Vyzerá, že by to mohlo byť aj OK, cez combofix to už konečne v pohode prešlo na poriadok, a zatiaľ to neukázalo, potreboval by som len vyčistiť combofix naporiadok už.
ComboFix 12-07-20.01 - Administrator . 07. 2012 20:13:28.4.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1250.421.1051.18.2988.2470 [GMT 2:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Administrator\1051.MST
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WTGService
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 18:18 . 2012-07-20 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-20 18:18 . 2012-07-20 18:18 -------- d-----w- c:\users\asus\AppData\Local\temp
2012-07-20 14:33 . 2012-07-20 14:33 -------- d-----w- C:\rsit
2012-07-20 12:40 . 2012-07-20 12:40 -------- d-----w- C:\$AVG
2012-07-20 12:23 . 2012-07-20 12:23 -------- d-----w- c:\users\asus\AppData\Roaming\AVG2012
2012-07-20 10:22 . 2012-07-20 10:22 -------- d-sh--w- C:\DrWeb Quarantine
2012-07-20 09:26 . 2012-07-20 09:51 -------- d-----w- c:\programdata\AVG2012
2012-07-20 09:26 . 2012-07-20 09:33 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-20 09:25 . 2012-07-20 09:25 -------- d-----w- c:\program files\AVG
2012-07-20 09:19 . 2012-07-20 09:19 -------- d--h--w- c:\programdata\Common Files
2012-07-20 09:17 . 2012-07-20 09:34 -------- d-----w- c:\programdata\MFAData
2012-07-20 09:14 . 2012-07-20 09:14 -------- d-----w- c:\program files\Common Files\Doctor Web
2012-07-20 09:13 . 2012-07-20 10:24 -------- d-----w- c:\program files\DrWeb
2012-07-20 09:13 . 2012-07-20 10:16 -------- d-----w- c:\programdata\Doctor Web
2012-07-19 20:43 . 2012-07-19 20:43 -------- d---a-w- C:\.Trash-999
2012-07-19 20:39 . 2012-07-19 20:39 -------- d-----w- c:\program files\Trend Micro
2012-07-19 20:33 . 2012-07-19 20:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-19 19:10 . 2012-07-19 19:10 -------- d-----w- c:\windows\system32\Extensions
2012-07-19 17:51 . 2012-07-19 19:31 -------- d-----w- c:\program files\Anti Trojan Elite
2012-07-19 17:48 . 2012-07-20 10:36 -------- d-----w- c:\users\Administrator
2012-07-19 16:11 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-19 16:11 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-19 16:11 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-19 16:11 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-19 16:11 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-19 16:11 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-19 16:10 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-19 16:10 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-19 16:10 . 2012-07-19 16:10 -------- d-----w- c:\programdata\AVAST Software
2012-07-19 16:10 . 2012-07-19 16:10 -------- d-----w- c:\program files\AVAST Software
2012-07-19 12:56 . 2012-07-19 12:56 -------- d-----w- c:\program files\ESET
2012-07-19 12:46 . 2012-07-19 12:46 -------- d-----w- c:\users\asus\AppData\Roaming\Malwarebytes
2012-07-19 12:46 . 2012-07-19 12:46 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 12:46 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 12:46 . 2012-07-19 12:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 12:44 . 2012-07-19 19:34 -------- d-----w- c:\program files\CCleaner
2012-07-19 12:00 . 2009-04-07 12:32 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-07-19 12:00 . 2010-01-15 11:22 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-07-19 12:00 . 2010-01-15 11:22 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-07-19 12:00 . 2010-01-15 11:22 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-07-13 06:32 . 2012-07-13 06:33 -------- d--h--w- c:\windows\AxInstSV
2012-07-11 17:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-11 17:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-11 17:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-11 17:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-11 17:35 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-11 17:35 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-11 17:35 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-11 17:35 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-11 17:35 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-30 16:05 . 1999-12-17 06:13 86016 ----a-w- c:\windows\unvise32.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-20 10:08 . 2012-01-26 21:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-07-11 22:41 . 2012-01-12 10:13 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-07-11 22:41 . 2012-01-26 21:02 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-25 11:51 . 2012-01-12 10:13 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}]
2012-03-19 17:35 85288 ----a-w- c:\program files\blekkotb_020\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2011-05-09 08:49 176936 ----a-w- c:\program files\WiseConvert\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
"{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}"= "c:\program files\blekkotb_020\blekkotb_019X.dll" [2012-03-19 85288]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CLASSES_ROOT\clsid\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 170008]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2010-05-10 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 800032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BPROTE~1\21415~1.37\protector.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
backup=c:\windows\pss\Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
backup=c:\windows\pss\SRS Premium Sound.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
2012-07-19 19:31 4076544 ----a-w- c:\program files\Anti Trojan Elite\TJEnder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
2012-03-01 18:57 232616 ----a-w- c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-01-24 15:24 2416480 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 11:37 138096 ----atw- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-07-26 13:13 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 bProtector;bProtector;c:\programdata\bProtectorForWindows\2.1.415.37\bProtect.exe [x]
S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-19 16:21]
.
2012-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000Core.job
- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-11 11:37]
.
2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000UA.job
- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-11 11:37]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 13:13]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 13:13]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 213.151.236.74 213.151.236.66
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,25,e3,f1,2d,a1,d2,4c,8d,ad,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,25,e3,f1,2d,a1,d2,4c,8d,ad,1b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,25,e3,f1,2d,a1,d2,4c,8d,ad,1b,\
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5460)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
.
**************************************************************************
.
Completion time: 2012-07-20 20:28:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 18:28
.
Pre-Run: 169 195 429 888 bytes free
Post-Run: 169 002 201 088 bytes free
.
- - End Of File - - 3BEDE21CF2BC992A45210369DFA228E1