ComboFix 13-06-28.02 - Patko . 06. 2013 20:04:30.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.6121.4123 [GMT 2:00]
Running from: c:\users\Patko\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\sXe Injected\ddsxei.sys
c:\program files (x86)\sXe Injected\sXe-I EULA.txt
c:\program files (x86)\sXe Injected\sXe Injected Pagina principal.url
c:\program files (x86)\sXe Injected\sXe Injected.exe
c:\program files (x86)\sXe Injected\sxe.dll
c:\program files (x86)\sXe Injected\uninstall.exe
c:\programdata\FullRemove.exe
c:\users\Patko\AppData\Local\TempInstallMonetizer.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\bin\AdminServer.dll
c:\windows\SysWow64\bin\avcodec-52.dll
c:\windows\SysWow64\bin\avformat-52.dll
c:\windows\SysWow64\bin\avutil-50.dll
c:\windows\SysWow64\bin\basehaptics.txt
c:\windows\SysWow64\bin\binkw32.dll
c:\windows\SysWow64\bin\bsppack.dll
c:\windows\SysWow64\bin\bugreporter.dll
c:\windows\SysWow64\bin\bugreporter_filequeue.dll
c:\windows\SysWow64\bin\bugreporter_public.dll
c:\windows\SysWow64\bin\datacache.dll
c:\windows\SysWow64\bin\datamodel.dll
c:\windows\SysWow64\bin\dedicated.dll
c:\windows\SysWow64\bin\dmserializers.dll
c:\windows\SysWow64\bin\dxsupport.cfg
c:\windows\SysWow64\bin\dxsupport.csv
c:\windows\SysWow64\bin\dxsupport_episodic.cfg
c:\windows\SysWow64\bin\dxsupport_sp.cfg
c:\windows\SysWow64\bin\engine.dll
c:\windows\SysWow64\bin\FileSystem_Steam.dll
c:\windows\SysWow64\bin\FileSystemOpenDialog.dll
c:\windows\SysWow64\bin\friendsui.dll
c:\windows\SysWow64\bin\GameUI.dll
c:\windows\SysWow64\bin\haptics.dll
c:\windows\SysWow64\bin\icudt42.dll
c:\windows\SysWow64\bin\inputsystem.dll
c:\windows\SysWow64\bin\launcher.dll
c:\windows\SysWow64\bin\libcef.dll
c:\windows\SysWow64\bin\libcurl.dll
c:\windows\SysWow64\bin\libgcc_s.so.1
c:\windows\SysWow64\bin\libsasl.dll
c:\windows\SysWow64\bin\MaterialSystem.dll
c:\windows\SysWow64\bin\mdllib.dll
c:\windows\SysWow64\bin\Mss32.dll
c:\windows\SysWow64\bin\mssmp3.asi
c:\windows\SysWow64\bin\mssvoice.asi
c:\windows\SysWow64\bin\msvcr71.dll
c:\windows\SysWow64\bin\parsifal.dll
c:\windows\SysWow64\bin\rdmwin32.dll
c:\windows\SysWow64\bin\replay.dll
c:\windows\SysWow64\bin\scenefilecache.dll
c:\windows\SysWow64\bin\sdkenginetools.txt
c:\windows\SysWow64\bin\ServerBrowser.dll
c:\windows\SysWow64\bin\serverplugin_empty.dll
c:\windows\SysWow64\bin\shaderapidx9.dll
c:\windows\SysWow64\bin\shaderapiempty.dll
c:\windows\SysWow64\bin\sixense.dll
c:\windows\SysWow64\bin\sixense_utils.dll
c:\windows\SysWow64\bin\SoundEmitterSystem.dll
c:\windows\SysWow64\bin\soundsystem.dll
c:\windows\SysWow64\bin\stats.bin
c:\windows\SysWow64\bin\stdshader_dbg.dll
c:\windows\SysWow64\bin\stdshader_dx6.dll
c:\windows\SysWow64\bin\stdshader_dx7.dll
c:\windows\SysWow64\bin\stdshader_dx8.dll
c:\windows\SysWow64\bin\stdshader_dx9.dll
c:\windows\SysWow64\bin\Steam.dll
c:\windows\SysWow64\bin\Steam\mss32_s.dll
c:\windows\SysWow64\bin\Steam\Steam.dll
c:\windows\SysWow64\bin\Steam\steamclient.dll
c:\windows\SysWow64\bin\Steam\tier0_s.dll
c:\windows\SysWow64\bin\Steam\vstdlib_s.dll
c:\windows\SysWow64\bin\steam_api.dll
c:\windows\SysWow64\bin\steamclient.dll
c:\windows\SysWow64\bin\StudioRender.dll
c:\windows\SysWow64\bin\texturecompile_dll.dll
c:\windows\SysWow64\bin\tier0.dll
c:\windows\SysWow64\bin\tier0_s.dll
c:\windows\SysWow64\bin\tools\commedit.dll
c:\windows\SysWow64\bin\tools\pet.dll
c:\windows\SysWow64\bin\tools\vmt.dll
c:\windows\SysWow64\bin\unicode.dll
c:\windows\SysWow64\bin\unicows.dll
c:\windows\SysWow64\bin\unitlib.dll
c:\windows\SysWow64\bin\valve_avi.dll
c:\windows\SysWow64\bin\valve_bink.dll
c:\windows\SysWow64\bin\vaudio_miles.dll
c:\windows\SysWow64\bin\vaudio_speex.dll
c:\windows\SysWow64\bin\vgui2.dll
c:\windows\SysWow64\bin\vguimatsurface.dll
c:\windows\SysWow64\bin\vidcfg.bin
c:\windows\SysWow64\bin\video_bink.dll
c:\windows\SysWow64\bin\video_quicktime.dll
c:\windows\SysWow64\bin\video_services.dll
c:\windows\SysWow64\bin\vphysics.dll
c:\windows\SysWow64\bin\vstdlib.dll
c:\windows\SysWow64\bin\vstdlib_s.dll
c:\windows\SysWow64\bin\vtex.dll
c:\windows\SysWow64\bin\vtex_dll.dll
c:\windows\SysWow64\bin\xinput1_3.dll
c:\windows\SysWow64\regsvr.exe
c:\windows\SysWow64\RpcRtcom.dat.dll
c:\windows\SysWow64\sqlcom.dat.dll
c:\windows\SysWow64\UIAcom.dat.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DCService.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-28 to 2013-06-29 )))))))))))))))))))))))))))))))
.
.
2013-06-29 18:29 . 2013-06-29 18:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-29 18:29 . 2013-06-29 18:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-29 17:36 . 2013-06-29 17:36 -------- d-----w- c:\users\Patko\AppData\Local\NVIDIA
2013-06-28 18:50 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E843CCA9-2F86-4ABD-BBF5-AD99F0D8FB93}\mpengine.dll
2013-06-24 18:30 . 2013-06-26 17:45 -------- d-----w- c:\program files (x86)\trend micro
2013-06-24 14:55 . 2013-06-24 14:55 -------- d-----w- c:\program files\ESET
2013-06-18 18:18 . 2013-06-18 18:18 -------- d-----w- c:\program files (x86)\Handmark
2013-06-18 17:58 . 2013-06-18 17:58 -------- d-----w- C:\Downloads
2013-06-15 17:35 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-15 17:21 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-15 16:31 . 2009-11-02 10:16 33736 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2013-06-15 16:31 . 2009-06-09 13:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-06-15 16:31 . 2013-06-15 16:31 -------- d-----w- c:\programdata\HTC
2013-06-06 18:28 . 2013-06-29 17:28 -------- d-----w- c:\windows\system32\catroot2
2013-06-06 18:01 . 2013-06-06 18:21 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2013-06-06 15:32 . 2013-06-06 15:32 -------- d-----w- C:\ERDNT
2013-06-06 15:32 . 2013-06-06 15:32 -------- d-----w- c:\windows\ERUNT
2013-06-06 15:32 . 2013-06-06 15:32 -------- d-----w- C:\!FixIEDef
2013-06-04 19:11 . 2013-06-04 19:11 -------- d-----w- c:\windows\SysWow64\RTCOM
2013-06-04 19:09 . 2000-01-01 00:00 2533952 ----a-w- c:\windows\system32\FMAPO64.dll
2013-06-04 19:09 . 2000-01-01 00:00 202336 ----a-w- c:\windows\system32\AERTAC64.dll
2013-06-04 19:09 . 2000-01-01 00:00 108640 ----a-w- c:\windows\system32\AERTAR64.dll
2013-06-04 19:09 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-06-04 18:49 . 2013-06-24 13:41 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-06-04 18:49 . 2013-06-04 18:49 -------- d-----w- c:\users\Patko\AppData\Local\SlimWare Utilities Inc
2013-06-03 14:44 . 2013-06-03 14:44 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4zEI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-29 15:05 . 2013-05-27 10:21 2560 ----a-w- c:\windows\system32\thunk.dll
2013-06-29 15:05 . 2013-05-27 10:21 1024 ----a-w- c:\windows\SysWow64\thunk.dll
2013-06-15 18:33 . 2012-04-19 08:58 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-15 18:33 . 2011-10-01 12:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-15 17:36 . 2011-09-18 07:13 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-12 21:42 . 2013-03-29 17:23 15143904 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-05-12 21:42 . 2010-10-29 07:54 2935696 ----a-w- c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2010-10-29 07:54 15910736 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-05-12 20:34 . 2011-03-06 05:44 6491936 ----a-w- c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2011-03-06 05:44 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2011-03-06 05:45 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2011-03-06 05:45 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2010-10-29 11:38 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2011-03-06 05:45 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-05-12 13:43 . 2013-05-12 13:43 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-05-11 13:28 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-08-30 10:35 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-27 17:50 . 2013-01-02 08:37 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-04-27 17:48 . 2013-01-02 08:37 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-04-13 05:49 . 2013-05-15 10:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 10:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 10:14 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 10:14 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 10:14 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 10:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 14:53 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 10:16 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 10:16 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 10:04 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-06 11:29 . 2013-04-06 11:29 11867 ----a-w- c:\users\Patko\AppData\Roaming\TheHunterSettings_live.bin
2013-04-04 03:35 . 2013-04-19 17:18 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"DAEMON Tools Lite"="d:\programy\Daemon tools\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-06-04 3456080]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE" [2013-03-11 773496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-04-17 3058304]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-19 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R1 dxapi2k;dxapi2k;c:\windows\system32\drivers\dxapi2k.sys;c:\windows\SYSNATIVE\drivers\dxapi2k.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 18:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2010-10-08 92968]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 2392360]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12503184]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{4AC70919-C9B2-4DBE-AC3D-AEF41F4C3600}: NameServer = 217.73.17.2,217.73.16.2
FF - ProfilePath - c:\users\Patko\AppData\Roaming\Mozilla\Firefox\Profiles\ozslt10r.default\
FF - prefs.js: browser.startup.homepage - hxxps://
www.google.sk
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Java - c:\users\Patko\AppData\Roaming\Mining\tswagbidon.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-DAEMON Tools Lite - d:\programy\Daemon tools\DAEMON Tools Lite\uninst.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-Samsung CLX-3180 Series - c:\program files (x86)\Samsung\Samsung CLX-3180 Series\Setup\Setup.exe
AddRemove-sXe_Injected - c:\program files (x86)\sXe Injected\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3137577129-644884803-1606898962-1000\Software\SecuROM\License information*]
"datasecu"=hex:7f,dc,97,8e,58,90,9c,f8,af,59,04,89,d5,72,b5,8a,37,19,cd,cd,37,
df,21,e8,c3,ef,4c,b1,83,30,37,fe,c5,46,7a,65,5b,da,c0,73,dd,7a,62,c1,37,85,\
"rkeysecu"=hex:5e,fb,d6,62,d6,e4,6b,f3,6f,6c,12,7d,9a,d8,52,76
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-29 20:31:20
ComboFix-quarantined-files.txt 2013-06-29 18:31
.
Pre-Run: 115 745 107 968 bytes free
Post-Run: 115 112 296 448 bytes free
.
- - End Of File - - 63606BCBF73858667F1860A22F652D90
D41D8CD98F00B204E9800998ECF8427E
