Combo Fix

ComboFix 13-06-13.01 - Dragan 14-Jun-13 21:58:39.1.
4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4093.2572 [GMT 2:00]
Running from: c:\users\Dragan\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47
CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A0567233
66C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\windows\~de74bc.tmp
c:\windows\~df394b.tmp
c:\windows\jestertb.dll
c:\windows\n.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\Dvbpws.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\XSxS
D:\install.exe
.
---- Previous Run ------.
c:\users\Dragan\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecur
eRT.dll
c:\windows\jestertb.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Dvbpws.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\TEMP\logishrd\LVPrcInj04.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-14 to 2013-06-14 )))))))
))))))))))))))))))))))))
.
.
2013-06-14 20:19 . 2013-06-14 20:19
-------d-----wc:\users
\Default\AppData\Local\temp
2013-06-14 20:02 . 2013-06-14 20:02
76232 ----a-wc:\programdata\M
icrosoft\Windows Defender\Definition Updates\{E9F5F0E1-781C-4E97-B157-22435EB4C2
F4}\offreg.dll
2013-06-11 09:55 . 2013-06-11 09:55
-------d-----wc:\progr
amdata\ATI
2013-06-11 09:55 . 2013-06-11 09:55
-------d-----wc:\progr
am files (x86)\AMD AVT
2013-06-11 09:55 . 2013-06-11 09:55
-------d-----wc:\progr
am files (x86)\Common Files\ATI Technologies
2013-06-11 09:51 . 2013-06-11 09:51
-------d-----wc:\progr
am files\Common Files\ATI Technologies
2013-06-11 09:51 . 2013-06-11 09:51
-------d-----wc:\progr
am files (x86)\ATI Technologies
2013-06-11 09:50 . 2013-06-11 09:50
-------d-----wc:\progr
amdata\Package Cache
2013-06-11 09:30 . 2013-06-11 09:55
-------d-----wc:\progr
am files\ATI Technologies
2013-06-11 09:30 . 2013-06-11 09:30
-------d-----wc:\progr
am files\ATI
2013-06-11 09:29 . 2013-06-11 09:49
-------d-----wC:\AMD
2013-06-05 21:08 . 2013-06-10 21:03
-------d-----wc:\progr
am files (x86)\Ace Translator
2013-06-05 20:52 . 2013-06-05 20:52
-------d-----wc:\users
\Dragan\AppData\Local\Apple Computer
2013-06-04 23:12 . 2013-06-04 23:12
78432 ----a-wc:\windows\syste
m32\atimpc64.dll
2013-06-04 23:12 . 2013-06-04 23:12
m32\amdpcom64.dll
2013-06-04 23:12 . 2013-06-04 23:12
71704 ----a-wc:\windows\SysWo
w64\atimpc32.dll
2013-06-04 23:12 . 2013-06-04 23:12
w64\amdpcom32.dll
2013-06-04 23:12 . 2013-06-04 23:12
w64\atiuxpag.dll
2013-06-04 23:11 . 2013-06-04 23:11
w64\atidxx32.dll
2013-06-04 23:11 . 2013-06-04 23:11
m32\atiumd6a.dll
2013-06-04 23:11 . 2013-06-04 23:11
m32\atiumd64.dll
2013-06-04 23:09 . 2013-06-04 23:09

ws\system32\drivers\atikmdag.sys
2013-06-04 22:51 . 2013-06-04 22:51
m32\clinfo.exe
2013-06-04 22:51 . 2013-06-04 22:51
m32\amdocl_as64.exe
2013-06-04 22:51 . 2013-06-04 22:51
m32\amdocl_ld64.exe
2013-06-04 22:51 . 2013-06-04 22:51
w64\amdocl_as32.exe
2013-06-04 22:51 . 2013-06-04 22:51
w64\amdocl_ld32.exe
2013-06-04 22:51 . 2013-06-04 22:51
m32\OpenVideo64.dll
2013-06-04 22:50 . 2013-06-04 22:50
w64\OpenVideo.dll
2013-06-04 22:50 . 2013-06-04 22:50
m32\OVDecode64.dll
2013-06-04 22:50 . 2013-06-04 22:50
w64\OVDecode.dll
2013-06-04 22:50 . 2013-06-04 22:50
ws\system32\amdocl64.dll
2013-06-04 22:48 . 2013-06-04 22:48
ws\SysWow64\amdocl.dll
2013-06-04 22:46 . 2013-06-04 22:46
m32\OpenCL.dll
2013-06-04 22:46 . 2013-06-04 22:46
w64\OpenCL.dll
2013-06-04 22:33 . 2013-06-04 22:33
ws\system32\atio6axx.dll
2013-06-04 22:27 . 2013-06-04 22:27
m32\atiapfxx.exe
2013-06-04 22:25 . 2013-06-04 22:25
m32\aticalrt64.dll
2013-06-04 22:25 . 2013-06-04 22:25
w64\aticalrt.dll
2013-06-04 22:25 . 2013-06-04 22:25
m32\aticalcl64.dll
2013-06-04 22:25 . 2013-06-04 22:25
w64\aticalcl.dll
2013-06-04 22:25 . 2013-06-04 22:25
m32\coinst_13.101.dll
2013-06-04 22:24 . 2013-06-04 22:24
ws\system32\aticaldd64.dll
2013-06-04 22:20 . 2013-06-04 22:20
ws\SysWow64\aticaldd.dll
2013-06-04 22:13 . 2013-06-04 22:13
ws\SysWow64\atioglxx.dll
2013-06-04 22:03 . 2013-06-04 22:03
m32\atidemgy.dll
2013-06-04 22:03 . 2013-06-04 22:03
m32\atimuixx.dll
2013-06-04 22:03 . 2013-06-04 22:03
m32\atieclxx.exe
2013-06-04 22:02 . 2013-06-04 22:02
m32\atiesrxx.exe
2013-06-04 22:00 . 2013-06-04 22:00
m32\atitmm64.dll
2013-06-04 22:00 . 2013-06-04 22:00
m32\atiedu64.dll
11833856
----a-w-
c:\windo
229376 ----a-w-
c:\windows\syste
1187342 ----a-w-
c:\windows\syste
1061902 ----a-w-
c:\windows\syste
995342 ----a-w-
c:\windows\SysWo
798734 ----a-w-
c:\windows\SysWo
98304
----a-w-
c:\windows\syste
82944
----a-w-
c:\windows\SysWo
86016
----a-w-
c:\windows\syste
72704
----a-w-
c:\windows\SysWo
27800576
----a-w-
c:\windo
23421440
----a-w-
c:\windo
63488
----a-w-
c:\windows\syste
57344
----a-w-
c:\windows\SysWo
24250880
----a-w-
c:\windo
368640 ----a-w-
c:\windows\syste
51200
----a-w-
c:\windows\syste
46080
----a-w-
c:\windows\SysWo
44544
----a-w-
c:\windows\syste
44032
----a-w-
c:\windows\SysWo
118784 ----a-w-
c:\windows\syste
16082944
----a-w-
c:\windo
13703168
----a-w-
c:\windo
19906560
----a-w-
c:\windo
442368 ----a-w-
c:\windows\syste
26112
----a-w-
c:\windows\syste
562688 ----a-w-
c:\windows\syste
241152 ----a-w-
c:\windows\syste
120320 ----a-w-
c:\windows\syste
59392
c:\windows\syste
----a-w-
2013-06-04 22:00 . 2013-06-04 22:00

w64\ati2edxx.dll
2013-06-04 21:35 . 2013-06-04 21:35
m32\atiadlxx.dll
2013-06-04 21:35 . 2013-06-04 21:35
w64\atiadlxy.dll
2013-06-04 21:35 . 2013-06-04 21:35
m32\atig6pxx.dll
2013-06-04 21:35 . 2013-06-04 21:35
w64\atiglpxx.dll
2013-06-04 21:35 . 2013-06-04 21:35
m32\atiglpxx.dll
2013-06-04 21:35 . 2013-06-04 21:35
m32\atig6txx.dll
2013-06-04 21:35 . 2013-06-04 21:35
w64\atigktxx.dll
2013-06-04 21:35 . 2013-06-04 21:35
m32\drivers\atikmpag.sys
2013-06-04 21:31 . 2013-06-04 21:31
m32\drivers\ati2erec.dll
2013-06-04 21:15 . 2013-06-04 21:15
-------d-----wc:\users
\Dragan\AppData\Local\Apple
2013-06-04 21:15 . 2013-06-04 21:15
-------d-----wc:\progr
am files (x86)\Apple Software Update
2013-06-04 21:15 . 2013-06-04 21:15
-------d-----wc:\progr
amdata\Apple
2013-06-04 21:12 . 1994-09-21 00:00
w64\WING32.DLL
2013-06-04 21:12 . 2013-06-04 21:12
-------d-----wc:\progr
am files (x86)\DK Multimedia
2013-06-02 20:47 . 2013-06-02 20:47
-------d-----wc:\users
\Dragan\AppData\Roaming\Media Player Classic
2013-06-02 20:27 . 2011-12-07 17:32
w64\lagarith.dll
2013-06-02 20:27 . 2013-03-17 16:21
w64\x264vfw.dll
2013-06-02 20:27 . 2011-06-24 14:44
w64\xvidvfw.dll
2013-06-02 20:27 . 2011-06-24 14:28
w64\xvidcore.dll
2013-06-02 20:27 . 2011-12-21 17:14
w64\ac3acm.acm
2013-06-02 20:27 . 2013-05-31 18:00
w64\ff_vfw.dll
2013-05-31 16:23 . 2013-05-31 16:23
-------d-----wc:\users
\Dragan\AppData\Local\Fire Hose Games
2013-05-30 20:00 . 2013-05-30 20:04
w64\FlashPlayerCPLApp.cpl
2013-05-30 20:00 . 2013-05-30 20:04
w64\FlashPlayerApp.exe
2013-05-29 10:51 . 2013-05-29 10:51
-------d-----wc:\users
\Default\AppData\Local\Google
2013-05-28 19:42 . 2013-05-28 19:42
-------d-----wc:\progr
am files (x86)\Common Files\Java
2013-05-28 19:42 . 2013-04-04 03:35
w64\WindowsAccessBridge-32.dll
2013-05-28 01:49 . 2013-05-13 06:37
icrosoft\Windows Defender\Definition Updates\{E9F5F0E1-781C-4E97-B157-22435EB4C2
F4}\mpengine.dll
2013-05-21 19:47 . 2013-02-02 15:08
-------d-----wc:\users
\Dragan\AppData\Local\Investintech.com Inc
2013-05-21 19:46 . 2013-05-21 19:46
-------d-----wc:\users
\Dragan\AppData\Roaming\Nuance
2013-05-21 19:46 . 2013-05-21 19:46
-------d-----wc:\progr
am files (x86)\Investintech.com Inc
2013-05-21 19:09 . 2013-05-21 19:09
-------d-----wc:\progr
am files\ESET
2013-05-20 14:21 . 2013-06-04 20:19
-------d-----wC:\neman
jici slike
2013-05-17 17:31 . 2013-05-17 17:31
-------d-----wc:\progr
am files (x86)\Microsoft XNA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2013-06-04 23:12 . 2011-05-25 02:24
m32\atiuxp64.dll
2013-06-04 23:12 . 2013-02-09 13:09
m32\atiu9p64.dll
2013-06-04 23:12 . 2011-05-25 02:24
w64\atiu9pag.dll
2013-06-04 23:11 . 2011-05-25 03:06
m32\aticfx64.dll
2013-06-04 23:11 . 2011-05-25 03:07
w64\aticfx32.dll
2013-06-04 23:11 . 2011-05-25 02:49
m32\atidxx64.dll
2013-06-04 23:11 . 2011-05-25 02:50
w64\atiumdva.dll
2013-06-04 23:11 . 2011-05-25 02:39
w64\atiumdag.dll
2013-06-04 18:11 . 2012-04-26 07:59
30528 ----a-wc:\windows\GVTDr
v64.sys
2013-06-04 18:11 . 2012-04-26 07:37
25640 ----a-wc:\windows\gdrv.
sys
2013-05-11 16:58 . 2011-03-28 16:36
icrosoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-04-26 07:02
278800 ------wc:\windows\syste
m32\MpSigStub.exe
2013-04-24 16:31 . 2013-04-24 16:31
m32\drivers\AtihdW76.sys
2013-04-24 16:30 . 2013-04-24 16:30
m32\DelayAPO.dll
2013-04-10 15:10 . 2012-09-17 15:28
w64\npDeployJava1.dll
2013-04-10 15:10 . 2012-09-17 15:28
w64\deployJava1.dll
2013-04-08 13:47 . 2012-06-02 08:04
icrosoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports
.UI.dll
2013-04-08 13:47 . 2012-06-02 08:01
icrosoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-08 13:46 . 2012-12-30 11:33
icrosoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-04-03 07:58 . 2013-04-24 21:07
m32\drivers\ssudmdm.sys
2013-04-03 07:58 . 2013-04-24 21:07
m32\drivers\ssudbus.sys
2013-03-18 13:11 . 2013-03-18 13:11

9216
----a-wc:\windows\syste
m32\kdbsdk64.dll
2013-03-18 13:09 . 2013-03-18 13:09
7680
----a-wc:\windows\SysWo
w64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.
exe" [2009-11-15 33120]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-08-11 292044
8]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968
]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04
-23 311152]
"tcactive"="c:\program files (x86)\The Cleaner\tcap.exe" [2013-03-22 6153160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB Security"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2011-0131 623520]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2011-06-08 101888]
"OrderReminder"="c:\program files (x86)\Hewlett-Packard\OrderReminder\OrderRemin
der.exe" [2006-01-30 98304]
"Archos Sepang ModemListener"="c:\program files (x86)\HSPA USB MODEM\BackgroundS
ervice\ModemListener.exe" [2011-06-20 102400]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12
204136]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-0
1-21 91520]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.e
xe" [2010-11-15 112600]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04
-23 311152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [20
13-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
ed.exe" [2013-03-12 253816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart
.exe" [2013-06-04 676608]
.
c:\users\Dragan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft
Office\Office14\ONENOTEM.EXE /tsr [2010-1-21 226176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connect

ion Service\Bin\ACDaemon.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
ed.exe"
.
R2 Archos Sepang Modem Device Helper;Archos Sepang Modem Device Helper;c:\progra
m files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe;c:\program fil
es (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c
:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft
.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 moohelp;The Cleaner Helper Service;c:\program files (x86)\The Cleaner\mhelper
.exe;c:\program files (x86)\The Cleaner\mhelper.exe [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sy
s;c:\windows\SYSNATIVE\DRIVERS\wcmvcam64.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SY
SNATIVE\DRIVERS\amdiox64.sys [x]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys;c
:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\wi
ndows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys;c:\win
dows\SYSNATIVE\DRIVERS\CisUtMonitor.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windo
ws\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv; [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.
sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\s
ystem32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 SIWIO;SIWIO; [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\
DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\
windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\
DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\s
ptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\win
dows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVER
S\ehdrv.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys;c:\windows\SYSNA
TIVE\drivers\rsdrvx64.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;
c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\a
tiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\F
uel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service
.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd6
4\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2
.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Up
dater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\Applicat
ionUpdater.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRI
VERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\p
rogram files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program
files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x8
6)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewe
r_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
[x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system3
2\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\Etr
onHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32
\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.s
ys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\w
indows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\wi
ndows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WFLR6654;WinFast TV2000 XP Global/Global TV (XC2028);c:\windows\system32\driv
ers\wfeaglxt.sys;c:\windows\SYSNATIVE\drivers\wfeaglxt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed compon
ents\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 10:51
1165776 ----a-wc:\program files (x86)\Google\Ch
rome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 07:11]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-26 07:11]
.
2013-06-12 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2013-02-11 09:02]
.
.
--------- X64 Entries ----------.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10
776144 ----a-wc:\program files (x86)\Google\Dr
ive\googledrivesync64.dll
.
overlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
2013-04-16 14:10
.
overlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
2013-04-16 14:10
.
overlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
2013-04-16 14:10
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 1178071
2]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\
UpdaterStartupUtility.exe" [2012-09-20 444904]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-09 4030008]
.
------- Supplementary Scan ------.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?l=dis&o=APN10483&gct=hp&apn_ptnrs=^ALI&
apn_dtid=^YYYYYY^YY^RS&p2=^ALI^YYYYYY^YY^RS&tpid=CLM-V6&apn_dbr=cr_26.0.1410.43&
apn_uid=001FDDA4-382F-437C-BF5B-C5AA7A965394&itbv=11.8.1.240&doi=2013-04-07
mStart Page = hxxp://searchab.com/?aff=7&uid=53f75490-6895-11e2-9492-50e5495f2af
c
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Ado
be\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\W
CIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe
\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCI
EActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: bancaintesabeograd.com\online
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Dragan\AppData\Roaming\Mozilla\Firefox\Profiles\busb
8ixl.default\
FF - prefs.js: browser.search.selectedEngine - Ask Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
.
- - - - ORPHANS REMOVED - - - .
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
BHO-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
Toolbar-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_USERS\S-1-5-21-3872748912-2346404211-1058245888-1000\Software\Microsoft\Wi
ndows\CurrentVersion\Shell Extensions\Approved\{58EB9104-0FF7-C9EB-13AB-B5A8B71B
84AA}*]
"jalinoeifohflclpelig"=hex:62,61,6d,6e,00,00
"ialjnfggiibggecacn"=hex:6b,61,6b,6f,63,6c,6e,68,62,65,6b,6e,63,6e,6a,69,66,70,
6d,67,6e,63,00,00
"jalinoeifohflclpeleg"=hex:62,61,6d,6e,00,00
"habolfgicpnecafj"=hex:6b,61,6b,6f,63,6c,6f,68,63,70,6f,6e,6c,68,6d,6b,63,6b,
70,61,67,6e,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700
_169_ActiveX.exe,-101"
.
}\Elevation]
"Enabled"=dword:00000001
.
}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}]
@="IFlashBroker5"
.
9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}]
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700
_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}]
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}]
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B
0C4-0800200C9A66}]
@="IFlashBroker5"
.
0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actio
ns\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0
]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\Actio
nsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-14 22:21:41
ComboFix-quarantined-files.txt 2013-06-14 20:21
.
Pre-Run: 43,037,765,632 bytes free
Post-Run: 42,806,222,848 bytes free
.
- - End Of File - - E94F2E81479490EE7B7B4EE0969386A4
A36C5E4F47E84449FF07ED3517B43A31

Combo Fix

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Combo Fix

Enviado por

Direitos autorais:

Formatos disponíveis

ComboFix 13-06-13.01 - Dragan 14-Jun-13 21:58:39.1.

2013-06-04 23:09 . 2013-06-04 23:09

2013-06-04 22:00 . 2013-06-04 22:00

2013-03-18 13:11 . 2013-03-18 13:11

"ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connect

Você também pode gostar