Combo Fix

ComboFix 13-02-21.02 - Caspian van Buuren 02/21/2013 20:50:13.1.
4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.24574.21430 [GMT 1:00]
Running from: c:\users\Caspian van Buuren\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1
-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001
-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\users\Caspian van Buuren\AppData\Roaming\mIRC\logs\status.log
.
.
((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 )))))))
))))))))))))))))))))))))
.
.
2013-02-21 19:55 . 2013-02-21 19:55
-------d-----wc:\users
\Default\AppData\Local\temp
2013-02-21 19:09 . 2013-02-21 19:09
-------d-----wc:\windo
ws\LastGood
2013-02-21 19:09 . 2011-06-10 05:34
539240 ----a-wc:\windows\syste
m32\drivers\Rt64win7.sys
2013-02-21 18:08 . 2013-02-21 18:08
-------d-----wc:\users
\Caspian van Buuren\AppData\Roaming\NVIDIA
2013-02-21 18:05 . 2013-02-21 18:05
-------d-----wC:\NVIDI
A
2013-02-21 17:59 . 2013-02-21 18:57
-------d-----wc:\progr
amdata\NVIDIA
2013-02-21 17:54 . 2012-10-02 19:51
m32\nvcoproc.bin
2013-02-21 17:54 . 2012-10-02 19:51
m32\nvsvc64.dll
2013-02-21 17:54 . 2012-10-02 19:51
m32\nvcpl.dll
2013-02-21 17:54 . 2012-10-02 19:50
m32\nvvsvc.exe
2013-02-21 17:54 . 2012-10-02 19:50
m32\nvshext.dll
2013-02-21 17:54 . 2012-10-02 19:50
m32\nvmctray.dll
2013-02-21 17:54 . 2013-02-21 18:07
-------d-----wc:\progr
am files\NVIDIA Corporation
2013-02-14 02:04 . 2013-01-09 01:10
996352 ----a-wc:\program files
\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:04 . 2013-01-08 22:01
768000 ----a-wc:\program files
(x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:00 . 2013-01-09 01:19
m32\jscript9.dll
2013-02-13 05:27 . 2013-01-05 05:53
m32\ntoskrnl.exe
2013-02-13 05:27 . 2013-01-05 05:00
3967848 ----a-wc:\windows\SysWo
w64\ntkrnlpa.exe
2013-02-13 05:27 . 2013-01-05 05:00
w64\ntoskrnl.exe
2013-02-13 05:26 . 2013-01-04 03:26
m32\win32k.sys
2013-02-13 05:26 . 2013-01-04 05:46
m32\winsrv.dll
2013-02-13 05:26 . 2013-01-04 02:47
w64\setup16.exe
2013-02-13 05:26 . 2013-01-04 02:47
w64\ntvdm64.dll
2013-02-13 05:26 . 2013-01-04 04:51
5120
----a-wc:\windows\SysWo
w64\wow32.dll
2013-02-13 05:26 . 2013-01-04 02:47
7680
w64\instnm.exe
2013-02-13 05:26 . 2013-01-04 02:47
2048
w64\user.exe
2013-02-13 05:26 . 2013-01-03 06:00
m32\drivers\tcpip.sys
2013-02-13 05:26 . 2013-01-03 06:00
m32\drivers\FWPKCLNT.SYS
2013-02-06 20:12 . 2013-02-06 20:12
-------d-----wc:\progr
am files (x86)\Common Files\Skype
2013-02-04 20:24 . 2013-02-04 20:24
-------d-----wc:\users
\Caspian van Buuren\AppData\Roaming\OpenOffice.org
2013-02-04 20:19 . 2013-02-04 20:20
-------d-----wc:\progr
am files (x86)\OpenOffice.org 3
2013-01-31 21:52 . 2013-01-31 21:52
-------d-----wc:\progr
am files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2013-02-19 08:30 . 2012-08-17 21:09
m32\drivers\avgtpx64.sys
2013-02-14 02:08 . 2012-08-20 12:32
70004024
----a-wc:\windo
ws\system32\MRT.exe
2013-02-08 16:44 . 2012-08-16 20:40
w64\FlashPlayerCPLApp.cpl
2013-02-08 16:44 . 2012-08-16 20:40
w64\FlashPlayerApp.exe
2013-01-04 04:43 . 2013-02-13 05:26
44032 ----a-wc:\windows\apppa
tch\acwow64.dll
2012-12-26 19:17 . 2012-12-26 19:19
m32\matrix_sw65v08.scr
2012-12-25 23:27 . 2012-08-18 14:55
m32\themeui.dll
2012-12-23 22:04 . 2012-12-23 22:04
m32\deployJava1.dll
2012-12-23 22:04 . 2012-12-23 22:04
m32\javaws.exe
2012-12-23 22:04 . 2012-12-23 22:04
m32\npDeployJava1.dll
2012-12-23 22:04 . 2012-12-23 22:04
m32\javaw.exe
2012-12-23 22:04 . 2012-12-23 22:04
m32\WindowsAccessBridge-64.dll
2012-12-23 22:04 . 2012-12-23 22:04
m32\java.exe
2012-12-16 17:11 . 2012-12-21 02:01
m32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 02:00
m32\atmfd.dll
2012-12-16 14:13
w64\atmfd.dll
2012-12-16 14:13
w64\atmlib.dll
2012-12-07 13:20
m32\Wpc.dll
2012-12-07 13:15
m32\gameux.dll
2012-12-07 12:26
w64\Wpc.dll
2012-12-07 12:20
w64\gameux.dll
2012-12-07 11:20
m32\usk.rs
2012-12-07 11:20
m32\csrr.rs
2012-12-07 11:20
m32\oflc.rs
2012-12-07 11:20
m32\oflc-nz.rs
2012-12-07 11:20
m32\pegibbfc.rs
2012-12-07 11:20
m32\pegi-fi.rs
2012-12-07 11:20
m32\pegi-pt.rs
2012-12-07 11:19
m32\pegi.rs
2012-12-07 11:19
m32\fpb.rs
2012-12-07 11:19
m32\cob-au.rs
2012-12-07 11:19
m32\grb.rs
2012-12-07 11:19
m32\djctq.rs
2012-12-07 11:19
m32\cero.rs
2012-12-07 11:19
m32\esrb.rs
2012-12-07 10:46
w64\csrr.rs
2012-12-07 10:46
w64\usk.rs
2012-12-07 10:46
w64\oflc-nz.rs
2012-12-07 10:46
w64\pegibbfc.rs
2012-12-07 10:46
w64\pegi-pt.rs
2012-12-07 10:46
w64\oflc.rs
2012-12-07 10:46
w64\pegi-fi.rs
2012-12-07 10:46
w64\fpb.rs
2012-12-07 10:46
w64\pegi.rs
2012-12-07 10:46
. 2012-12-21 02:00
295424 ----a-w-
c:\windows\SysWo
. 2012-12-21 02:01
34304
----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
441856 ----a-w-
c:\windows\syste
. 2013-01-09 04:35
2746368 ----a-w-
c:\windows\syste
. 2013-01-09 04:35
308736 ----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
2576384 ----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
30720
----a-w-
c:\windows\syste
. 2013-01-09 04:35
43520
----a-w-
c:\windows\syste
. 2013-01-09 04:35
23552
----a-w-
c:\windows\syste
. 2013-01-09 04:35
45568
----a-w-
c:\windows\syste
. 2013-01-09 04:35
44544
----a-w-
c:\windows\syste
. 2013-01-09 04:35
20480
----a-w-
c:\windows\syste
. 2013-01-09 04:35
20480
----a-w-
c:\windows\syste
. 2013-01-09 04:35
20480
----a-w-
c:\windows\syste
. 2013-01-09 04:35
46592
----a-w-
c:\windows\syste
. 2013-01-09 04:35
40960
----a-w-
c:\windows\syste
. 2013-01-09 04:35
21504
----a-w-
c:\windows\syste
. 2013-01-09 04:35
15360
----a-w-
c:\windows\syste
. 2013-01-09 04:35
55296
----a-w-
c:\windows\syste
. 2013-01-09 04:35
51712
----a-w-
c:\windows\syste
. 2013-01-09 04:35
43520
----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
30720
----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
45568
----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
44544
----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
20480
----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
23552
----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
20480
----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
46592
----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
20480
----a-w-
c:\windows\SysWo
. 2013-01-09 04:35
21504
----a-w-
c:\windows\SysWo
w64\grb.rs
2012-12-07 10:46 . 2013-01-09 04:35
40960 ----a-ww64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 04:35
15360 ----a-ww64\djctq.rs
2012-12-07 10:46 . 2013-01-09 04:35
51712 ----a-ww64\esrb.rs
2012-12-07 10:46 . 2013-01-09 04:35
55296 ----a-ww64\cero.rs
2012-11-30 05:45 . 2013-01-09 04:34
362496 ----a-wm32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 04:34
243200 ----a-wm32\wow64.dll
2012-11-30 05:45 . 2013-01-09 04:34
13312 ----a-wm32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 04:34
16384 ----a-wm32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 04:34
424448 ----a-wm32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 04:34
1161216 ----a-wm32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
---ha-wm32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
6144
---ha-wm32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
4608
---ha-wm32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
4608
---ha-wm32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
4096
---ha-wm32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
4096
---ha-wm32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3584
---ha-wm32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3584
---ha-wm32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3584
---ha-wm32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3584
---ha-wm32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
---ha-wm32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
---ha-wm32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
---ha-wm32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
5120
---ha-wm32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
4096
---ha-wm32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3584
---ha-wm32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3584
---ha-wm32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3584
---ha-wm32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
---ha-wm32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
---ha-w-
c:\windows\SysWo
c:\windows\SysWo
c:\windows\SysWo
c:\windows\SysWo
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
c:\windows\syste
m32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
---ha-wc:\windows\syste
m32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
m32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
m32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
m32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
m32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
m32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
4096
m32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 04:34
3072
m32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 04:34
w64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 04:34
4608
---ha-wc:\windows\SysWo
w64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
4096
w64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
4096
w64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
4096
w64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
4096
w64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
3584
w64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
3584
w64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
3584
w64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
3584
w64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
3584
w64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
3584
w64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
3072
w64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
3072
w64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
3072
w64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
3072
w64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:34
4096
w64\api-ms-win-core-localization-l1-1-0.dll
.
.
------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385]
.. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600
.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385]
.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385]
.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385]
.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385]
.17514_none_afdaac81905bf900\explorer.exe
[-] 2010-11-11 . 44EE25FD6F607B2E52EC55257C75ABB9 . 2387456 . . [6.1.7600.16385]
.. c:\windows\explorer.exe
[7] 2010-11-11 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385]
.16450_none_adc508f19359a007\explorer.exe
[7] 2010-11-11 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385]
.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2010-11-11 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385]
.16404_none_adff19b5932d79ae\explorer.exe
[7] 2010-11-11 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385]
.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385]
.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentContro
l_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691
-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49
176936 ----a-wc:\program files (x86)\uTorrentC
ontrol_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F
-4BF1-B163-73684A933233}]
2013-02-19 08:30
1929392 ----a-wc:\program files (x86)\AVG Secur
e Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentContro
l_v2\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Sea
rch\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-19 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [201208-28 3671904]
"Facebook Update"="c:\users\Caspian van Buuren\AppData\Local\Facebook\Update\Fac
ebookUpdate.exe" [2012-09-19 138096]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-1
1-06 4032968]
"Spotify"="c:\users\Caspian van Buuren\AppData\Roaming\Spotify\Spotify.exe" [201
3-01-12 7880664]
"Spotify Web Helper"="c:\users\Caspian van Buuren\AppData\Roaming\Spotify\Data\S
potifyWebHelper.exe" [2013-01-12 1199576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 27
70432]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2
010-03-05 411864]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2009-12
-29 887936]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Re
ader_sl.exe" [2009-02-28 35696]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-11-24 1874432]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-19 1151152
]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
ed.exe" [2012-07-03 252848]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2012-10-25
593784]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\Caspian van Buuren\AppData\Roaming\Microsoft\Windows\Start Menu\Program
s\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quick
start.exe [2012-8-13 1199104]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-8-12 41160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2
012-11-15 5814904]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\
HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c
:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C S
ervice\c2c_service.exe [2013-01-31 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2
013-01-08 161536]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri
vers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVE

RS\RtTeam60.sys [2008-10-24 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\
RtVlan60.sys [2007-12-03 24064]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\W
atAdminSvc.exe [2012-08-18 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-2
1 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVE
RS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [20
12-09-14 40800]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012
-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012
-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 20
0032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-19 39768]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsof
tbus01.sys [2012-08-28 283200]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2012-08-16 16384]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXper
tService.exe [2009-12-16 122880]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSy
sCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2
2 196664]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\Devic
eVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hyperviso
r-amd64.sys [2012-10-25 71032]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\Blue
Stacks\HD-LogRotatorService.exe [2012-10-25 384888]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService
.exe [2009-10-16 319488]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sy
s [2007-12-11 26624]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Fil
es\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-19 96888
0]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011
-06-10 539240]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system
32\drivers\viahduaa.sys [2010-01-11 1290752]
.
.
--- Other Services/Drivers In Memory --.
*NewlyCreated* - CPUZ135
*Deregistered* - cpuz135
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 16
:44]
.
2013-02-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2802207223-3971950214
-3254347145-1000Core.job
- c:\users\Caspian van Buuren\AppData\Local\Facebook\Update\FacebookUpdate.exe [
2012-09-19 18:37]
.
2013-02-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2802207223-3971950214
-3254347145-1000UA.job
- c:\users\Caspian van Buuren\AppData\Local\Facebook\Update\FacebookUpdate.exe [
2012-09-19 18:37]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2802207223-3971950214-3
254347145-1000Core.job
- c:\users\Caspian van Buuren\AppData\Local\Google\Update\GoogleUpdate.exe [2012
-08-16 17:23]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2802207223-3971950214-3
254347145-1000UA.job
- c:\users\Caspian van Buuren\AppData\Local\Google\Update\GoogleUpdate.exe [2012
-08-16 17:23]
.
2013-02-21 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-25 05:43
]
.
.
--------- X64 Entries ----------.
.
------- Supplementary Scan ------.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=ya
hoo&QS=http%3A%2F%2Fsearch.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files
(x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - .
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-Tony Hawk's Pro Skater 3 - c:\progra~2\ACTIVI~1\Thps3\UNINST~1\UNWISE.E
XE
.
.
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-21 20:57:10

ComboFix-quarantined-files.txt 2013-02-21 19:57
.
Pre-Run: 629,957,545,984 bytes free
Post-Run: 630,661,427,200 bytes free
.
- - End Of File - - 4A04D361EA29520E22055A9275CDCA5D

Combo Fix

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Combo Fix

Diunggah oleh

Hak Cipta:

Format Tersedia

ComboFix 13-02-21.02 - Caspian van Buuren 02/21/2013 20:50:13.1.

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVE

2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job

Completion time: 2013-02-21 20:57:10

Anda mungkin juga menyukai