Hello! Di sini anda dapat mempaste text dan lainnya, gunakan password bila diperlukan.

Posted by Caesar on July Fri 12th 9:10 AM - Never Expires
Download | New paste

  1. ComboFix 13-07-11.03 - Andreschz 07/12/2013   7:41.1.2 - x64
  2. Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3071.1592 [GMT 7:00]
  3. Running from: c:\users\Andreschz\Downloads\Programs\ComboFix.exe
  4. AV: avast! Internet Security *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
  5. FW: avast! Internet Security *Disabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}
  6. SP: avast! Internet Security *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
  7. SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  8.  * Created a new restore point
  9. .
  10. .
  11. (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
  12. .
  13. .
  14. C:\CFLog
  15. c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab
  16. c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
  17. c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
  18. c:\programdata\safe syavEE
  19. c:\programdata\safe syavEE\51cc4334cd7f5.dll
  20. c:\programdata\safe syavEE\51cc4334cd7f5.tlb
  21. c:\programdata\safe syavEE\settings.ini
  22. c:\programdata\SearchNewTab
  23. c:\programdata\SearchNewTab\51cc44bd51e76.dll
  24. c:\programdata\SearchNewTab\51cc44bd51e76.tlb
  25. c:\programdata\SearchNewTab\settings.ini
  26. c:\programdata\SearchNewTab\uninstall.exe
  27. c:\users\ANDRES~1\AppData\Local\Temp\7zS6BE3\HPSLPSVC64.DLL
  28. c:\users\Andreschz\AppData\Local\Temp\7zS6BE3\HPSLPSVC64.DLL
  29. c:\users\Andreschz\AppData\Roaming\9B06.exe
  30. c:\users\Andreschz\AppData\Roaming\dach100.dll
  31. c:\users\Andreschz\AppData\Roaming\facemoods.com
  32. c:\users\Andreschz\AppData\Roaming\kkpa
  33. c:\users\Andreschz\AppData\Roaming\kkpa\msvcr100.dll
  34. c:\users\Andreschz\Documents\~WRL0033.tmp
  35. c:\windows\assembly\GAC_32\Desktop.ini
  36. c:\windows\assembly\GAC_64\Desktop.ini
  37. c:\windows\assembly\temp\@
  38. c:\windows\assembly\temp\cfg.ini
  39. c:\windows\iun6002.exe
  40. c:\windows\Jaz.dll
  41. c:\windows\system32\consrv.dll
  42. c:\windows\System64
  43. c:\windows\SysWow64\1.a
  44. c:\windows\SysWow64\frapsvid.dll
  45. c:\windows\SysWow64\muzapp.exe
  46. c:\windows\SysWow64\System32\MASetupCleaner.exe
  47. c:\windows\SysWow64\System32\muzapp.exe
  48. .
  49. .
  50. (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
  51. .
  52. .
  53. -------\Service_KernelMemory
  54. -------\Service_HPSLPSVC
  55. .
  56. .
  57. (((((((((((((((((((((((((   Files Created from 2013-06-12 to 2013-07-12  )))))))))))))))))))))))))))))))
  58. .
  59. .
  60. 2013-07-12 01:01 . 2013-07-12 01:01     --------     d-----w-     c:\users\UpdatusUser\AppData\Local\temp
  61. 2013-07-12 01:01 . 2013-07-12 01:01     --------     d-----w-     c:\users\Default\AppData\Local\temp
  62. 2013-06-30 11:36 . 2013-06-30 11:36     --------     d-----w-     c:\program files (x86)\DomDomSoft Manga Downloader
  63. 2013-06-28 04:06 . 2013-06-28 04:06     --------     d-----w-     C:\New folder
  64. 2013-06-28 04:06 . 2013-06-28 04:06     --------     d-----w-     C:\Smadav
  65. 2013-06-28 03:24 . 2013-06-28 04:21     --------     d-----w-     c:\program files (x86)\Smadav
  66. 2013-06-27 14:00 . 2013-06-27 14:00     --------     d-----w-     c:\programdata\StarApp
  67. 2013-06-27 13:54 . 2013-06-27 13:54     --------     d-----w-     c:\program files (x86)\WebSearch
  68. 2013-06-27 13:49 . 2013-06-28 02:21     --------     d-----w-     c:\program files (x86)\SafeSaver
  69. 2013-06-27 13:47 . 2013-06-27 14:15     --------     d-----w-     c:\programdata\InstallMate
  70. 2013-06-24 08:12 . 2013-06-24 08:12     --------     d-----w-     c:\program files (x86)\Gravity
  71. 2013-06-15 03:26 . 2013-06-15 03:26     --------     d-----w-     c:\users\Andreschz\AppData\Local\NVIDIA
  72. 2013-06-14 12:58 . 2013-06-14 12:58     --------     d-----w-     c:\programdata\Codemasters
  73. 2013-06-12 04:45 . 2013-06-12 04:47     --------     d-----w-     c:\users\Andreschz\AppData\Roaming\To the Moon - Freebird Games
  74. .
  75. .
  76. .
  77. ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
  78. .
  79. 2013-07-06 11:57 . 2012-04-11 22:58     692104       ----a-w-       c:\windows\SysWow64\FlashPlayerApp.exe
  80. 2013-07-06 11:57 . 2011-11-04 09:36     71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  81. 2013-06-28 08:35 . 2012-01-07 07:53     2432 ----a-w- c:\windows\SysWow64\drivers\KernelMemory.sys
  82. 2013-05-12 21:42 . 2009-08-05 23:50     2935696      ----a-w-      c:\windows\system32\nvapi64.dll
  83. 2013-05-12 21:42 . 2009-07-13 21:59     15910736     ----a-w-     c:\windows\system32\nvwgf2umx.dll
  84. 2013-05-12 20:34 . 2011-01-07 13:49     6491936      ----a-w-      c:\windows\system32\nvcpl.dll
  85. 2013-05-12 20:34 . 2011-01-07 13:49     3514656      ----a-w-      c:\windows\system32\nvsvc64.dll
  86. 2013-05-12 20:34 . 2011-01-07 13:48     884512       ----a-w-       c:\windows\system32\nvvsvc.exe
  87. 2013-05-12 20:34 . 2009-08-06 02:23     63776        ----a-w-        c:\windows\system32\nvshext.dll
  88. 2013-05-12 20:34 . 2011-01-07 13:48     237856       ----a-w-       c:\windows\system32\nvmctray.dll
  89. 2013-05-12 08:43 . 2013-05-12 08:43     566048       ----a-w-       c:\windows\SysWow64\nvStreaming.exe
  90. 2012-09-18 05:33 . 2012-09-18 05:33     4096000      ----a-w-      c:\program files (x86)\GUT7552.tmp
  91. .
  92. .
  93. ------- Sigcheck -------
  94. Note: Unsigned files aren't necessarily malware.
  95. .
  96. [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
  97. [-] 2009-07-14 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
  98. .
  99. [-] 2012-11-19 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
  100. [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
  101. .
  102. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
  103. .
  104. .
  105. *Note* empty entries & legit default entries are not shown
  106. REGEDIT4
  107. .
  108. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  109. "SM?RT-Protection"="c:\program files (x86)\Smadav\SM?RTP.exe" [?]
  110. "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
  111. "Akamai NetSession Interface"="c:\users\Andreschz\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
  112. "Facebook Update"="c:\users\Andreschz\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
  113. "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-03-28 1511792]
  114. "KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-03-20 578560]
  115. "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-04-03 3565432]
  116. .
  117. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  118. "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 5299320]
  119. "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
  120. "UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2009-07-15 132096]
  121. "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
  122. "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-03-28 310640]
  123. .
  124. c:\users\Andreschz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  125. AntiCrash.lnk - c:\program files (x86)\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798]
  126. .
  127. c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
  128. Run Google Web Accelerator.lnk - c:\program files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-1-29 622592]
  129. .
  130. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  131. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  132. "ConsentPromptBehaviorUser"= 3 (0x3)
  133. "EnableUIADesktopToggle"= 0 (0x0)
  134. .
  135. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
  136. "LoadAppInit_DLLs"=1 (0x1)
  137. .
  138. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  139. BootExecute     REG_MULTI_SZ         \0
  140. .
  141. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
  142. "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  143. "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
  144. .
  145. R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
  146. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
  147. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
  148. R3 ACE;ACE;d:\program files (x86)\OhLaLa\ACEonline\ace64.sys;d:\program files (x86)\OhLaLa\ACEonline\ace64.sys [x]
  149. R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
  150. R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
  151. R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
  152. R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
  153. R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\plugins\UI\safedrv.sys;c:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
  154. R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
  155. R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
  156. R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
  157. R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
  158. R3 npkycryp;npkycryp;d:\program files (x86)\Gravity\RagnarokOnline\npkycryp.sys;d:\program files (x86)\Gravity\RagnarokOnline\npkycryp.sys [x]
  159. R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\DRIVERS\PTDCWWAN.sys;c:\windows\SYSNATIVE\DRIVERS\PTDCWWAN.sys [x]
  160. R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbser.sys [x]
  161. R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
  162. R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
  163. R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
  164. R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
  165. R3 USB_BusEnum_H;EVDO Telecom USB Bus Enumerator h;c:\windows\system32\DRIVERS\USB_BusEnum_H.sys;c:\windows\SYSNATIVE\DRIVERS\USB_BusEnum_H.sys [x]
  166. R3 USB_BusEnum_W;EVDO Telecom USB Bus Enumerator w;c:\windows\system32\DRIVERS\USB_BusEnum_W.sys;c:\windows\SYSNATIVE\DRIVERS\USB_BusEnum_W.sys [x]
  167. R3 USB_ETS_H;EVDO Rev A Service USB port h;c:\windows\system32\DRIVERS\USB_ETS_H.sys;c:\windows\SYSNATIVE\DRIVERS\USB_ETS_H.sys [x]
  168. R3 USB_ETS_W;EVDO Rev A Service USB port w;c:\windows\system32\DRIVERS\USB_ETS_W.sys;c:\windows\SYSNATIVE\DRIVERS\USB_ETS_W.sys [x]
  169. R3 USB_WinMux_H;EVDO Telecom USB MUX Serial Port h;c:\windows\system32\DRIVERS\USB_WinMux_H.sys;c:\windows\SYSNATIVE\DRIVERS\USB_WinMux_H.sys [x]
  170. R3 USB_WinMux_W;EVDO Telecom USB MUX Serial Port w;c:\windows\system32\DRIVERS\USB_WinMux_W.sys;c:\windows\SYSNATIVE\DRIVERS\USB_WinMux_W.sys [x]
  171. R3 UsbModemDriver;EVDO Rev A USB Modem h;c:\windows\system32\DRIVERS\USB_MODEM_H.sys;c:\windows\SYSNATIVE\DRIVERS\USB_MODEM_H.sys [x]
  172. R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
  173. R3 X6va001;X6va001;c:\users\ANDRES~1\AppData\Local\Temp\00177ED.tmp;c:\users\ANDRES~1\AppData\Local\Temp\00177ED.tmp [x]
  174. R3 X6va002;X6va002;c:\users\ANDRES~1\AppData\Local\Temp\0026DD5.tmp;c:\users\ANDRES~1\AppData\Local\Temp\0026DD5.tmp [x]
  175. R3 X6va003;X6va003;c:\users\ANDRES~1\AppData\Local\Temp\003B8F2.tmp;c:\users\ANDRES~1\AppData\Local\Temp\003B8F2.tmp [x]
  176. R3 X6va005;X6va005;c:\users\ANDRES~1\AppData\Local\Temp\005695.tmp;c:\users\ANDRES~1\AppData\Local\Temp\005695.tmp [x]
  177. R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
  178. R4 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
  179. S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
  180. S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
  181. S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
  182. S2 CDROM_Eject_H;CDROM_Eject_H;c:\program files\Smartfren Connex CE682 UI\HEject.exe;c:\program files\Smartfren Connex CE682 UI\HEject.exe [x]
  183. S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
  184. S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
  185. S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
  186. S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
  187. S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe;c:\program files (x86)\Join Air\AssistantServices.exe [x]
  188. S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
  189. S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
  190. S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
  191. S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
  192. .
  193. .
  194. --- Other Services/Drivers In Memory ---
  195. .
  196. *NewlyCreated* - WS2IFSL
  197. .
  198. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
  199. Akamai  REG_MULTI_SZ      Akamai
  200. .
  201. Contents of the 'Scheduled Tasks' folder
  202. .
  203. 2013-07-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788248346-997593188-482688952-1000Core.job
  204. - c:\users\Andreschz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-04 03:43]
  205. .
  206. 2013-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788248346-997593188-482688952-1000UA.job
  207. - c:\users\Andreschz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-04 03:43]
  208. .
  209. .
  210. --------- X64 Entries -----------
  211. .
  212. .
  213. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
  214. @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
  215. [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
  216. 2012-11-15 23:07        23496   ----a-w-   c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
  217. .
  218. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  219. "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
  220. "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 5299320]
  221. "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
  222. .
  223. ------- Supplementary Scan -------
  224. .
  225. uLocal Page = c:\windows\system32\blank.htm
  226. uStart Page = about:blank
  227. mStart Page = hxxp://websearch.searchdwebs.info/?pid=298&r=2013/06/27&hid=3565256926&lg=EN&cc=ID&unqvl=22
  228. mDefault_Page_URL = hxxp://id.yahoo.com/?fr=mkg029
  229. mLocal Page = c:\windows\SysWOW64\blank.htm
  230. IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
  231. IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
  232. FF - ProfilePath - c:\users\Andreschz\AppData\Roaming\Mozilla\Firefox\Profiles\9atnetbl.default-1368367006783\
  233. FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchdwebs.info/?pid=298&r=2013/06/27&hid=3565256926&lg=EN&cc=ID&unqvl=22&l=1&q=
  234. FF - prefs.js: browser.search.selectedEngine - Google
  235. FF - prefs.js: browser.startup.homepage - about:home
  236. FF - prefs.js: keyword.URL - hxxp://websearch.searchdwebs.info/?pid=298&r=2013/06/27&hid=3565256926&lg=EN&cc=ID&unqvl=22&l=1&q=
  237. FF - prefs.js: network.proxy.ftp - 69.197.132.80
  238. FF - prefs.js: network.proxy.ftp_port - 3128
  239. FF - prefs.js: network.proxy.http - 69.197.132.80
  240. FF - prefs.js: network.proxy.http_port - 3128
  241. FF - prefs.js: network.proxy.socks - 69.197.132.80
  242. FF - prefs.js: network.proxy.socks_port - 3128
  243. FF - prefs.js: network.proxy.ssl - 69.197.132.80
  244. FF - prefs.js: network.proxy.ssl_port - 3128
  245. FF - prefs.js: network.proxy.type - 0
  246. .
  247. - - - - ORPHANS REMOVED - - - -
  248. .
  249. URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
  250. BHO-{DA437F12-0CBD-5C48-D31D-5B51731A7BE9} - c:\programdata\SearchNewTab\51cc44bd51e76.dll
  251. AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
  252. AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SearchNewTab\uninstall.exe
  253. .
  254. .
  255. .
  256. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
  257. "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
  258. .
  259. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
  260. "ImagePath"="c:\windows\system32\GameMon.des -service"
  261. .
  262. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
  263. "ImagePath"="\??\c:\users\ANDRES~1\AppData\Local\Temp\00177ED.tmp"
  264. .
  265. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]
  266. "ImagePath"="\??\c:\users\ANDRES~1\AppData\Local\Temp\0026DD5.tmp"
  267. .
  268. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
  269. "ImagePath"="\??\c:\users\ANDRES~1\AppData\Local\Temp\003B8F2.tmp"
  270. .
  271. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
  272. "ImagePath"="\??\c:\users\ANDRES~1\AppData\Local\Temp\005695.tmp"
  273. .
  274. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
  275. "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
  276. .
  277. --------------------- LOCKED REGISTRY KEYS ---------------------
  278. .
  279. [HKEY_USERS\S-1-5-21-3788248346-997593188-482688952-1000_Classes\Wow6432Node\CLSID\{69185faf-157a-4ba7-bf2a-37fedf5d55f4}]
  280. @Denied: (Full) (Everyone)
  281. @Allowed: (Read) (RestrictedCode)
  282. "Model"=dword:00000062
  283. "Therad"=dword:00000018
  284. "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
  285.    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
  286. .
  287. [HKEY_USERS\S-1-5-21-3788248346-997593188-482688952-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
  288. @Denied: (Full) (Everyone)
  289. @Allowed: (Read) (RestrictedCode)
  290. "scansk"=hex(0):c1,66,96,87,4c,98,52,ef,d3,e1,f2,19,87,95,c4,ee,dc,4c,d8,dd,e0,
  291.    af,2e,08,ce,4e,2d,ca,06,11,76,2c,03,aa,c8,dd,4f,e9,7f,bd,00,00,00,00,00,00,\
  292. .
  293. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  294. @Denied: (A 2) (Everyone)
  295. @="FlashBroker"
  296. "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
  297. .
  298. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  299. "Enabled"=dword:00000001
  300. .
  301. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  302. @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
  303. .
  304. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  305. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  306. .
  307. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  308. @Denied: (A 2) (Everyone)
  309. @="IFlashBroker5"
  310. .
  311. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  312. @="{00020424-0000-0000-C000-000000000046}"
  313. .
  314. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  315. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  316. "Version"="1.0"
  317. .
  318. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  319. @Denied: (A 2) (Everyone)
  320. @="FlashBroker"
  321. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
  322. .
  323. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  324. "Enabled"=dword:00000001
  325. .
  326. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  327. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
  328. .
  329. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  330. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  331. .
  332. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  333. @Denied: (A 2) (Everyone)
  334. @="Shockwave Flash Object"
  335. .
  336. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  337. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
  338. "ThreadingModel"="Apartment"
  339. .
  340. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  341. @="0"
  342. .
  343. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  344. @="ShockwaveFlash.ShockwaveFlash.11"
  345. .
  346. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  347. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
  348. .
  349. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  350. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  351. .
  352. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  353. @="1.0"
  354. .
  355. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  356. @="ShockwaveFlash.ShockwaveFlash"
  357. .
  358. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  359. @Denied: (A 2) (Everyone)
  360. @="Macromedia Flash Factory Object"
  361. .
  362. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  363. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
  364. "ThreadingModel"="Apartment"
  365. .
  366. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  367. @="FlashFactory.FlashFactory.1"
  368. .
  369. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  370. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
  371. .
  372. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  373. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  374. .
  375. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  376. @="1.0"
  377. .
  378. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  379. @="FlashFactory.FlashFactory"
  380. .
  381. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  382. @Denied: (A 2) (Everyone)
  383. @="IFlashBroker5"
  384. .
  385. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  386. @="{00020424-0000-0000-C000-000000000046}"
  387. .
  388. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  389. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  390. "Version"="1.0"
  391. .
  392. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  393. @Denied: (A) (Users)
  394. @Denied: (A) (Everyone)
  395. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  396. "BlindDial"=dword:00000000
  397. .
  398. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  399. @Denied: (A) (Users)
  400. @Denied: (A) (Everyone)
  401. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  402. "BlindDial"=dword:00000000
  403. .
  404. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  405. @Denied: (A) (Users)
  406. @Denied: (A) (Everyone)
  407. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  408. "BlindDial"=dword:00000000
  409. .
  410. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
  411. @Denied: (A) (Users)
  412. @Denied: (A) (Everyone)
  413. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  414. "BlindDial"=dword:00000000
  415. .
  416. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
  417. @Denied: (A) (Users)
  418. @Denied: (A) (Everyone)
  419. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  420. "BlindDial"=dword:00000000
  421. .
  422. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
  423. @Denied: (A) (Users)
  424. @Denied: (A) (Everyone)
  425. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  426. "BlindDial"=dword:00000000
  427. .
  428. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
  429. @Denied: (A) (Users)
  430. @Denied: (A) (Everyone)
  431. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  432. "BlindDial"=dword:00000000
  433. .
  434. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
  435. @Denied: (A) (Users)
  436. @Denied: (A) (Everyone)
  437. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  438. "BlindDial"=dword:00000000
  439. .
  440. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
  441. @Denied: (A) (Users)
  442. @Denied: (A) (Everyone)
  443. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  444. "BlindDial"=dword:00000000
  445. .
  446. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
  447. @Denied: (A) (Users)
  448. @Denied: (A) (Everyone)
  449. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  450. "BlindDial"=dword:00000000
  451. .
  452. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
  453. @Denied: (A) (Users)
  454. @Denied: (A) (Everyone)
  455. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  456. "BlindDial"=dword:00000000
  457. .
  458. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
  459. @Denied: (A) (Users)
  460. @Denied: (A) (Everyone)
  461. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  462. "BlindDial"=dword:00000000
  463. .
  464. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
  465. @Denied: (A) (Users)
  466. @Denied: (A) (Everyone)
  467. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  468. "BlindDial"=dword:00000000
  469. .
  470. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
  471. @Denied: (A) (Users)
  472. @Denied: (A) (Everyone)
  473. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  474. "BlindDial"=dword:00000000
  475. .
  476. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
  477. @Denied: (A) (Users)
  478. @Denied: (A) (Everyone)
  479. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  480. "BlindDial"=dword:00000000
  481. .
  482. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
  483. @Denied: (A) (Users)
  484. @Denied: (A) (Everyone)
  485. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  486. "BlindDial"=dword:00000000
  487. .
  488. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
  489. @Denied: (A) (Users)
  490. @Denied: (A) (Everyone)
  491. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  492. "BlindDial"=dword:00000000
  493. .
  494. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
  495. @Denied: (A) (Users)
  496. @Denied: (A) (Everyone)
  497. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  498. "BlindDial"=dword:00000000
  499. .
  500. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
  501. @Denied: (A) (Users)
  502. @Denied: (A) (Everyone)
  503. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  504. "BlindDial"=dword:00000000
  505. .
  506. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
  507. @Denied: (A) (Users)
  508. @Denied: (A) (Everyone)
  509. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  510. "BlindDial"=dword:00000000
  511. .
  512. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0025\AllUserSettings]
  513. @Denied: (A) (Users)
  514. @Denied: (A) (Everyone)
  515. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  516. "BlindDial"=dword:00000000
  517. .
  518. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0027\AllUserSettings]
  519. @Denied: (A) (Users)
  520. @Denied: (A) (Everyone)
  521. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  522. "BlindDial"=dword:00000000
  523. .
  524. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0028\AllUserSettings]
  525. @Denied: (A) (Users)
  526. @Denied: (A) (Everyone)
  527. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  528. "BlindDial"=dword:00000000
  529. .
  530. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0029\AllUserSettings]
  531. @Denied: (A) (Users)
  532. @Denied: (A) (Everyone)
  533. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  534. "BlindDial"=dword:00000000
  535. .
  536. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0030\AllUserSettings]
  537. @Denied: (A) (Users)
  538. @Denied: (A) (Everyone)
  539. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  540. "BlindDial"=dword:00000000
  541. .
  542. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0031\AllUserSettings]
  543. @Denied: (A) (Users)
  544. @Denied: (A) (Everyone)
  545. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  546. "BlindDial"=dword:00000000
  547. .
  548. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0032\AllUserSettings]
  549. @Denied: (A) (Users)
  550. @Denied: (A) (Everyone)
  551. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  552. "BlindDial"=dword:00000000
  553. .
  554. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  555. @Denied: (Full) (Everyone)
  556. .
  557. ------------------------ Other Running Processes ------------------------
  558. .
  559. c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  560. c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
  561. c:\program files (x86)\Smadav\SMc:\program files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe
  562. c:\windows\Integrator.exe
  563. c:\program files (x86)\Google\Web Accelerator\googlewebaccclient.exe
  564. c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
  565. c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
  566. .
  567. **************************************************************************
  568. .
  569. Completion time: 2013-07-12  08:06:47 - machine was rebooted
  570. ComboFix-quarantined-files.txt  2013-07-12 01:06
  571. .
  572. Pre-Run: 15,685,808,128 bytes free
  573. Post-Run: 15,257,976,832 bytes free
  574. .
  575. - - End Of File - - 2CFF7D26A578B8079AD0266EA5B279D0
  576. A36C5E4F47E84449FF07ED3517B43A31
Language:





© 2014 - Powered by PASTE 1.0