\Users\Timofey Tyagur\Downloads\ESETPoweliksCleaner.exe2015-05-02 10:54 - 2015-04-18 11:18 - 00000080 _____ () C:\Users\Timofey Tyagur\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦2015-05-02 04:21 - 2015-05-28 20:27 - 00000000 ____D () C:\Program Files\Rockstar Games2015-05-02 04:21 - 2015-05-28 20:27 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games2015-05-01 19:11 - 2015-05-01 19:11 - 00002840 _____ () C:\Users\Timofey Tyagur\Downloads\latest.edemo.jnlp2015-05-01 19:11 - 2015-05-01 19:11 - 00000008 ___RH () C:\Users\Timofey Tyagur\hwid2015-05-01 16:43 - 2015-05-01 16:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Saxo Bank2015-05-01 16:43 - 2015-05-01 16:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Local\Saxo Bank2015-05-01 16:41 - 2015-05-01 16:41 - 00002070 _____ () C:\Users\Timofey Tyagur\Desktop\SaxoTrader.lnk2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Saxo Bank2015-05-01 16:41 - 2015-05-01 16:41 - 00000000 ____D () C:\Program Files (x86)\Saxo Bank2015-05-01 16:38 - 2015-05-01 16:38 - 00301352 _____ (Saxo Bank) C:\Users\Timofey Tyagur\Downloads\SaxoTrader2_webdeploy.exe2015-05-01 10:21 - 2015-05-01 10:21 - 00018608 _____ () C:\Users\Timofey Tyagur\Downloads\[rutor.org]3DMGAME-Grand.Theft.Auto.V.Update.2.and.Crack.v.torrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-31 18:22 - 2014-08-15 15:05 - 00000896 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-05-31 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru2015-05-28 22:41 - 2013-08-10 09:01 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1532010537-4047090494-72995704-10012015-05-28 21:57 - 2014-10-18 15:53 - 00000000 ____D () C:\Program Files (x86)\F1 20142015-05-28 21:50 - 2012-09-27 13:49 - 00797086 _____ () C:\Windows\system32\perfh019.dat2015-05-28 21:50 - 2012-09-27 13:49 - 00167944 _____ () C:\Windows\system32\perfc019.dat2015-05-28 21:50 - 2012-07-26 09:28 - 01774770 _____ () C:\Windows\system32\PerfStringBackup.INI2015-05-28 21:42 - 2015-01-18 18:25 - 00003264 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1532010537-4047090494-72995704-10012015-05-28 21:42 - 2014-01-03 13:01 - 00003384 _____ () C:\Windows\System32\Tasks\Update Checker2015-05-28 21:42 - 2013-10-09 18:45 - 00003760 _____ () C:\Windows\System32\Tasks\AutoKMS2015-05-28 21:42 - 2013-02-01 13:42 - 00003052 _____ () C:\Windows\System32\Tasks\ASUS P4G2015-05-28 21:42 - 2013-02-01 13:42 - 00003024 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus2015-05-28 21:42 - 2013-02-01 13:38 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)2015-05-28 21:41 - 2013-08-10 08:54 - 00000423 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\sp_data.sys2015-05-28 21:41 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-05-28 20:55 - 2015-01-18 18:25 - 00003380 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1532010537-4047090494-72995704-10012015-05-28 20:51 - 2014-05-11 13:32 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\.ACEStream2015-05-28 20:51 - 2014-05-11 13:31 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\ACEStream2015-05-28 20:42 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI2015-05-28 20:34 - 2013-02-01 13:48 - 00004280 _____ () C:\Windows\system32\ServiceFilter.ini2015-05-28 20:31 - 2013-08-10 11:54 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent2015-05-28 08:17 - 2013-08-10 08:54 - 00000000 ____D () C:\Users\Timofey Tyagur2015-05-27 23:26 - 2014-10-06 23:05 - 00000000 ____D () C:\Program Files\biforder2015-05-27 23:05 - 2014-03-23 21:15 - 00000000 ____D () C:\temp2015-05-27 22:41 - 2013-09-05 13:05 - 02318336 ___SH () C:\Users\Timofey Tyagur\Desktop\Thumbs.db2015-05-27 22:25 - 2013-08-24 11:34 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\Skype2015-05-24 18:45 - 2013-10-09 18:45 - 00000250 _____ () C:\Windows\Tasks\AutoKMSDaily.job2015-05-21 20:44 - 2013-08-21 20:43 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\vlc2015-05-18 08:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent2015-05-05 21:02 - 2014-01-16 18:29 - 00575488 ___SH () C:\Users\Timofey Tyagur\Downloads\Thumbs.db2015-05-02 12:57 - 2013-08-09 21:36 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Roaming\DAEMON Tools Lite2015-05-02 10:51 - 2014-04-29 23:41 - 00000000 ____D () C:\Users\Timofey Tyagur\AppData\Local\Rockstar Games2015-05-02 04:21 - 2013-11-19 14:21 - 00000000 ____D () C:\ProgramData\Package Cache2015-05-01 00:41 - 2014-11-09 21:05 - 00000000 ____D () C:\Users\Timofey Tyagur\Downloads\Cities XL ==================== Files in the root of some directories ======= 2015-05-28 08:19 - 2015-05-28 20:37 - 0000115 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\LogFile.txt2013-09-29 19:55 - 2013-09-29 19:55 - 0000021 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\my_intel.sys2014-09-03 00:18 - 2014-09-03 00:18 - 0611500 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\Scorch_Install.log2013-08-10 08:54 - 2015-05-28 21:41 - 0000423 _____ () C:\Users\Timofey Tyagur\AppData\Roaming\sp_data.sys2015-04-08 20:46 - 2015-04-08 21:24 - 0004608 _____ () C:\Users\Timofey Tyagur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-12-07 18:53 - 2014-12-11 00:30 - 0000112 _____ () C:\ProgramData\j75O8Et0M.dat2012-11-24 03:25 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd2012-11-24 03:25 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe2012-11-24 03:25 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Files to move or delete:====================C:\ProgramData\j75O8Et0M.datC:\ProgramData\SetStretch.exeC:\ProgramData\SetStretch.VBS ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-23 10:47 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01Ran by Timofey Tyagur at 2015-05-28 23:51:20Running from C:\Users\Timofey Tyagur\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= HomeGroupUser$ (S-1-5-21-1532010537-4047090494-72995704-1003 - Limited - Enabled)Timofey Tyagur (S-1-5-21-1532010537-4047090494-72995704-1001 - Administrator - Enabled) => C:\Users\Timofey Tyagurzsgeuelxd (S-1-5-21-1532010537-4047090494-72995704-1004 - Limited - Disabled)Администратор (S-1-5-21-1532010537-4047090494-72995704-500 - Administrator - Disabled)Гость (S-1-5-21-1532010537-4047090494-72995704-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 6.0 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: ESET Smart Security 6.0 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Персональный файервол ESET (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.36 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)AX88772B_AX88772A_AX88772 Windows 8 Drivers (HKLM-x32\...\InstallShield_{534E1993-A9FE-4DFC-8C5B-A173A419EDF4}) (Version: 1.0.1.0 - ASIX Electronics Corporation)AX88772B_AX88772A_AX88772 Windows 8 Drivers (x32 Version: 1.0.1.0 - ASIX Electronics Corporation) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bootstrapper (x32 Version: 1.1.0.0 - Minitab, Inc.) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)Cities XL (HKLM-x32\...\Cities XL_is1) (Version: - Martin)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)ESET Smart Security (HKLM\...\{98F3D38A-1A0A-4333-992A-A1F5EED31747}) (Version: 6.0.308.2 - ESET, spol s r. o.)F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - )Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenGoogle Планета Земля (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.6.1082 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{AD0F3D6D-202A-4BAB-8838-0134531FD3AF}) (Version: 15.5.6.0460 - Intel Corporation)Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1657 - Intel Corporation)iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office, для дома и бизнеса 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)Microsoft SkyDrive (HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version: - )Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.2 - Minitab, Inc.)Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)Minitab16 (x32 Version: 16.2.2.0 - Minitab Inc) HiddenMinitab16 (x32 Version: 16.2.2.0 - Minitab, Inc.) HiddenMovie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)MyLogoMaker 2.0 (HKLM-x32\...\MyLogoMaker_is1) (Version: - Avanquest USA, Inc.)Punto Switcher 3.2.9 (HKLM-x32\...\{EE680C8E-23FE-4717-A2B8-E99878A7C0AE}) (Version: 3.2.9.240 - Яндекс)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)SaxoTrader (HKLM-x32\...\{49C14B93-58AD-4178-B52C-750D54CE618D}) (Version: 2.129.46.0 - Saxo Bank)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM-x32\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)SoftwareManager (x32 Version: 1.1.0.0 - Minitab, Inc.) HiddenTranscribe! 8.10 (HKLM-x32\...\Transcribe!_is1) (Version: 8.10 - Seventh String Software)Unity Web Player (HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Vegas Pro 10.0 (HKLM-x32\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)Windows Driver Package - ASUS (ATP) Mouse (11/09/2012 1.0.0.153) (HKLM\...\5AB9160B769DD2E134ADCB8010377DECA2479378) (Version: 11/09/2012 1.0.0.153 - ASUS)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)XLNation User Interface Mod (HKLM-x32\...\{641DDF2F-066D-441C-B10E-2FC579DF1B14}) (Version: 1.79.7 - Altiris)Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenОсновные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenПоддержка программ Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenФотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenФотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1532010537-4047090494-72995704-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Timofey Tyagur\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 19-05-2015 21:06:23 Запланированная контрольная точка28-05-2015 20:07:14 Restore Point процесса HitmanPro ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {062E6207-7289-4E31-A703-A666BF2F9E86} - System32\Tasks\{A0806D8D-3829-4C8B-BFC9-11D0433CEDEE} => pcalua.exe -a "C:\Users\Timofey Tyagur\Downloads\InstallPlus500.exe" -d "C:\Users\Timofey Tyagur\Downloads"Task: {13E33CCE-55BB-4EF1-B120-347AC34BC0D5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exeTask: {1EE4E780-389E-456F-AC59-22E6DED44A1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)Task: {3467A0BC-2521-44D2-A47D-E68CAAEE5DDB} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-05-28] ()Task: {5924E230-EFFC-47C6-97F1-90F4C0EFF778} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1532010537-4047090494-72995704-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exeTask: {5C64857C-D3E3-4F47-8ACB-02F4E7032E1B} - System32\Tasks\{0D28D651-8A98-443A-B37E-63DDA5560DED} => pcalua.exe -a "C:\Program Files (x86)\Ski Resort Extreme\SREStart.exe" -d "C:\Program Files (x86)\Ski Resort Extreme\"Task: {5D0CB043-7183-45BD-A091-0A6C49E97F03} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-20] (AsusTek)Task: {76805D5C-DDAB-423A-971A-9A10441E466E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: {7E147F76-41D9-4889-B209-5FC5EE1F3FF9} - System32\Tasks\{B7639EA2-05B7-4150-B1C8-4845A5CCAE8F} => pcalua.exe -a E:\autostart.exe -d E:\Task: {8F8B0A0E-4AB0-4451-A15A-878B85C33751} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1532010537-4047090494-72995704-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exeTask: {926E0FB0-2BC4-4992-A061-5530EB25818D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)Task: {A4030BAE-32D1-4EF9-B349-875BC0F52335} - System32\Tasks\{8B4C2AA8-DF64-4615-8C40-8EB1E0156E5E} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}Task: {AB1B6462-0C8D-441F-820A-D30EABD4C3BB} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-05-28] ()Task: {B15655F1-FE29-4819-BD87-D602130BAECE} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS)Task: {C1E555ED-CEF8-4372-BD9C-036A01EBB7BC} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()Task: {DD5EF834-C216-43C8-A00D-851FC93B89AF} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe ==================== Loaded Modules (Whitelisted) ============== 2012-08-25 03:26 - 2012-08-25 03:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll2013-04-21 19:44 - 2013-04-21 19:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2013-04-21 19:44 - 2013-04-21 19:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2012-08-25 03:17 - 2012-08-25 03:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll2011-10-07 10:46 - 2011-10-07 10:46 - 00561664 _____ () C:\Program Files (x86)\Yandex\Punto Switcher\Updater\yupdate.dll2013-02-01 13:36 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2015-05-25 22:51 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll2015-05-25 22:51 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll2010-11-16 07:02 - 2010-11-16 07:02 - 00249232 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1532010537-4047090494-72995704-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Timofey Tyagur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaperDNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartupMSCONFIG\startupfolder: C:^Users^Timofey Tyagur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Punto Switcher.lnk => C:\Windows\pss\Punto Switcher.lnk.StartupMSCONFIG\startupreg: AceStream => C:\Users\Timofey Tyagur\AppData\Roaming\ACEStream\engine\ace_engine.exeMSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exeMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /SMSCONFIG\startupreg: ATLauncher => "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1MSCONFIG\startupreg: ATUninstallIcon => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1MSCONFIG\startupreg: C8zIej4uuC5g => C:\Users\Timofey Tyagur\AppData\Local\Mail.ru\Sputnik\ptls\C8zIej4uuC5g.exe -ptlsMSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunMSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmdMSCONFIG\startupreg: Google Update => "C:\Users\Timofey Tyagur\AppData\Local\Google\Update\GoogleUpdate.exe" /cMSCONFIG\startupreg: GoogleChromeAutoLaunch_9A92FE142A4E4800D91FBF93F601F8F8 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-windowMSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe" /platuiMSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyMSCONFIG\startupreg: pmems => C:\Program Files (x86)\PMEM\pmems.exe /STARTUPMSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: uTorrent => "C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZEDHKLM\...\StartupApproved\Run: => "BTMTrayAgent"HKLM\...\StartupApproved\Run32: => "APSDaemon"HKLM\...\StartupApproved\Run32: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "ATLauncher"HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\StartupFolder: => "Вырезка экрана и программа запуска для OneNote 2010.lnk"HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9A92FE142A4E4800D91FBF93F601F8F8"HKU\S-1-5-21-1532010537-4047090494-72995704-1001\...\StartupApproved\Run: => "uTorrent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{35B24805-95D3-4D50-BB04-01A66905838A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{443EF453-E0D4-470E-B248-5472F0737B4F}] => (Allow) LPort=2869FirewallRules: [{20D1C1DF-2454-4BC7-8ADF-1E5DC86E36C7}] => (Allow) LPort=1900FirewallRules: [{0114B387-196F-4C2C-9525-999039986A38}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exeFirewallRules: [{52E6EBD1-45E5-4311-9270-51332A1386AA}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exeFirewallRules: [{4A5E0439-BD02-40B6-9C44-EB2271B99657}] => (Allow) C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{3903BBF7-1082-414A-9E31-47C580011ECA}] => (Allow) C:\Users\Timofey Tyagur\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{27D67465-3A07-4677-85DA-13869679E662}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exeFirewallRules: [{2B87FB25-9735-47DD-98E2-F4B1B1345B92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{5EFE9A00-692A-4D44-994D-6E64F845BD21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{A7594FB2-73D2-4F13-A7BB-4A1786DA0FD9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{210126D5-61E1-4E28-ABA3-1FDF1C018A35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{337F1AF8-E044-450C-8FEA-5079B838C4FC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{0CEC7D98-60BB-4DA6-BA04-444719489AB8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [{FB67D287-0813-4534-91DC-9FA67AA3E928}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exeFirewallRules: [{4EDB2886-5828-4C40-AD0A-5586F0958F31}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exeFirewallRules: [{2D285A1B-00B6-47AD-8C99-E4B1EB87531C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exeFirewallRules: [{1D4A6923-1E38-4591-9A90-FB3E46104CA1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exeFirewallRules: [{28B20B48-EAD0-4D03-8A50-176AF0A73C4F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exeFirewallRules: [{2D992BB3-6B70-400C-A1A7-B49B3267B127}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exeFirewallRules: [{E0CAD9E8-629E-4CC5-BD39-8D26D04FAA6B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exeFirewallRules: [{0497471C-7FFD-4A2E-B229-4B7066E874C0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exeFirewallRules: [{35CDF6A5-4D98-4464-AC22-F19BAA58CC61}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exeFirewallRules: [{7583EDD8-739F-4BA0-AEDB-98332F1060B7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exeFirewallRules: [{1051FAF6-F80B-477E-8D5C-68286F2D498E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed AdapterDescription: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed AdapterClass Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Manufacturer: Intel CorporationService: BTHUSBProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Teredo Tunneling Pseudo-InterfaceDescription: Туннельный адаптер Microsoft TeredoClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors:==================Error: (05/28/2015 08:26:07 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Имя сбойного приложения: chrome.exe, версия: 43.0.2357.81, метка времени: 0x555f6160Имя сбойного модуля: chrome.dll, версия: 43.0.2357.81, метка времени: 0x555f5db3Код исключения: 0x80000003Смещение ошибки: 0x00518feaИдентификатор сбойного процесса: 0x48Время запуска сбойного приложения: 0xchrome.exe0Путь сбойного приложения: chrome.exe1Путь сбойного модуля: chrome.exe2Идентификатор отчета: chrome.exe3Полное имя сбойного пакета: chrome.exe4Код приложения, связанного со сбойным пакетом: chrome.exe5 Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 15219 Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 15219 Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/28/2015 08:31:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (05/27/2015 10:11:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Имя сбойного приложения: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235cИмя сбойного модуля: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235cКод исключения: 0xc000000dСмещение ошибки: 0x00063a5bИдентификатор сбойного процесса: 0x13dcВремя запуска сбойного приложения: 0xinspasio.exe0Путь сбойного приложения: inspasio.exe1Путь сбойного модуля: inspasio.exe2Идентификатор отчета: inspasio.exe3Полное имя сбойного пакета: inspasio.exe4Код приложения, связанного со сбойным пакетом: inspasio.exe5 Error: (05/27/2015 09:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Имя сбойного приложения: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235cИмя сбойного модуля: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235cКод исключения: 0xc000000dСмещение ошибки: 0x00063a5bИдентификатор сбойного процесса: 0x196cВремя запуска сбойного приложения: 0xinspasio.exe0Путь сбойного приложения: inspasio.exe1Путь сбойного модуля: inspasio.exe2Идентификатор отчета: inspasio.exe3Полное имя сбойного пакета: inspasio.exe4Код приложения, связанного со сбойным пакетом: inspasio.exe5 Error: (05/27/2015 08:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Имя сбойного приложения: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235cИмя сбойного модуля: inspasio.exe, версия: 0.0.0.0, метка времени: 0x5433235cКод исключения: 0xc000000dСмещение ошибки: 0x00063a5bИдентификатор сбойного процесса: 0x408Время запуска сбойного приложения: 0xinspasio.exe0Путь сбойного приложения: inspasio.exe1Путь сбойного модуля: inspasio.exe2Идентификатор отчета: inspasio.exe3Полное имя сбойного пакета: inspasio.exe4Код приложения, связанного со сбойным пакетом: inspasio.exe5 Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 18579 Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 18579 System errors:=============Error: (05/28/2015 09:42:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: Сбой при вызове ScRegSetValueExW для DelayedAutostart из-за ошибки %%5 Error: (05/28/2015 09:42:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: Сбой при вызове ScRegSetValueExW для Start из-за ошибки %%5 Error: (05/28/2015 09:41:42 PM) (Source: EventLog) (EventID: 6008) (User: )Description: Предыдущее завершение работы системы в 21:24:04 на ‎28.‎05.‎2015 было неожиданным. Error: (05/28/2015 09:15:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: Служба "MBAMService" неожиданно прервана. Это произошло (раз): 1. Error: (05/28/2015 08:44:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: Сбой при вызове ScRegSetValueExW для DelayedAutostart из-за ошибки %%5 Error: (05/28/2015 08:44:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: Сбой при вызове ScRegSetValueExW для Start из-за ошибки %%5 Error: (05/28/2015 08:34:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: Сбой при вызове ScRegSetValueExW для DelayedAutostart из-за ошибки %%5 Error: (05/28/2015 08:34:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: Сбой при вызове ScRegSetValueExW для Start из-за ошибки %%5 Error: (05/28/2015 08:33:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: Служба "HitmanPro 3.7 Crusader (Boot)" завершена из-за следующей внутренней ошибки: %%0 Error: (05/28/2015 08:11:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: Служба "MBAMService" неожиданно прервана. Это произошло (раз): 1. Microsoft Office:=========================Error: (05/28/2015 08:26:07 PM) (Source: Application Error) (EventID: 1000) (User: )Description: chrome.exe43.0.2357.81555f6160chrome.dll43.0.2357.81555f5db38000000300518fea4801d099718fbc7c56C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\chrome.dll016df3fb-0567-11e5-bf0f-bf684857142c Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 15219 Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 15219 Error: (05/28/2015 09:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/28/2015 08:31:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (05/27/2015 10:11:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: inspasio.exe0.0.0.05433235cinspasio.exe0.0.0.05433235cc000000d00063a5b13dc01d098b948f0e98cC:\Program Files\biforder\inspasio.exeC:\Program Files\biforder\inspasio.exe87dc208d-04ac-11e5-bf0c-f6e1ea7b3075 Error: (05/27/2015 09:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )Description: inspasio.exe0.0.0.05433235cinspasio.exe0.0.0.05433235cc000000d00063a5b196c01d098b0e25a2bffC:\Program Files\biforder\inspasio.exeC:\Program Files\biforder\inspasio.exe237113d4-04a4-11e5-bf0c-f6e1ea7b3075 Error: (05/27/2015 08:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )Description: inspasio.exe0.0.0.05433235cinspasio.exe0.0.0.05433235cc000000d00063a5b40801d098a8004fc055C:\Program Files\biforder\inspasio.exeC:\Program Files\biforder\inspasio.exe3ee6bcc9-049b-11e5-bf0c-f6e1ea7b3075 Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 18579 Error: (05/27/2015 08:24:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 18579 ==================== Memory info =========================== Processor: Intel® Core i7-3517U CPU @ 1.90GHzPercentage of memory in use: 67%Total physical RAM: 3981.92 MBAvailable physical RAM: 1278.34 MBTotal Pagefile: 11661.92 MBAvailable Pagefile: 8133.13 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:95.39 GB) (Free:35.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (Data) (Fixed) (Total:117.78 GB) (Free:83.37 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 238.5 GB) (Disk ID: E2DFEDE9) Partition: GPT Partition Type. ==================== End of log ============================ Thank you very much for your help. Kind regards, Timofey
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.