Results 1 to 13 of 13

Thread:

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User
    Join Date: Jan:2015
    Location: Sofia
    Posts: 69

    . 'metin2'. , , . . 10-15. . , , .. . , . " " .

    , .

  2. #2
    ;) DoC's Avatar
    Join Date: Dec:2006
    Location: zhe internetz
    Posts: 12,744
    .
    .

    #makeHWBGgreatagain

  3. #3
    Registered User netlab's Avatar
    Join Date: Jul:2004
    Location:
    Posts: 53
    . .

  4. #4
    Registered User
    Join Date: Jan:2015
    Location: Sofia
    Posts: 69
    ., , GTA San Andreas .

    avast Avira.

    2 GTA.

    http://prikachi.com/images.php?images/210/8091210T.png

  5. #5
    ;) DoC's Avatar
    Join Date: Dec:2006
    Location: zhe internetz
    Posts: 12,744
    Metin GTA, a Neshta.A. ComboFix, Safe Mode ( F8 , Safe Mode) .
    .

    #makeHWBGgreatagain

  6. #6
    Registered User
    Join Date: Jan:2015
    Location: Sofia
    Posts: 69
    , log-.


    ComboFix 15-04-28.01 - Mario 05.2015 . 17:41:46.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.4095.1995 [GMT 3:00]
    Running from: c:\users\Mario\Downloads\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
    .
    .
    c:\users\Mario\AppData\Local\Temp\avgnt. exe\Avira.OE.ExtApi.dll
    c:\users\Mario\AppData\Roaming\DLAUVH.ex e
    c:\users\Mario\AppData\Roaming\EIQWMN.ex e
    c:\users\Mario\AppData\Roaming\QVOZFC.ex e
    c:\users\Mario\AppData\Roaming\XBPD.exe
    c:\windows\msdownld.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-04-03 to 2015-05-03 )))))))))))))))))))))))))))))))
    .
    .
    2015-05-03 14:50 . 2015-05-03 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-05-03 12:21 . 2013-07-02 14:29 24824 ----a-w- c:\windows\system32\drivers\IOMap64.sys
    2015-05-03 09:25 . 2015-04-17 02:43 52392 ----a-w- c:\windows\system32\drivers\iSafeNetFilt er.sys
    2015-05-03 09:24 . 2015-05-03 09:24 -------- d-----w- c:\programdata\boost_interprocess
    2015-04-19 12:21 . 2015-04-19 12:22 -------- d-----w- c:\program files (x86)\Google
    2015-04-19 12:21 . 2015-04-19 12:22 -------- d-----w- c:\users\Mario\AppData\Local\Google
    2015-04-18 19:51 . 2015-04-18 19:51 -------- d-----w- c:\users\Mario\AppData\Local\Rockstar Games
    2015-04-18 19:49 . 2015-04-15 16:21 -------- d-----w- c:\program files\Rockstar Games
    2015-04-18 18:14 . 2015-04-18 19:51 -------- d-----w- c:\program files (x86)\Grand Theft Auto V
    2015-04-17 12:14 . 2015-04-17 12:14 -------- d-----w- c:\program files (x86)\Common Files\Java
    2015-04-16 15:58 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F9651D0-55DB-4D81-A753-B0CC6F9FEE16}\mpengine.dll
    2015-04-16 11:33 . 2015-04-19 13:54 -------- d-----w- c:\users\Mario\AppData\Roaming\BoL
    2015-04-16 06:22 . 2015-04-16 06:22 -------- d-----w- c:\users\Mario\AppData\Roaming\Avira
    2015-04-16 06:20 . 2015-03-24 11:59 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
    2015-04-16 06:20 . 2015-03-24 11:59 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2015-04-16 06:20 . 2015-03-24 11:59 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2015-04-16 06:20 . 2015-03-24 11:59 128536 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2015-04-16 06:18 . 2015-04-16 06:23 -------- d-----w- c:\program files (x86)\Avira
    2015-04-16 06:18 . 2015-04-16 06:20 -------- d-----w- c:\programdata\Avira
    2015-04-16 06:18 . 2015-04-16 06:18 -------- d-----w- c:\programdata\Package Cache
    2015-04-16 06:14 . 2015-04-16 06:14 -------- d-----w- c:\users\Mario\AppData\Roaming\www.shadowexplorer.com
    2015-04-15 18:17 . 2015-04-15 18:17 -------- d-s---w- c:\windows\system32\CompatTel
    2015-04-15 18:17 . 2015-04-15 18:17 -------- d-----w- c:\windows\system32\appraiser
    2015-04-15 15:39 . 2015-04-08 20:32 560968 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2015-04-15 11:33 . 2015-03-25 03:00 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
    2015-04-15 11:32 . 2015-03-17 05:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-04-15 11:31 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
    2015-04-15 11:31 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
    2015-04-15 11:31 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
    2015-04-15 10:49 . 2015-04-15 10:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2015-04-15 10:30 . 2015-04-15 10:30 -------- d-----w- c:\users\Mario\AppData\Local\Gameforge4d
    2015-04-04 20:11 . 2015-04-04 20:11 -------- d-s---w- c:\windows\system32\GWX
    2015-04-04 20:11 . 2015-04-04 20:11 -------- d-s---w- c:\windows\SysWow64\GWX
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
    .
    2015-04-17 12:12 . 2015-03-17 13:11 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-04-15 13:11 . 2015-01-08 12:34 128913832 ----a-w- c:\windows\system32\MRT.exe
    2015-04-15 12:57 . 2015-01-01 13:43 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-04-15 12:57 . 2015-01-01 13:43 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cp l
    2015-04-09 00:58 . 2015-03-18 13:03 1086424 ----a-w- c:\windows\system32\nvumdshimx.dll
    2015-04-09 00:58 . 2015-01-24 11:51 78480 ----a-w- c:\windows\system32\OpenCL.dll
    2015-04-09 00:58 . 2015-01-24 11:51 66704 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2015-04-09 00:58 . 2015-01-24 11:50 14617288 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2015-04-09 00:58 . 2015-01-24 11:49 12689592 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2015-04-09 00:58 . 2015-01-24 11:49 3317344 ----a-w- c:\windows\system32\nvapi64.dll
    2015-04-09 00:58 . 2015-01-24 11:49 2935416 ----a-w- c:\windows\SysWow64\nvapi.dll
    2015-04-08 21:30 . 2015-01-24 11:52 6841488 ----a-w- c:\windows\system32\nvcpl.dll
    2015-04-08 21:30 . 2015-01-24 11:52 3478344 ----a-w- c:\windows\system32\nvsvc64.dll
    2015-04-08 21:30 . 2015-01-24 11:52 936264 ----a-w- c:\windows\system32\nvvsvc.exe
    2015-04-08 21:30 . 2015-01-24 11:52 62608 ----a-w- c:\windows\system32\nvshext.dll
    2015-04-08 21:30 . 2015-01-24 11:52 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
    2015-04-08 21:30 . 2015-01-24 11:52 385168 ----a-w- c:\windows\system32\nvmctray.dll
    2015-04-08 17:52 . 2015-01-24 11:52 4336074 ----a-w- c:\windows\system32\nvcoproc.bin
    2015-04-03 10:23 . 2015-04-03 10:24 1194185 ----a-w- c:\windows\unins000.exe
    2015-03-28 03:44 . 2015-01-25 12:34 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2015-03-28 03:44 . 2015-01-24 11:53 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2015-03-28 03:43 . 2015-01-25 12:34 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
    2015-03-28 03:43 . 2015-01-24 11:53 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
    2015-03-17 04:56 . 2015-04-15 11:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2015-03-13 19:41 . 2015-03-18 13:03 1896136 ----a-w- c:\windows\system32\nvdispco6434788.dll
    2015-03-13 19:41 . 2015-03-18 13:03 1557648 ----a-w- c:\windows\system32\nvdispgenco6434788.d ll
    2015-02-26 03:25 . 2015-03-11 12:26 3204096 ----a-w- c:\windows\system32\win32k.sys
    2015-02-24 01:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
    2015-02-20 04:41 . 2015-03-11 12:27 41984 ----a-w- c:\windows\system32\lpk.dll
    2015-02-20 04:40 . 2015-03-11 12:27 100864 ----a-w- c:\windows\system32\fontsub.dll
    2015-02-20 04:40 . 2015-03-11 12:27 14336 ----a-w- c:\windows\system32\dciman32.dll
    2015-02-20 04:40 . 2015-03-11 12:27 46080 ----a-w- c:\windows\system32\atmlib.dll
    2015-02-20 04:13 . 2015-03-11 12:27 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2015-02-20 04:13 . 2015-03-11 12:27 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
    2015-02-20 04:13 . 2015-03-11 12:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2015-02-20 04:12 . 2015-03-11 12:27 25600 ----a-w- c:\windows\SysWow64\lpk.dll
    2015-02-20 03:29 . 2015-03-11 12:27 372224 ----a-w- c:\windows\system32\atmfd.dll
    2015-02-20 03:09 . 2015-03-11 12:27 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
    2015-02-17 13:26 . 2015-02-17 13:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
    2015-02-13 05:22 . 2015-03-11 12:26 14177280 ----a-w- c:\windows\system32\shell32.dll
    2015-02-04 09:23 . 2015-02-04 09:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
    2015-02-04 09:13 . 2015-02-04 09:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2015-02-04 03:16 . 2015-03-11 12:26 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2015-02-04 02:54 . 2015-03-11 12:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2015-02-03 03:34 . 2015-03-11 12:27 693176 ----a-w- c:\windows\system32\winload.efi
    2015-02-03 03:34 . 2015-03-11 12:27 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
    2015-02-03 03:33 . 2015-03-11 12:27 616360 ----a-w- c:\windows\system32\winresume.efi
    2015-02-03 03:31 . 2015-03-11 12:27 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
    2015-02-03 03:31 . 2015-03-11 12:27 14632960 ----a-w- c:\windows\system32\wmp.dll
    2015-02-03 03:31 . 2015-03-11 12:27 229376 ----a-w- c:\windows\system32\wintrust.dll
    2015-02-03 03:31 . 2015-03-11 12:26 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-02-03 03:31 . 2015-03-11 12:26 215552 ----a-w- c:\windows\system32\ubpm.dll
    2015-02-03 03:31 . 2015-03-11 12:27 5120 ----a-w- c:\windows\system32\msdxm.ocx
    2015-02-03 03:31 . 2015-03-11 12:27 5120 ----a-w- c:\windows\system32\dxmasf.dll
    2015-02-03 03:31 . 2015-03-11 12:27 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
    2015-02-03 03:31 . 2015-03-11 12:27 1574400 ----a-w- c:\windows\system32\quartz.dll
    2015-02-03 03:31 . 2015-03-11 12:27 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2015-02-03 03:31 . 2015-03-11 12:27 371712 ----a-w- c:\windows\system32\qdvd.dll
    2015-02-03 03:31 . 2015-03-11 12:27 188416 ----a-w- c:\windows\system32\pcasvc.dll
    2015-02-03 03:31 . 2015-03-11 12:27 37376 ----a-w- c:\windows\system32\pcadm.dll
    2015-02-03 03:31 . 2015-03-11 12:27 9728 ----a-w- c:\windows\system32\spwmp.dll
    2015-02-03 03:31 . 2015-03-11 12:27 641024 ----a-w- c:\windows\system32\msscp.dll
    2015-02-03 03:31 . 2015-03-11 12:27 325632 ----a-w- c:\windows\system32\msnetobj.dll
    2015-02-03 03:31 . 2015-03-11 12:27 11264 ----a-w- c:\windows\system32\msmmsp.dll
    2015-02-03 03:31 . 2015-03-11 12:27 432128 ----a-w- c:\windows\system32\mfplat.dll
    2015-02-03 03:31 . 2015-03-11 12:27 4121600 ----a-w- c:\windows\system32\mf.dll
    2015-02-03 03:31 . 2015-03-11 12:27 206848 ----a-w- c:\windows\system32\mfps.dll
    2015-02-03 03:30 . 2015-03-11 12:27 631808 ----a-w- c:\windows\system32\evr.dll
    2015-02-03 03:30 . 2015-03-11 12:27 284672 ----a-w- c:\windows\system32\EncDump.dll
    2015-02-03 03:30 . 2015-03-11 12:27 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
    2015-02-03 03:30 . 2015-03-11 12:27 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
    2015-02-03 03:30 . 2015-03-11 12:27 1480192 ----a-w- c:\windows\system32\crypt32.dll
    2015-02-03 03:30 . 2015-03-11 12:27 1069056 ----a-w- c:\windows\system32\cryptui.dll
    2015-02-03 03:30 . 2015-03-11 12:27 82432 ----a-w- c:\windows\system32\cryptsp.dll
    2015-02-03 03:30 . 2015-03-11 12:27 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2015-02-03 03:30 . 2015-03-11 12:27 187904 ----a-w- c:\windows\system32\cryptsvc.dll
    2015-02-03 03:30 . 2015-03-11 12:27 842240 ----a-w- c:\windows\system32\blackbox.dll
    2015-02-03 03:30 . 2015-03-11 12:27 680960 ----a-w- c:\windows\system32\audiosrv.dll
    2015-02-03 03:30 . 2015-03-11 12:27 296448 ----a-w- c:\windows\system32\AudioSes.dll
    2015-02-03 03:30 . 2015-03-11 12:27 440832 ----a-w- c:\windows\system32\AudioEng.dll
    2015-02-03 03:30 . 2015-03-11 12:27 32256 ----a-w- c:\windows\system32\appidsvc.dll
    2015-02-03 03:30 . 2015-03-11 12:27 58880 ----a-w- c:\windows\system32\appidapi.dll
    2015-02-03 03:30 . 2015-03-11 12:27 55808 ----a-w- c:\windows\system32\rrinstaller.exe
    2015-02-03 03:30 . 2015-03-11 12:27 9728 ----a-w- c:\windows\system32\pcalua.exe
    2015-02-03 03:30 . 2015-03-11 12:27 11264 ----a-w- c:\windows\system32\pcawrk.exe
    2015-02-03 03:30 . 2015-03-11 12:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
    2015-02-03 03:30 . 2015-03-11 12:27 126464 ----a-w- c:\windows\system32\audiodg.exe
    2015-02-03 03:30 . 2015-03-11 12:27 146944 ----a-w- c:\windows\system32\appidpolicyconverter .exe
    2015-02-03 03:30 . 2015-03-11 12:27 17920 ----a-w- c:\windows\system32\appidcertstorecheck. exe
    2015-02-03 03:30 . 2015-03-11 12:27 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2015-02-03 03:29 . 2015-03-11 12:27 8704 ----a-w- c:\windows\system32\pcaevts.dll
    2015-02-03 03:28 . 2015-03-11 12:27 2048 ----a-w- c:\windows\system32\mferror.dll
    2015-02-03 03:19 . 2015-03-11 12:27 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
    2015-02-03 03:12 . 2015-03-11 12:27 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
    2015-02-03 03:12 . 2015-03-11 12:27 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
    2015-02-03 03:12 . 2015-03-11 12:26 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2015-02-03 03:12 . 2015-03-11 12:26 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
    2015-02-03 03:12 . 2015-03-11 12:27 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
    2015-02-03 03:12 . 2015-03-11 12:27 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
    2015-02-03 03:12 . 2015-03-11 12:27 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ ~\Browser Helper Objects\{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
    "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2015-04-13 2889408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-01 3890208]
    "Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2014-10-31 2066432]
    "DelaypluginInstall"="c:\programdata\Aim ersoft\Video Converter Ultimate\DelayPluginI.exe" [2014-12-12 1960336]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\progr am files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5Ser viceManager.exe" [2011-01-12 1523360]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-22 9919104]
    "BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-03-11 855768]
    "Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-04-10 130048]
    "avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-03-24 726320]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\wi ndows nt\currentversion\winlogon]
    "Userinit"="userinit.exe"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\ microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\pr ogram files (x86)\Avira\Antivirus\avmailc7.exe [x]
    R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\pro gram files (x86)\Avira\Antivirus\avwebg7.exe [x]
    R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\ Framework64\v4.0.30319\mscorsvw.exe;c:\w indows\Microsoft.NET\Framework64\v4.0.30 319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\progr am files (x86)\Skype\Updater\Updater.exe [x]
    R2 Update Cyti Web;Update Cyti Web;c:\program files (x86)\Cyti Web\updateCytiWeb.exe;c:\program files (x86)\Cyti Web\updateCytiWeb.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\ dmvsc.sys;c:\windows\SYSNATIVE\drivers\d mvsc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\dr ivers\EagleX64.sys;c:\windows\SYSNATIVE\ drivers\EagleX64.sys [x]
    R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.e xe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.e xe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollect or.exe;c:\windows\SYSNATIVE\IEEtwCollect or.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvi deominiport.sys;c:\windows\SYSNATIVE\dri vers\rdpvideominiport.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe; c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system3 2\drivers\synth3dvsc.sys;c:\windows\SYSN ATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\termi npt.sys;c:\windows\SYSNATIVE\drivers\ter minpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\dr ivers\tsusbflt.sys;c:\windows\SYSNATIVE\ drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsb GD.sys;c:\windows\SYSNATIVE\drivers\TsUs bGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\dr ivers\tsusbhub.sys;c:\windows\SYSNATIVE\ drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rd vgkmd.sys;c:\windows\SYSNATIVE\drivers\r dvgkmd.sys [x]
    R3 WatAdminSvc; Windows;c:\windows\system32\Wat\WatAdmin Svc.exe;c:\windows\SYSNATIVE\Wat\WatAdmi nSvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 {7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw64;{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw64;c:\windows\system32\dr ivers\{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw64.sys;c:\windows\SYSNATI VE\drivers\{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw64.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\driver s\aswSnx.sys;c:\windows\SYSNATIVE\driver s\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\ aswSP.sys;c:\windows\SYSNATIVE\drivers\a swSP.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVER S\avkmgr.sys;c:\windows\SYSNATIVE\DRIVER S\avkmgr.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsof tbus01.sys;c:\windows\SYSNATIVE\DRIVERS\ dtsoftbus01.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe ;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\progr am files (x86)\Avira\Antivirus\sched.exe [x]
    S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c :\windows\SysWOW64\ASGT.exe [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSy sCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSy sCtrlService.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\a swHwid.sys;c:\windows\SYSNATIVE\drivers\ aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\ drivers\aswMonFlt.sys;c:\windows\SYSNATI VE\drivers\aswMonFlt.sys [x]
    S2 aswStm;aswStm;c:\windows\system32\driver s\aswStm.sys;c:\windows\SYSNATIVE\driver s\aswStm.sys [x]
    S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\progra m files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
    S2 avnetflt;avnetflt;c:\windows\system32\DR IVERS\avnetflt.sys;c:\windows\SYSNATIVE\ DRIVERS\avnetflt.sys [x]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
    S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\progr am files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService. exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService. exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe; c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S3 IOMap;IOMap;c:\windows\system32\drivers\ IOMap64.sys;c:\windows\SYSNATIVE\drivers \IOMap64.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys; c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad6 4v.sys;c:\windows\SYSNATIVE\drivers\nvva d64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64w in7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt6 4win7.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viah duaa.sys;c:\windows\SYSNATIVE\drivers\vi ahduaa.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\ microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-04-19 12:22 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.231 1.135\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\Flash PlayerUpdateService.exe [2015-01-01 12:57]
    .
    2015-05-03 c:\windows\Tasks\GoogleUpdateTaskMachine Core.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-19 12:21]
    .
    2015-05-03 c:\windows\Tasks\GoogleUpdateTaskMachine UA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-19 12:21]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\explorer\shellicono verlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-01-01 13:46 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartu pUtility.exe" [2011-03-15 499608]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
    "ShadowPlay"="c:\windows\system32\nvspca p64.dll" [2015-03-28 1570672]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CT ID&ISID=M9AF30E2D-3851-4878-8C8D-A4A4C0489099&SearchSource=55&CUI=&UM=8&U P=SPB009B209-9479-43EE-B879-FEF887E65BC8&SSPV=SP2200TA_sp_ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
    TCP: DhcpNameServer = 217.9.239.90 192.168.0.1
    Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
    FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\F irefox\Profiles\tbj2bkqs.default-1421426715215\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-YTDownloader - c:\program files (x86)\YTDownloader\YTDownloader.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    BHO-{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - (no file)
    AddRemove-World of Metin2 - c:\program files (x86)\World of Metin2\Uninstall.exe
    AddRemove-{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1 - c:\program files (x86)\GameforgeLive\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,6 5,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6 e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system3 2\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flas h\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flas h\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flas h\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flas h\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flas h\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrash Handler.exe
    c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
    c:\program files (x86)\Avira\Antivirus\avguard.exe
    c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
    .
    **************************************** **********************************
    .
    Completion time: 2015-05-03 17:58:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-05-03 14:58
    .
    Pre-Run: 73*281*929*216 bytes free
    Post-Run: 74*852*495*360 bytes free
    .
    - - End Of File - - 852BEC10426718CB3E33F9852835B939
    A36C5E4F47E84449FF07ED3517B43A31
    /Hidden:

  7. #7
    ;) DoC's Avatar
    Join Date: Dec:2006
    Location: zhe internetz
    Posts: 12,744
    , , , , - ? HitmanPro .
    .

    #makeHWBGgreatagain

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |