ComboFix 15-04-28.01 - Mario 05.2015 . 17:41:46.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1026.18.4095.1995 [GMT 3:00]
Running from: c:\users\Mario\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
.
c:\users\Mario\AppData\Local\Temp\avgnt. exe\Avira.OE.ExtApi.dll
c:\users\Mario\AppData\Roaming\DLAUVH.ex e
c:\users\Mario\AppData\Roaming\EIQWMN.ex e
c:\users\Mario\AppData\Roaming\QVOZFC.ex e
c:\users\Mario\AppData\Roaming\XBPD.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-04-03 to 2015-05-03 )))))))))))))))))))))))))))))))
.
.
2015-05-03 14:50 . 2015-05-03 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-03 12:21 . 2013-07-02 14:29 24824 ----a-w- c:\windows\system32\drivers\IOMap64.sys
2015-05-03 09:25 . 2015-04-17 02:43 52392 ----a-w- c:\windows\system32\drivers\iSafeNetFilt er.sys
2015-05-03 09:24 . 2015-05-03 09:24 -------- d-----w- c:\programdata\boost_interprocess
2015-04-19 12:21 . 2015-04-19 12:22 -------- d-----w- c:\program files (x86)\Google
2015-04-19 12:21 . 2015-04-19 12:22 -------- d-----w- c:\users\Mario\AppData\Local\Google
2015-04-18 19:51 . 2015-04-18 19:51 -------- d-----w- c:\users\Mario\AppData\Local\Rockstar Games
2015-04-18 19:49 . 2015-04-15 16:21 -------- d-----w- c:\program files\Rockstar Games
2015-04-18 18:14 . 2015-04-18 19:51 -------- d-----w- c:\program files (x86)\Grand Theft Auto V
2015-04-17 12:14 . 2015-04-17 12:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-16 15:58 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F9651D0-55DB-4D81-A753-B0CC6F9FEE16}\mpengine.dll
2015-04-16 11:33 . 2015-04-19 13:54 -------- d-----w- c:\users\Mario\AppData\Roaming\BoL
2015-04-16 06:22 . 2015-04-16 06:22 -------- d-----w- c:\users\Mario\AppData\Roaming\Avira
2015-04-16 06:20 . 2015-03-24 11:59 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-04-16 06:20 . 2015-03-24 11:59 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-04-16 06:20 . 2015-03-24 11:59 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-04-16 06:20 . 2015-03-24 11:59 128536 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-04-16 06:18 . 2015-04-16 06:23 -------- d-----w- c:\program files (x86)\Avira
2015-04-16 06:18 . 2015-04-16 06:20 -------- d-----w- c:\programdata\Avira
2015-04-16 06:18 . 2015-04-16 06:18 -------- d-----w- c:\programdata\Package Cache
2015-04-16 06:14 . 2015-04-16 06:14 -------- d-----w- c:\users\Mario\AppData\Roaming\
www.shadowexplorer.com
2015-04-15 18:17 . 2015-04-15 18:17 -------- d-s---w- c:\windows\system32\CompatTel
2015-04-15 18:17 . 2015-04-15 18:17 -------- d-----w- c:\windows\system32\appraiser
2015-04-15 15:39 . 2015-04-08 20:32 560968 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-04-15 11:33 . 2015-03-25 03:00 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-04-15 11:32 . 2015-03-17 05:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 11:31 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-15 11:31 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-15 11:31 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-15 10:49 . 2015-04-15 10:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2015-04-15 10:30 . 2015-04-15 10:30 -------- d-----w- c:\users\Mario\AppData\Local\Gameforge4d
2015-04-04 20:11 . 2015-04-04 20:11 -------- d-s---w- c:\windows\system32\GWX
2015-04-04 20:11 . 2015-04-04 20:11 -------- d-s---w- c:\windows\SysWow64\GWX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2015-04-17 12:12 . 2015-03-17 13:11 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-15 13:11 . 2015-01-08 12:34 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-15 12:57 . 2015-01-01 13:43 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 12:57 . 2015-01-01 13:43 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cp l
2015-04-09 00:58 . 2015-03-18 13:03 1086424 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-04-09 00:58 . 2015-01-24 11:51 78480 ----a-w- c:\windows\system32\OpenCL.dll
2015-04-09 00:58 . 2015-01-24 11:51 66704 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-04-09 00:58 . 2015-01-24 11:50 14617288 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-04-09 00:58 . 2015-01-24 11:49 12689592 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-04-09 00:58 . 2015-01-24 11:49 3317344 ----a-w- c:\windows\system32\nvapi64.dll
2015-04-09 00:58 . 2015-01-24 11:49 2935416 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-04-08 21:30 . 2015-01-24 11:52 6841488 ----a-w- c:\windows\system32\nvcpl.dll
2015-04-08 21:30 . 2015-01-24 11:52 3478344 ----a-w- c:\windows\system32\nvsvc64.dll
2015-04-08 21:30 . 2015-01-24 11:52 936264 ----a-w- c:\windows\system32\nvvsvc.exe
2015-04-08 21:30 . 2015-01-24 11:52 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-04-08 21:30 . 2015-01-24 11:52 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2015-04-08 21:30 . 2015-01-24 11:52 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-04-08 17:52 . 2015-01-24 11:52 4336074 ----a-w- c:\windows\system32\nvcoproc.bin
2015-04-03 10:23 . 2015-04-03 10:24 1194185 ----a-w- c:\windows\unins000.exe
2015-03-28 03:44 . 2015-01-25 12:34 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-03-28 03:44 . 2015-01-24 11:53 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-03-28 03:43 . 2015-01-25 12:34 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-03-28 03:43 . 2015-01-24 11:53 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
2015-03-17 04:56 . 2015-04-15 11:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-13 19:41 . 2015-03-18 13:03 1896136 ----a-w- c:\windows\system32\nvdispco6434788.dll
2015-03-13 19:41 . 2015-03-18 13:03 1557648 ----a-w- c:\windows\system32\nvdispgenco6434788.d ll
2015-02-26 03:25 . 2015-03-11 12:26 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 01:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-11 12:27 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 12:27 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 12:27 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 12:27 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 12:27 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 12:27 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 12:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 12:27 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 12:27 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 12:27 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-17 13:26 . 2015-02-17 13:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-02-13 05:22 . 2015-03-11 12:26 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-04 09:23 . 2015-02-04 09:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 09:13 . 2015-02-04 09:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 12:26 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 12:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 12:27 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 12:27 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 12:27 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 12:27 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 12:27 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 12:27 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 12:26 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 12:26 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 12:27 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 12:27 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 12:27 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 12:27 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 12:27 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 12:27 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 12:27 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 12:27 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 12:27 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 12:27 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 12:27 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 12:27 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 12:27 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 12:27 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 12:27 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 12:27 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 12:27 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 12:27 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 12:27 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 12:27 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 12:27 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 12:27 82432 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 12:27 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 12:27 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 12:27 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 12:27 680960 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 12:27 296448 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 12:27 440832 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 12:27 32256 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 12:27 58880 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 12:27 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 12:27 9728 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 12:27 11264 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 12:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 12:27 126464 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 12:27 146944 ----a-w- c:\windows\system32\appidpolicyconverter .exe
2015-02-03 03:30 . 2015-03-11 12:27 17920 ----a-w- c:\windows\system32\appidcertstorecheck. exe
2015-02-03 03:30 . 2015-03-11 12:27 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 12:27 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 12:27 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 12:27 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 12:27 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 12:27 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 12:26 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 12:26 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 12:27 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 12:27 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 12:27 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ ~\Browser Helper Objects\{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-04-13 2889408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-01 3890208]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2014-10-31 2066432]
"DelaypluginInstall"="c:\programdata\Aim ersoft\Video Converter Ultimate\DelayPluginI.exe" [2014-12-12 1960336]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\progr am files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5Ser viceManager.exe" [2011-01-12 1523360]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-22 9919104]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-03-11 855768]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-04-10 130048]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2015-03-24 726320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\ microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\pr ogram files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\pro gram files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\ Framework64\v4.0.30319\mscorsvw.exe;c:\w indows\Microsoft.NET\Framework64\v4.0.30 319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\progr am files (x86)\Skype\Updater\Updater.exe [x]
R2 Update Cyti Web;Update Cyti Web;c:\program files (x86)\Cyti Web\updateCytiWeb.exe;c:\program files (x86)\Cyti Web\updateCytiWeb.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\ dmvsc.sys;c:\windows\SYSNATIVE\drivers\d mvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\dr ivers\EagleX64.sys;c:\windows\SYSNATIVE\ drivers\EagleX64.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.e xe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.e xe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollect or.exe;c:\windows\SYSNATIVE\IEEtwCollect or.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvi deominiport.sys;c:\windows\SYSNATIVE\dri vers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe; c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system3 2\drivers\synth3dvsc.sys;c:\windows\SYSN ATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\termi npt.sys;c:\windows\SYSNATIVE\drivers\ter minpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\dr ivers\tsusbflt.sys;c:\windows\SYSNATIVE\ drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsb GD.sys;c:\windows\SYSNATIVE\drivers\TsUs bGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\dr ivers\tsusbhub.sys;c:\windows\SYSNATIVE\ drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rd vgkmd.sys;c:\windows\SYSNATIVE\drivers\r dvgkmd.sys [x]
R3 WatAdminSvc; Windows;c:\windows\system32\Wat\WatAdmin Svc.exe;c:\windows\SYSNATIVE\Wat\WatAdmi nSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 {7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw64;{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw64;c:\windows\system32\dr ivers\{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw64.sys;c:\windows\SYSNATI VE\drivers\{7b7db604-54eb-492b-a629-19e0f0c6ac57}Gw64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\driver s\aswSnx.sys;c:\windows\SYSNATIVE\driver s\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\ aswSP.sys;c:\windows\SYSNATIVE\drivers\a swSP.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVER S\avkmgr.sys;c:\windows\SYSNATIVE\DRIVER S\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsof tbus01.sys;c:\windows\SYSNATIVE\DRIVERS\ dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe ;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\progr am files (x86)\Avira\Antivirus\sched.exe [x]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c :\windows\SysWOW64\ASGT.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSy sCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSy sCtrlService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\a swHwid.sys;c:\windows\SYSNATIVE\drivers\ aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\ drivers\aswMonFlt.sys;c:\windows\SYSNATI VE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\driver s\aswStm.sys;c:\windows\SYSNATIVE\driver s\aswStm.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\progra m files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DR IVERS\avnetflt.sys;c:\windows\SYSNATIVE\ DRIVERS\avnetflt.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\progr am files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService. exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService. exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe; c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\ IOMap64.sys;c:\windows\SYSNATIVE\drivers \IOMap64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys; c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad6 4v.sys;c:\windows\SYSNATIVE\drivers\nvva d64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64w in7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt6 4win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viah duaa.sys;c:\windows\SYSNATIVE\drivers\vi ahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\ microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-19 12:22 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.231 1.135\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\Flash PlayerUpdateService.exe [2015-01-01 12:57]
.
2015-05-03 c:\windows\Tasks\GoogleUpdateTaskMachine Core.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-19 12:21]
.
2015-05-03 c:\windows\Tasks\GoogleUpdateTaskMachine UA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-19 12:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\explorer\shellicono verlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-01 13:46 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartu pUtility.exe" [2011-03-15 499608]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
"ShadowPlay"="c:\windows\system32\nvspca p64.dll" [2015-03-28 1570672]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CT ID&ISID=M9AF30E2D-3851-4878-8C8D-A4A4C0489099&SearchSource=55&CUI=&UM=8&U P=SPB009B209-9479-43EE-B879-FEF887E65BC8&SSPV=SP2200TA_sp_ie
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
TCP: DhcpNameServer = 217.9.239.90 192.168.0.1
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\F irefox\Profiles\tbj2bkqs.default-1421426715215\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-YTDownloader - c:\program files (x86)\YTDownloader\YTDownloader.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - (no file)
AddRemove-World of Metin2 - c:\program files (x86)\World of Metin2\Uninstall.exe
AddRemove-{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1 - c:\program files (x86)\GameforgeLive\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,6 5,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6 e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system3 2\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flas h\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flas h\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flas h\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flas h\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flas h\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6 432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrash Handler.exe
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
.
**************************************** **********************************
.
Completion time: 2015-05-03 17:58:07 - machine was rebooted
ComboFix-quarantined-files.txt 2015-05-03 14:58
.
Pre-Run: 73*281*929*216 bytes free
Post-Run: 74*852*495*360 bytes free
.
- - End Of File - - 852BEC10426718CB3E33F9852835B939
A36C5E4F47E84449FF07ED3517B43A31
Lenovo ThinkPad 15 IdeaPad 15
05.05.23 ., 22:16 in