Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible malware (Eraem Vire Studaa 2021)


  • This topic is locked This topic is locked
4 replies to this topic

#1 Oguchi

Oguchi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 17 January 2015 - 01:13 AM

* Hello, I'm new here. I don't know English perfectly so forgive me about it.

I realize that my computer became slow recently. I tried to detect something with anti virus software, but the computer continued slow after a "clean". 

I was searching for a hint about what's the problem, and I found a strange process working on PC. The process name is "Eraem Vire Studaa 2021", executed by a supposed program "saahog.exe". I read that it's a malware from a fake adobe flash updater.

I'm thinking that the lag is caused by this malware. If someone can help me, I'm grateful in advance.



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:20 AM

Posted 17 January 2015 - 09:40 AM

Hey, :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Oguchi

Oguchi
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 19 January 2015 - 12:15 AM

-FRST.txt
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015 03
Ran by Leo (administrator) on LEO-PC on 19-01-2015 03:12:50
Running from C:\Users\Leo\Desktop
Loaded Profiles: Leo (Available profiles: Leo)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: ポルトガル語 (ブラジル)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Eraem Corniratu) C:\Windows\System32\houwbikes.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(BitTorrent Inc.) C:\Users\Leo\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Users\Leo\Desktop\MMCE_Win32\MMCE_Win32.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Eraem Corniratu) C:\Users\Leo\AppData\Roaming\Caidgeol\duofipe.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(SumRando) C:\Program Files\SumRando\SumRando\misc\vpnmanagesvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [4047480 2012-11-30] (VIA)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Poxapacyfeufifp] => C:\Users\Leo\AppData\Roaming\Caidgeol\duofipe.exe [506021 2015-01-19] (Eraem Corniratu)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1450275544-2618891186-2311094483-1000\...\Run: [uTorrent] => C:\Users\Leo\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-26] (BitTorrent Inc.)
HKU\S-1-5-21-1450275544-2618891186-2311094483-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22027880 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1450275544-2618891186-2311094483-1000\...\Run: [IWsoft] => C:\Windows\System32\regsvr32.exe C:\Users\Leo\AppData\Local\IRPsoft\AecResUi.dll
HKU\S-1-5-21-1450275544-2618891186-2311094483-1000\...\Run: [Ihsoft] => regsvr32.exe
HKU\S-1-5-21-1450275544-2618891186-2311094483-1000\...\Run: [Poxapacyfeufifp] => C:\Users\Leo\AppData\Roaming\Caidgeol\duofipe.exe [506021 2015-01-19] (Eraem Corniratu)
HKU\S-1-5-21-1450275544-2618891186-2311094483-1000\...\MountPoints2: {91a28574-4180-11e4-bf2b-60a44cdf475d} - F:\MotorolaDeviceManagerSetup.exe -a
Startup: C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\インク警告のモニタ - HP Deskjet 2540 series.lnk
ShortcutTarget: インク警告のモニタ - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1450275544-2618891186-2311094483-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
HKU\S-1-5-21-1450275544-2618891186-2311094483-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1450275544-2618891186-2311094483-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\sslsp105.dll [74352] (SumRando)
Winsock: Catalog9 02 C:\Windows\system32\sslsp105.dll [74352] (SumRando)
Winsock: Catalog9 13 C:\Windows\system32\sslsp105.dll [74352] (SumRando)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{147C67F4-3D4D-4F0D-9845-E7648A9F78C9}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{55E7EBF0-7054-42A6-9383-633B375F607F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7E1C12FE-1419-4928-B1F3-4059F6623390}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{80DBF3EF-DEA8-4663-A701-187501955614}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{CEBE7659-585E-40D8-9567-A949B1AFCC86}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{F87B35A4-C658-4B00-A7C8-0E2E2629A7F7}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "https://www.google.com/webhp?hl=ja&tab=ww", "hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=BR&userid=72d0e35f-b5e0-4145-a6c0-dadde53df0e1&searchtype=hp&installDate={installDate}", "hxxp://start.search.us.com/v/2/?guid={E26A6A78-9B42-4C30-8DE2-A6351351F4FD}&serpv=5", "hxxp://www.google.com/", "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google ドキュメント) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-16]
CHR Extension: (Google ドライブ) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-16]
CHR Extension: (YouTube) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-16]
CHR Extension: (Google 検索) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-16]
CHR Extension: (AdBlock) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-17]
CHR Extension: (Pro-Video Yourtube) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgljllcjbmfeilimbnmmmlglnabhaeec [2014-11-02]
CHR Extension: (Random Background Color) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikglgnekadileanonnapmgkeklpgjifk [2014-04-17]
CHR Extension: (FVD Downloader) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-04-17]
CHR Extension: (Google ウォレット) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR Extension: (Greyscale) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm [2014-04-17]
CHR Extension: (Gmail) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-16]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [807672 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2014-04-16] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des [5132656 2013-10-22] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-11-16] ()
R2 SecurityCenterServer2262927480; C:\Users\Leo\AppData\Roaming\Caidgeol\duofipe.exe [506021 2015-01-19] (Eraem Corniratu) [File not signed]
R3 SumRandoVPNService; C:\Program Files\SumRando\SumRando\misc\vpnmanagesvc.exe [108144 2014-09-29] (SumRando)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-11-30] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-10-23] (Avira Operations GmbH & Co. KG)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 ICCWDT; C:\Windows\System32\DRIVERS\ICCWDT.sys [22040 2012-05-17] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy) [File not signed]
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [801896 2012-05-14] (Realtek Semiconductor Corporation                           )
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-10-23] (Avira GmbH)
R3 tun3326; C:\Windows\System32\DRIVERS\tun3326.sys [30392 2013-03-22] (The OpenVPN Project)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841784 2012-11-30] (VIA Technologies, Inc.)
S1 agnprrco; \??\C:\Windows\system32\drivers\agnprrco.sys [X]
S1 dbqchypc; \??\C:\Windows\system32\drivers\dbqchypc.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-19 03:12 - 2015-01-19 03:13 - 00016515 _____ () C:\Users\Leo\Desktop\FRST.txt
2015-01-19 03:12 - 2015-01-19 03:12 - 00000000 ____D () C:\Users\Leo\Desktop\FRST-OlderVersion
2015-01-19 03:07 - 2015-01-19 03:07 - 01118208 _____ (Farbar) C:\Users\Leo\Downloads\FRST (1).exe
2015-01-19 03:04 - 2015-01-19 03:05 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Caidgeol
2015-01-19 01:08 - 2015-01-19 01:08 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Avira
2015-01-19 01:06 - 2015-01-19 01:06 - 00002016 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-19 01:06 - 2015-01-19 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-19 01:05 - 2015-01-19 01:05 - 00000000 ____D () C:\Users\Todos os Usuários\Avira
2015-01-19 01:05 - 2015-01-19 01:05 - 00000000 ____D () C:\ProgramData\Avira
2015-01-19 01:05 - 2015-01-19 01:05 - 00000000 ____D () C:\Program Files\Avira
2015-01-19 01:05 - 2014-10-23 17:31 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-19 01:05 - 2014-10-23 17:31 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-19 01:05 - 2014-10-23 17:31 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-19 01:05 - 2014-10-23 17:31 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-19 01:05 - 2014-10-23 17:31 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2015-01-19 00:54 - 2015-01-19 00:56 - 170667456 _____ () C:\Users\Leo\Downloads\avira_antivirus_pro_jp.exe
2015-01-19 00:16 - 2015-01-19 03:00 - 00000796 _____ () C:\Windows\Tasks\Security Center Update - 2262927480.job
2015-01-19 00:16 - 2014-04-19 18:36 - 00506021 _____ (Eraem Corniratu) C:\Windows\system32\houwbikes.exe
2015-01-18 18:46 - 2015-01-18 18:46 - 00000028 _____ () C:\Users\Leo\Documents\無題.avi.sfl
2015-01-18 18:39 - 2015-01-18 18:55 - 38740573 _____ () C:\Users\Leo\Desktop\無題.mp4
2015-01-17 19:29 - 2015-01-17 19:29 - 00003536 ____N () C:\bootsqm.dat
2015-01-17 04:12 - 2015-01-17 04:12 - 00000000 ___HD () C:\Windows\PIF
2015-01-17 03:20 - 2015-01-17 03:20 - 02666167 _____ (Kephyr) C:\Users\Leo\Downloads\freefixersetup.exe
2015-01-17 02:17 - 2015-01-17 02:21 - 00038858 _____ () C:\Users\Leo\Downloads\Addition.txt
2015-01-17 02:15 - 2015-01-17 02:21 - 00027974 _____ () C:\Users\Leo\Downloads\FRST.txt
2015-01-17 02:14 - 2015-01-19 03:12 - 00000000 ____D () C:\FRST
2015-01-17 02:08 - 2015-01-19 03:12 - 01118208 _____ (Farbar) C:\Users\Leo\Desktop\FRST.exe
2015-01-17 00:10 - 2015-01-17 21:08 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Iqqupao
2015-01-16 15:29 - 2015-01-16 15:42 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2015-01-16 10:10 - 2015-01-16 10:10 - 04349451 _____ () C:\Users\Leo\Downloads\PakDecrypt_Warface.zip
2015-01-16 10:02 - 2015-01-16 10:02 - 00520681 _____ () C:\Users\Leo\Downloads\crysis_3_pak_extractor_gui (1).zip
2015-01-16 09:58 - 2015-01-16 09:58 - 00111104 _____ () C:\Users\Leo\Downloads\PakDecrypt.exe
2015-01-16 00:54 - 2015-01-16 00:54 - 00347816 _____ (Microsoft Corporation) C:\Users\Leo\Downloads\MicrosoftFixit.Performance.RNP.Run.exe
2015-01-15 23:11 - 2015-01-15 23:11 - 00520681 _____ () C:\Users\Leo\Downloads\crysis_3_pak_extractor_gui.zip
2015-01-15 14:40 - 2015-01-15 14:40 - 00895480 _____ (Microsoft Corporation) C:\Users\Leo\Downloads\mssstool32.exe
2015-01-15 00:08 - 2015-01-15 16:16 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Amdyvevy
2015-01-14 12:58 - 2015-01-14 12:58 - 00141824 _____ () C:\Users\Leo\AppData\Roaming\graduation.qsf
2015-01-14 01:19 - 2015-01-14 01:19 - 04376752 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-01-13 14:27 - 2015-01-18 21:00 - 00000020 _____ () C:\Windows\capsys184523.log
2015-01-12 23:23 - 2015-01-19 03:00 - 00000788 _____ () C:\Windows\Tasks\Security Center Update - 771136098.job
2015-01-12 23:23 - 2015-01-13 13:28 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Etikod
2015-01-12 17:47 - 2015-01-12 17:47 - 00109280 _____ () C:\Users\Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-12 17:46 - 2015-01-12 17:47 - 00409312 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-12 12:12 - 2015-01-19 01:22 - 00160212 _____ () C:\Windows\PFRO.log
2015-01-12 00:57 - 2015-01-19 01:22 - 00002287 _____ () C:\Windows\setupact.log
2015-01-12 00:57 - 2015-01-12 00:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 23:22 - 2015-01-11 23:22 - 31338232 _____ (NVIDIA Corporation) C:\Users\Leo\Downloads\GeForce_Experience_v2.1.5.0.exe
2015-01-11 22:44 - 2015-01-11 22:44 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-11 22:44 - 2015-01-11 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-11 22:44 - 2015-01-11 22:44 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-11 22:24 - 2015-01-11 22:24 - 05317104 _____ (Piriform Ltd) C:\Users\Leo\Downloads\ccsetup501.exe
2015-01-10 23:10 - 2015-01-19 03:00 - 00000784 _____ () C:\Windows\Tasks\Security Center Update - 414421255.job
2015-01-10 23:10 - 2015-01-11 18:24 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Saikyh
2015-01-09 13:45 - 2015-01-09 13:45 - 00015450 _____ () C:\6FA95B6D3AC901E9FBED83BC3CC8E5F2.rf
2015-01-09 13:45 - 2015-01-09 13:45 - 00003025 _____ () C:\stat.txt
2015-01-09 13:34 - 2015-01-09 13:34 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-09 12:15 - 2015-01-09 12:15 - 00011245 _____ () C:\Users\Leo\Downloads\p_rune_city.mid
2015-01-08 22:56 - 2015-01-09 09:30 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Ohvouv
2015-01-07 01:23 - 2015-01-07 01:23 - 00000000 __RSH () C:\MSDOS.SYS
2015-01-07 01:23 - 2015-01-07 01:23 - 00000000 __RSH () C:\IO.SYS
2015-01-06 18:38 - 2015-01-19 03:00 - 00000786 _____ () C:\Windows\Tasks\Security Center Update - 2381918981.job
2015-01-06 18:38 - 2015-01-07 12:25 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Kaehra
2015-01-06 18:04 - 2015-01-06 18:09 - 00589993 _____ () C:\Users\Leo\Desktop\Assassinato.pptx
2015-01-04 19:11 - 2015-01-05 14:47 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Anhyysnu
2014-12-21 11:16 - 2014-12-21 11:20 - 00000000 ____D () C:\Users\Leo\Downloads\からくりサーカス
2014-12-21 11:16 - 2014-12-21 11:16 - 00517409 _____ () C:\Users\Leo\Downloads\torrent.torrent
2014-12-21 11:07 - 2014-12-21 11:13 - 00000000 ____D () C:\Users\Leo\Downloads\(一般コミック) [藤崎竜] 封神演義 完全版
2014-12-21 11:07 - 2014-12-21 11:07 - 00052911 _____ () C:\Users\Leo\Downloads\(一般コミック)_[藤崎竜]_封神演義_完全版.torrent
2014-12-21 10:52 - 2015-01-19 01:22 - 00000000 ____D () C:\Users\Leo\AppData\Local\Ihsoft
2014-12-21 10:28 - 2015-01-06 20:49 - 00000000 ____D () C:\Users\Leo\AppData\Local\IRPsoft
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-19 03:12 - 2014-04-17 23:47 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\uTorrent
2015-01-19 03:06 - 2014-04-17 23:57 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\Skype
2015-01-19 02:37 - 2014-04-16 22:34 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 02:19 - 2014-04-16 23:52 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 01:30 - 2009-07-14 02:34 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 01:30 - 2009-07-14 02:34 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 01:26 - 2014-04-16 22:08 - 01785088 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 01:23 - 2014-04-20 15:28 - 00000000 ____D () C:\Users\Leo\AppData\Local\LogMeIn Hamachi
2015-01-19 01:22 - 2014-04-16 23:16 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2015-01-19 01:22 - 2014-04-16 23:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-19 01:22 - 2014-04-16 22:34 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 01:22 - 2009-07-14 02:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 01:04 - 2014-04-17 03:01 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-19 00:43 - 2014-12-12 14:00 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-01-19 00:22 - 2014-04-18 01:03 - 00000000 ____D () C:\Program Files\Steam
2015-01-17 20:57 - 2014-04-16 23:16 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA Corporation
2015-01-17 20:57 - 2014-04-16 23:16 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-17 20:57 - 2014-04-16 23:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-17 20:56 - 2014-05-29 00:06 - 00000000 ____D () C:\Users\Leo\AppData\Local\NVIDIA Corporation
2015-01-17 20:56 - 2014-05-29 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-17 00:32 - 2014-05-25 16:38 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\vlc
2015-01-16 15:40 - 2014-05-22 03:02 - 00000000 ____D () C:\Windows\AutoKMS
2015-01-16 09:51 - 2009-07-14 00:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-15 15:31 - 2014-04-17 14:01 - 00410872 _____ () C:\Windows\system32\perfh011.dat
2015-01-15 15:31 - 2014-04-17 14:01 - 00122198 _____ () C:\Windows\system32\perfc011.dat
2015-01-15 15:31 - 2014-04-16 22:13 - 02174762 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 15:31 - 2009-07-29 16:38 - 00707974 _____ () C:\Windows\system32\prfh0416.dat
2015-01-15 15:31 - 2009-07-29 16:38 - 00147754 _____ () C:\Windows\system32\prfc0416.dat
2015-01-15 00:03 - 2009-07-14 02:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 01:19 - 2014-04-16 23:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-14 01:19 - 2014-04-16 23:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-12 20:48 - 2014-12-12 19:52 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\TeamViewer
2015-01-12 00:34 - 2014-12-12 20:10 - 00000000 ____D () C:\Users\Leo\Desktop\ChapoLOG_V1.2.1
2015-01-11 23:13 - 2014-04-17 03:02 - 00000000 ____D () C:\Windows\Panther
2015-01-11 23:12 - 2014-04-19 02:02 - 00000000 ____D () C:\Windows\Minidump
2015-01-11 22:19 - 2014-11-25 22:48 - 00000000 ____D () C:\Users\Leo\Desktop\MMCE_Win32
2015-01-09 19:43 - 2014-05-28 22:42 - 00000000 ____D () C:\Users\Leo\AppData\Roaming\HpUpdate
2015-01-09 14:28 - 2014-09-21 05:13 - 00000912 _____ () C:\Users\Leo\Desktop\Pass.txt
2015-01-09 13:45 - 2014-07-07 07:53 - 00000000 ____D () C:\Users\Leo\AppData\Local\Mail.Ru
2015-01-08 09:55 - 2014-04-16 22:35 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 15:03 - 2014-08-12 21:16 - 00140360 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2015-01-06 15:02 - 2014-11-16 15:27 - 00283032 _____ () C:\Windows\system32\PnkBstrB.xtr
2015-01-06 15:02 - 2014-08-12 21:15 - 00283032 _____ () C:\Windows\system32\PnkBstrB.exe
2015-01-05 23:48 - 2014-09-25 23:24 - 00000000 ____D () C:\Users\Leo\Documents\Action!
2014-12-22 11:45 - 2014-05-23 21:44 - 00000000 ____D () C:\Users\Leo\.aria2
 
==================== Files in the root of some directories =======
2015-01-14 12:58 - 2015-01-14 12:58 - 0141824 _____ () C:\Users\Leo\AppData\Roaming\graduation.qsf
2014-08-12 21:16 - 2014-11-16 13:32 - 0138056 _____ () C:\Users\Leo\AppData\Roaming\PnkBstrK.sys
2014-10-19 10:52 - 2014-11-18 14:33 - 0023040 _____ () C:\Users\Leo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-28 22:40 - 2014-05-28 22:40 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\Leo\AppData\Local\Temp\avgnt.exe
C:\Users\Leo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Leo\AppData\Local\Temp\UpdateFlashPlayer_7afb9604.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 18:07
 
==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-01-2015 03
Ran by Leo at 2015-01-19 03:13:15
Running from C:\Users\Leo\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1450275544-2618891186-2311094483-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
9.03m (HKLM\...\Steam App 263100) (Version:  - Space Budgie)
Ace of Spades (HKLM\...\Steam App 224540) (Version:  - Jagex Limited)
Action! (HKLM\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Algodoo v2.1.0 (HKLM\...\Algodoo_is1) (Version:  - Algoryx)
Antivirus Pro (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher バージョン 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Blacklight: Retribution (HKLM\...\Steam App 209870) (Version:  - Zombie, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Color Suite v11.1.4 (HKLM\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)
Cosmic Osmo (HKLM\...\Steam App 63620) (Version:  - Cyan Worlds)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Craving Explorer Version 1.6.7 (HKLM\...\CravingExplorer_is1) (Version: 1.6.7.0 - T-Craft)
Cross Fire AL (HKLM\...\Cross Fire AL_is1) (Version:  - Z8Games.com)
Dino D-Day (HKLM\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
DivXセットアップ (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Doro 1.64 (HKLM\...\Doro_is1) (Version:  - CompSoft)
DriverEasy 4.6.7 (HKLM\...\DriverEasy_is1) (Version: 4.6.7.0 - Easeware)
Enclave (HKLM\...\Steam App 253980) (Version:  - Topware)
ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FormatFactory 3.3.5.0 (HKLM\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.35.0 - International GeoGebra Institute)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Half Minute Hero: Super Mega Neo Climax Ultimate Boy (HKLM\...\Steam App 214830) (Version:  - Opus )
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotline Miami (HKLM\...\Steam App 219150) (Version:  - Dennaton Games)
HP Deskjet 2540 series ベーシック デバイス ソフトウェア (HKLM\...\{74A86AA2-E907-413C-B79C-9AFEC2C54ED9}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP Deskjet 2540 series ヘルプ (HKLM\...\{1E794CA3-FA14-41C3-ABB1-3B7F4A4553AB}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Just Cause 2 (HKLM\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM\...\Steam App 259080) (Version:  - JC2-MP Team)
La-Mulana (HKLM\...\Steam App 230700) (Version:  - NIGORO)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Manhole (HKLM\...\Steam App 63630) (Version:  - Cyan Worlds)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (日本語) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0416-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mp3tag v2.59a (HKLM\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
MSI Afterburner 3.0.1 (HKLM\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
Myst V (HKLM\...\Steam App 208110) (Version:  - Cyan Worlds)
Myst: Masterpiece Edition (HKLM\...\Steam App 63660) (Version:  - Cyan Worlds)
NVIDIA 3D Vision コントローラー ドライバー 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision ドライバー 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD オーディオ ドライバー 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA グラフィックス ドライバー 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
Origin (HKLM\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM\...\Steam App 104900) (Version:  - Spiral Game Studios)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF4819}) (Version: 4.0.3 - dotPDN LLC)
PAYDAY: The Heist (HKLM\...\Steam App 24240) (Version:  - OVERKILL Software)
PegaJogo 3.0 (HKLM\...\{14FAA5DD-A6B2-4A7B-8960-4A30DC8D9D35}_is1) (Version:  - PegaJogo.com)
Platform (Version: 1.39 - VIA Technologies, Inc.) Hidden
PointBlank (HKU\S-1-5-21-1450275544-2618891186-2311094483-1000\...\PointBlank) (Version: 2.1.0 - Ongame S.A & Zepetto)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
REAPER (HKLM\...\REAPER) (Version:  - )
Red Giant Link (HKLM\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.8.100.5 - Red Giant, LLC)
RivaTuner Statistics Server 6.1.2 (HKLM\...\RTSS) (Version: 6.1.2 - Unwinder)
Scribblenauts Unlimited (HKLM\...\Steam App 218680) (Version:  - 5th Cell Media)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
SumRando (HKLM\...\SumRandoSumRando) (Version: 1.0.0.164 - SumRando)
Super Hexagon (HKLM\...\Steam App 221640) (Version:  - Terry Cavanagh)
Suporte para Aplicativos Apple (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
TP-LINK TL-WN821N Driver (HKLM\...\{26B52E5B-1620-4676-9B46-B6C56B8105CE}) (Version: 1.2.1 - TP-LINK)
Twixtor 6 for Vegas (HKLM\...\Twixtor 6 for Vegas) (Version:  - )
Universe Sandbox (HKLM\...\Steam App 72200) (Version:  - Giant Army)
Unturned (HKLM\...\Steam App 304930) (Version:  - Nelson Sexton)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 11.0 (HKLM\...\{6C384F8F-8DF1-11E1-A1ED-F04DA23A5C58}) (Version: 11.0.682 - Sony)
VIA Gerenciador de dispositivo de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
VVVVVV (HKLM\...\Steam App 70300) (Version:  - Terry Cavanagh)
Warface (HKLM\...\{094FAADD-5A39-4C64-911A-B4C9AD818484}_is1) (Version: 1.0.205.030 - Level Up! Games)
WinRAR 5.01 (32ビット) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
製品改善のための調査 HP Deskjet 2540 series (HKLM\...\{7FDEE5A3-9227-4F81-84BF-9B45637BB64E}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 00:04 - 2015-01-19 00:43 - 00001512 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
89.163.213.174 www.google-analytics.com.
89.163.213.174 google-analytics.com.
89.163.213.174 connect.facebook.net.
195.162.68.60 www.google-analytics.com.
195.162.68.60 google-analytics.com.
195.162.68.60 connect.facebook.net.
107.181.174.98 www.google-analytics.com.
107.181.174.98 google-analytics.com.
107.181.174.98 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0FD6F3DB-55AF-4FD5-ACA3-E994EF127B8F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {147EE7B0-7200-4F10-8AB0-87A2E3CFFDBF} - \Security Center Update - 2399285944 No Task File <==== ATTENTION
Task: {1ACB75A3-0150-4425-B36B-D7141AB3DA99} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {20D45BFB-5EE3-43F1-8EDF-FBCD9AF76089} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2014-04-02] (Easeware)
Task: {3D68CCFD-EAA1-419A-8CBD-7FCC901E0A18} - System32\Tasks\ASUS Patch for VIA Audio => C:\Windows\system32\AsPatchViaAudio.exe [2012-11-07] (ASUSTek Computer INC.)
Task: {5998C94E-C5A8-4EEF-990F-CA497AF3F5D8} - \Security Center Update - 2526307674 No Task File <==== ATTENTION
Task: {5F40C9EE-EA05-4B0B-8705-6065562C7BCE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {646AD3EB-F721-4D53-9E8B-E250322CB237} - System32\Tasks\Security Center Update - 771136098 => C:\Users\Leo\AppData\Roaming\Etikod\guuhnet.exe <==== ATTENTION
Task: {827351BC-CB75-4B31-B32F-9E572224F246} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)
Task: {8F9B33CB-0F77-4AAB-AE6B-80FAAB79526F} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe [2014-07-09] ()
Task: {996E30F2-E337-465D-9F67-371872A5A9EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {CF6FE6D3-9F1A-42AC-889B-7417A23467E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {D366A960-0D40-4623-82A6-2C25D1337A39} - System32\Tasks\Security Center Update - 414421255 => C:\Users\Leo\AppData\Roaming\Saikyh\antep.exe <==== ATTENTION
Task: {DE460DDA-17F3-4FF7-98A4-495019914FF6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DF199178-990C-4538-BD71-FF5C9FB08BC9} - \Security Center Update - 971741147 No Task File <==== ATTENTION
Task: {E2D5A34E-8CB0-445A-BDBF-B9A83C1D5EC0} - System32\Tasks\Security Center Update - 2262927480 => C:\Users\Leo\AppData\Roaming\Caidgeol\duofipe.exe [2015-01-19] (Eraem Corniratu) <==== ATTENTION
Task: {EF965844-B50A-4FE5-8D4C-2B4C414DE54F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {F7ABA56C-AD9E-4D42-AA9A-94692C13AEFE} - System32\Tasks\Security Center Update - 2381918981 => C:\Users\Leo\AppData\Roaming\Kaehra\zyemry.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 2262927480.job => C:\Users\Leo\AppData\Roaming\Caidgeol\duofipe.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 2381918981.job => C:\Users\Leo\AppData\Roaming\Kaehra\zyemry.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 414421255.job => C:\Users\Leo\AppData\Roaming\Saikyh\antep.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 771136098.job => C:\Users\Leo\AppData\Roaming\Etikod\guuhnet.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-16 23:16 - 2014-05-19 22:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-04-04 02:09 - 2013-04-04 02:09 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-12 21:15 - 2014-11-16 15:28 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-04-17 13:52 - 2012-11-30 18:55 - 00080504 ____R () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2014-04-17 13:52 - 2012-11-30 18:55 - 00113272 ____R () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2015-01-04 18:20 - 2015-01-04 18:20 - 01249792 _____ () C:\Users\Leo\AppData\Local\IRPsoft\AecResUi.dll
2014-11-25 22:48 - 2007-07-19 18:57 - 00712704 _____ () C:\Users\Leo\Desktop\MMCE_Win32\MMCE_Win32.exe
2014-11-25 22:48 - 2006-03-07 22:48 - 00811008 _____ () C:\Users\Leo\Desktop\MMCE_Win32\jpg.dll
2015-01-14 14:17 - 2015-01-08 22:35 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-14 14:17 - 2015-01-08 22:35 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-14 14:17 - 2015-01-08 22:35 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-14 14:17 - 2015-01-08 22:35 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DoroServer => C:\Program Files\DoroPDFWriter\DoroServer.exe
MSCONFIG\startupreg: Egbaigryleo => "C:\Users\Leo\AppData\Roaming\Etikod\guuhnet.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
========================= Accounts: ==========================
 
Administrador (S-1-5-21-1450275544-2618891186-2311094483-500 - Administrator - Disabled)
Convidado (S-1-5-21-1450275544-2618891186-2311094483-501 - Limited - Enabled)
Leo (S-1-5-21-1450275544-2618891186-2311094483-1000 - Administrator - Enabled) => C:\Users\Leo
 
==================== Faulty Device Manager Devices =============
 
Name: SM バス コントローラー
Description: SM バス コントローラー
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/18/2015 08:18:51 PM) (Source: MsiInstaller) (EventID: 1002) (User: Leo-PC)
Description: キー 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList' に予期しない値または値がないもの (名前: 'PackageName', 値: '') があります。
 
Error: (01/18/2015 07:41:24 PM) (Source: MsiInstaller) (EventID: 1002) (User: Leo-PC)
Description: キー 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList' に予期しない値または値がないもの (名前: 'PackageName', 値: '') があります。
 
Error: (01/18/2015 06:57:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 障害が発生しているアプリケーション名: vegas110.exe、バージョン: 11.0.0.682、タイム スタンプ: 0x4f9674c3
障害が発生しているモジュール名: unknown、バージョン: 0.0.0.0、タイム スタンプ: 0x00000000
例外コード: 0xc0000005
障害オフセット: 0x040408bc
障害が発生しているプロセス ID: 0x1270
障害が発生しているアプリケーションの開始時刻: 0xvegas110.exe0
障害が発生しているアプリケーション パス: vegas110.exe1
障害が発生しているモジュール パス: vegas110.exe2
レポート ID: vegas110.exe3
 
Error: (01/18/2015 06:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 障害が発生しているアプリケーション名: vegas110.exe、バージョン: 11.0.0.682、タイム スタンプ: 0x4f9674c3
障害が発生しているモジュール名: unknown、バージョン: 0.0.0.0、タイム スタンプ: 0x00000000
例外コード: 0xc0000005
障害オフセット: 0x040408bc
障害が発生しているプロセス ID: 0x1270
障害が発生しているアプリケーションの開始時刻: 0xvegas110.exe0
障害が発生しているアプリケーション パス: vegas110.exe1
障害が発生しているモジュール パス: vegas110.exe2
レポート ID: vegas110.exe3
 
Error: (01/18/2015 04:36:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: プログラム Action.exe バージョン 1.19.2.0 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション センター コントロール パネルで、問題の履歴をクリックしてください。
 
プロセス ID: 11d8
 
開始時刻: 01d0334c23c2faff
 
終了時刻: 12
 
アプリケーション パス: C:\Program Files\Mirillis\Action!\Action.exe
 
レポート ID: e0e08936-9f40-11e4-83b3-60a44cdf475d
 
Error: (01/18/2015 04:24:11 PM) (Source: MsiInstaller) (EventID: 1002) (User: Leo-PC)
Description: キー 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList' に予期しない値または値がないもの (名前: 'PackageName', 値: '') があります。
 
Error: (01/18/2015 01:25:26 AM) (Source: MsiInstaller) (EventID: 1002) (User: Leo-PC)
Description: キー 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList' に予期しない値または値がないもの (名前: 'PackageName', 値: '') があります。
 
Error: (01/17/2015 10:55:32 PM) (Source: MsiInstaller) (EventID: 1002) (User: Leo-PC)
Description: キー 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList' に予期しない値または値がないもの (名前: 'PackageName', 値: '') があります。
 
Error: (01/17/2015 10:52:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 障害が発生しているアプリケーション名: Dwm.exe、バージョン: 6.1.7600.16385、タイム スタンプ: 0x4a5bc225
障害が発生しているモジュール名: uDWM.dll、バージョン: 6.1.7600.16385、タイム スタンプ: 0x4a5bdb1c
例外コード: 0xc0000005
障害オフセット: 0x0000bd94
障害が発生しているプロセス ID: 0x718
障害が発生しているアプリケーションの開始時刻: 0xDwm.exe0
障害が発生しているアプリケーション パス: Dwm.exe1
障害が発生しているモジュール パス: Dwm.exe2
レポート ID: Dwm.exe3
 
Error: (01/17/2015 09:56:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: プログラム Action.exe バージョン 1.19.2.0 は Windows との対話を停止し、終了しました。問題に関する詳細な情報があるかどうかを確認するには、アクション センター コントロール パネルで、問題の履歴をクリックしてください。
 
プロセス ID: 660
 
開始時刻: 01d032b0d5e5e51f
 
終了時刻: 16
 
アプリケーション パス: C:\Program Files\Mirillis\Action!\Action.exe
 
レポート ID: 706e8107-9ea4-11e4-bee9-60a44cdf475d
 
 
System errors:
=============
Error: (01/19/2015 01:22:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: 以前のシステム シャットダウン ( ‎19/‎01/‎2015 01:20:31) は予期されていませんでした。
 
Error: (01/19/2015 00:30:29 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %%8604.5.0216.0{D6E6CADF-DBE9-4B55-8745-2EA81B348BDA}2015-01-19T00:10:30.903Z2147636560Virus:Win32/Ramnit.A5Grave42Vírushttp://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.A&threatid=214763656010252%%820UnknownAUTORIDADE NT\SISTEMAcontainerfile:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30;file:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30->LNZ_CLIENTE\ApexFrameworkCHECKED_x86.dll1%%8450%%8120%%82201%%8100x8007065eNão há suporte para este tipo de dados. 00No additional actions requiredAUTORIDADE NT\SISTEMAAV: 1.191.2659.0, AS: 1.191.2659.0, NIS: 113.58.0.0AM: 1.1.11302.0, NIS: 2.1.11005.0
 
Error: (01/19/2015 00:30:29 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %%8604.5.0216.0{EB02509B-171D-4B33-AAC0-F94DFF7B72A3}2015-01-19T00:10:30.903Z2147636560Virus:Win32/Ramnit.A5Grave42Vírushttp://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.A&threatid=214763656010252%%820UnknownAUTORIDADE NT\SISTEMAcontainerfile:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30;file:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30->LNZ_CLIENTE\APEX_Common_LegacyPROFILE_x86.dll1%%8450%%8120%%82201%%8100x8007065eNão há suporte para este tipo de dados. 00No additional actions requiredAUTORIDADE NT\SISTEMAAV: 1.191.2659.0, AS: 1.191.2659.0, NIS: 113.58.0.0AM: 1.1.11302.0, NIS: 2.1.11005.0
 
Error: (01/19/2015 00:30:29 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %%8604.5.0216.0{029206D9-ACEB-46AE-A9E7-229861ECBDF3}2015-01-19T00:10:30.903Z2147636560Virus:Win32/Ramnit.A5Grave42Vírushttp://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.A&threatid=214763656010252%%820UnknownAUTORIDADE NT\SISTEMAcontainerfile:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30;file:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30->LNZ_CLIENTE\APEX_Framework_LegacyPROFILE_x86.dll1%%8450%%8120%%82201%%8100x8007065eNão há suporte para este tipo de dados. 00No additional actions requiredAUTORIDADE NT\SISTEMAAV: 1.191.2659.0, AS: 1.191.2659.0, NIS: 113.58.0.0AM: 1.1.11302.0, NIS: 2.1.11005.0
 
Error: (01/19/2015 00:30:29 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %%8604.5.0216.0{4995F028-D2BE-426C-9B62-D3FC567A9DB1}2015-01-19T00:10:30.903Z2147636560Virus:Win32/Ramnit.A5Grave42Vírushttp://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.A&threatid=214763656010252%%820UnknownAUTORIDADE NT\SISTEMAcontainerfile:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30;file:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30->LNZ_CLIENTE\berkelium.dll1%%8450%%8120%%82201%%8100x8007065eNão há suporte para este tipo de dados. 00No additional actions requiredAUTORIDADE NT\SISTEMAAV: 1.191.2659.0, AS: 1.191.2659.0, NIS: 113.58.0.0AM: 1.1.11302.0, NIS: 2.1.11005.0
 
Error: (01/19/2015 00:30:29 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %%8604.5.0216.0{476E1BB9-24CD-4ADE-85A6-DBEB00E9F850}2015-01-19T00:10:30.903Z2147636560Virus:Win32/Ramnit.A5Grave42Vírushttp://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.A&threatid=214763656010252%%820UnknownAUTORIDADE NT\SISTEMAcontainerfile:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30;file:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30->LNZ_CLIENTE\berkelium.exe1%%8450%%8120%%82201%%8100x8007065eNão há suporte para este tipo de dados. 00No additional actions requiredAUTORIDADE NT\SISTEMAAV: 1.191.2659.0, AS: 1.191.2659.0, NIS: 113.58.0.0AM: 1.1.11302.0, NIS: 2.1.11005.0
 
Error: (01/19/2015 00:30:29 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %%8604.5.0216.0{484C914C-7532-412B-BD53-B13132F30A2C}2015-01-19T00:10:30.903Z2147636560Virus:Win32/Ramnit.A5Grave42Vírushttp://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.A&threatid=214763656010252%%820UnknownAUTORIDADE NT\SISTEMAcontainerfile:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30;file:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30->LNZ_CLIENTE\CrashSender1301.exe1%%8450%%8120%%82201%%8100x8007065eNão há suporte para este tipo de dados. 00No additional actions requiredAUTORIDADE NT\SISTEMAAV: 1.191.2659.0, AS: 1.191.2659.0, NIS: 113.58.0.0AM: 1.1.11302.0, NIS: 2.1.11005.0
 
Error: (01/19/2015 00:30:29 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %%8604.5.0216.0{F7839CCB-DC5C-4A0E-ACBD-B8681530E6FC}2015-01-19T00:10:30.903Z2147636560Virus:Win32/Ramnit.A5Grave42Vírushttp://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.A&threatid=214763656010252%%820UnknownAUTORIDADE NT\SISTEMAcontainerfile:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30;file:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30->LNZ_CLIENTE\d3d11x.dll1%%8450%%8120%%82201%%8100x8007065eNão há suporte para este tipo de dados. 00No additional actions requiredAUTORIDADE NT\SISTEMAAV: 1.191.2659.0, AS: 1.191.2659.0, NIS: 113.58.0.0AM: 1.1.11302.0, NIS: 2.1.11005.0
 
Error: (01/19/2015 00:30:29 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %%8604.5.0216.0{BC56E184-F284-439A-9CA2-A64977E7E40B}2015-01-19T00:10:30.903Z2147636560Virus:Win32/Ramnit.A5Grave42Vírushttp://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.A&threatid=214763656010252%%820UnknownAUTORIDADE NT\SISTEMAcontainerfile:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30;file:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30->LNZ_CLIENTE\fmodex.dll1%%8450%%8120%%82201%%8100x8007065eNão há suporte para este tipo de dados. 00No additional actions requiredAUTORIDADE NT\SISTEMAAV: 1.191.2659.0, AS: 1.191.2659.0, NIS: 113.58.0.0AM: 1.1.11302.0, NIS: 2.1.11005.0
 
Error: (01/19/2015 00:30:29 AM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %%8604.5.0216.0{5C26810D-DC6C-4606-BDE8-BF876FD9C7D9}2015-01-19T00:10:30.902Z2147636560Virus:Win32/Ramnit.A5Grave42Vírushttp://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Ramnit.A&threatid=214763656010252%%820UnknownAUTORIDADE NT\SISTEMAcontainerfile:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30;file:_C:\Users\Leo\Downloads\LNZ_CLIENTE.rarCA2DFB30->LNZ_CLIENTE\fmod_event_net.dll1%%8450%%8120%%82201%%8100x8007065eNão há suporte para este tipo de dados. 00No additional actions requiredAUTORIDADE NT\SISTEMAAV: 1.191.2659.0, AS: 1.191.2659.0, NIS: 113.58.0.0AM: 1.1.11302.0, NIS: 2.1.11005.0
 
 
Microsoft Office Sessions:
=========================
Error: (01/18/2015 08:18:51 PM) (Source: MsiInstaller) (EventID: 1002) (User: Leo-PC)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)
 
Error: (01/18/2015 07:41:24 PM) (Source: MsiInstaller) (EventID: 1002) (User: Leo-PC)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)
 
Error: (01/18/2015 06:57:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vegas110.exe11.0.0.6824f9674c3unknown0.0.0.000000000c0000005040408bc127001d0335c223b3848C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exeunknowna3816038-9f54-11e4-83b3-60a44cdf475d
 
Error: (01/18/2015 06:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vegas110.exe11.0.0.6824f9674c3unknown0.0.0.000000000c0000005040408bc127001d0335c223b3848C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exeunknown9157e8d4-9f54-11e4-83b3-60a44cdf475d
 
Error: (01/18/2015 04:36:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Action.exe1.19.2.011d801d0334c23c2faff12C:\Program Files\Mirillis\Action!\Action.exee0e08936-9f40-11e4-83b3-60a44cdf475d
 
Error: (01/18/2015 04:24:11 PM) (Source: MsiInstaller) (EventID: 1002) (User: Leo-PC)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)
 
Error: (01/18/2015 01:25:26 AM) (Source: MsiInstaller) (EventID: 1002) (User: Leo-PC)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)
 
Error: (01/17/2015 10:55:32 PM) (Source: MsiInstaller) (EventID: 1002) (User: Leo-PC)
Description: PackageNameHKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList(NULL)(NULL)(NULL)
 
Error: (01/17/2015 10:52:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dwm.exe6.1.7600.163854a5bc225uDWM.dll6.1.7600.163854a5bdb1cc00000050000bd9471801d032aa94eed056C:\Windows\system32\Dwm.exeC:\Windows\system32\uDWM.dll525ff06f-9eac-11e4-bee9-60a44cdf475d
 
Error: (01/17/2015 09:56:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Action.exe1.19.2.066001d032b0d5e5e51f16C:\Program Files\Mirillis\Action!\Action.exe706e8107-9ea4-11e4-bee9-60a44cdf475d
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 50%
Total physical RAM: 3547.98 MB
Available physical RAM: 1763.72 MB
Total Pagefile: 7094.25 MB
Available Pagefile: 5108.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1839.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:548.2 GB) NTFS
Drive d: (WDO_Media32) (CDROM) (Total:0.26 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9BE3E660)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:20 AM

Posted 19 January 2015 - 11:08 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:20 AM

Posted 23 January 2015 - 09:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users