Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-05-09.01 - Asus 12/05/2015 3:47.1.2 - x64
Microsoft Windows 8 Professionnel 6.2.9200.0.1256.212.1036.18.4072.2877 [GMT 0:00]
Running from: c:\users\Asus\Downloads\Programs\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\PPriceMinuass
c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.dat
c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.dll
c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.exe
c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.tlb
c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.x64.dll
c:\programdata\10378430802023999159
c:\programdata\10378430802023999159\01857ccf570f79dcd376cd007cd999be.ini
c:\programdata\10378430802023999159\cd5b15e575e1c3d0d376cd007cd999be.ini
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\mcdetection.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ma-config.com\server.pem
c:\users\Asus\AppData\Roaming\logs.dat
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\jS7@YlTPX.com
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\jS7@YlTPX.com\bootstrap.js
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\jS7@YlTPX.com\chrome.manifest
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\jS7@YlTPX.com\content\bg.js
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\jS7@YlTPX.com\install.rdf
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\M@Hsd7V.org
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\M@Hsd7V.org\bootstrap.js
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\M@Hsd7V.org\chrome.manifest
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\M@Hsd7V.org\content\bg.js
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\M@Hsd7V.org\install.rdf
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\searchplugins\trovi-search.xml
.
.
((((((((((((((((((((((((( Files Created from 2015-04-12 to 2015-05-12 )))))))))))))))))))))))))))))))
.
.
2015-05-12 03:53 . 2015-05-12 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-12 01:08 . 2015-05-12 01:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FCD0E62-0D69-4165-9097-1FC522A799B1}\offreg.dll
2015-05-11 03:42 . 2015-05-11 03:42 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2015-05-09 19:12 . 2015-05-09 19:12 -------- d-----w- c:\program files (x86)\NirSoft
2015-05-09 13:21 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FCD0E62-0D69-4165-9097-1FC522A799B1}\mpengine.dll
2015-05-09 13:18 . 2015-05-09 13:18 -------- d-----w- c:\programdata\Mediatek
2015-05-09 13:18 . 2012-05-10 22:01 308736 ----a-w- c:\windows\system32\ssleay32.dll
2015-05-09 13:18 . 2012-05-10 22:01 1503744 ----a-w- c:\windows\system32\libeay32.dll
2015-05-08 22:58 . 2015-05-08 22:58 -------- d-----w- c:\programdata\kcnfpeedpjcappgjnalaahahigfodief
2015-05-05 14:22 . 2015-05-05 14:22 -------- d-----w- c:\program files (x86)\BlueSquad
2015-04-26 20:40 . 2015-04-26 20:40 -------- d-----w- c:\users\Asus\AppData\Local\Opera Software
2015-04-26 20:40 . 2015-04-26 20:40 -------- d-----w- c:\users\Asus\AppData\Roaming\Opera Software
2015-04-20 13:10 . 2015-04-20 13:11 180488 ----a-w- c:\windows\PSEXESVC.EXE
2015-04-13 03:00 . 2015-04-13 03:00 -------- d-----w- c:\users\Asus\VirtualBox VMs
2015-04-13 02:59 . 2015-04-13 03:15 -------- d-----w- c:\users\Asus\.VirtualBox
2015-04-13 02:58 . 2015-03-16 17:36 922704 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2015-04-13 02:57 . 2015-03-16 17:35 128592 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2015-04-13 02:57 . 2015-04-13 02:57 -------- d-----w- c:\program files\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-12 13:19 . 2015-03-20 11:52 269992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2015-03-16 17:35 . 2015-03-16 17:35 204264 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2015-03-16 17:35 . 2015-03-16 17:35 156360 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2015-03-16 17:35 . 2015-03-16 17:35 141440 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2015-03-03 13:17 . 2015-01-05 15:25 295552 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-08-19 18:37 610816 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2011-12-19 2967368]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-06 389120]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-01-05 3829328]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Meditel Imola ModemListener"="c:\program files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe" [2011-06-20 102400]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-12-08 55568]
"Idea Imola ModemListener"="c:\program files (x86)\Idea Net Setter\BackgroundService\ModemListener.exe" [2012-04-13 118784]
.
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ispce-by ilyotek.rar.lnk - c:\programdata\{40295d9d-0ed7-b09b-4029-95d9d0ed7674}\ispce-by ilyotek.rar.exe --startup=1 [2014-3-4 1063936]
OneNote 2010 - Capture d��cran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Mediatek Wireless Utility.lnk - c:\program files (x86)\MediatekWiFi\Common\RaUI.exe -s [2015-5-9 15611024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 Internet Mobile. RunOuc;Internet Mobile. OUC;c:\program files (x86)\Internet Mobile\UpdateDog\ouc.exe;c:\program files (x86)\Internet Mobile\UpdateDog\ouc.exe [x]
R2 Meditel Imola Modem Device Helper;Meditel Imola Modem Device Helper;c:\program files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe;c:\program files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [x]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\MediatekWiFi\Common\RaMediaServer.exe;c:\program files (x86)\MediatekWiFi\Common\RaMediaServer.exe [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 AppProtectEx;AppProtectEx;c:\windows\System32\drivers\AppProtectEx.sys;c:\windows\SYSNATIVE\drivers\AppProtectEx.sys [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 evusbat;CDMA Modem AT Port;c:\windows\system32\DRIVERS\evusbat.sys;c:\windows\SYSNATIVE\DRIVERS\evusbat.sys [x]
R3 evusbdiag;CDMA Modem Service Port;c:\windows\system32\DRIVERS\evusbdiag.sys;c:\windows\SYSNATIVE\DRIVERS\evusbdiag.sys [x]
R3 evusbmdm;CDMA Modem USB Modem;c:\windows\system32\DRIVERS\evusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\evusbmdm.sys [x]
R3 evusbvoc;CDMA Modem Voice Port;c:\windows\system32\DRIVERS\evusbvoc.sys;c:\windows\SYSNATIVE\DRIVERS\evusbvoc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\System32\drivers\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
R3 hwusb_cdcacm;hwusb_cdcacm;c:\windows\system32\DRIVERS\ew_cdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_cdcacm.sys [x]
R3 hwusb_wwanecm;hwusb_wwanecm;c:\windows\system32\DRIVERS\ew_wwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_wwanecm.sys [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 ma-config_amd64;ma-config_amd64;c:\program files\ma-config.com\Drivers\ma-config_amd64.sys;c:\program files\ma-config.com\Drivers\ma-config_amd64.sys [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy2.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 Idea Imola Modem Device Helper;Idea Imola Modem Device Helper;c:\program files (x86)\Idea Net Setter\BackgroundService\ServiceManager.exe;c:\program files (x86)\Idea Net Setter\BackgroundService\ServiceManager.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MaConfigAgent;Ma-Config Agent;c:\program files\ma-config.com\MaConfigAgent.exe;c:\program files\ma-config.com\MaConfigAgent.exe [x]
S2 MediatekRegistryWriter;MediatekRegistryWriter;c:\program files (x86)\MediatekWiFi\Common\RaRegistry.exe;c:\program files (x86)\MediatekWiFi\Common\RaRegistry.exe [x]
S2 MediatekRegistryWriter64;MediatekRegistryWriter64;c:\program files (x86)\MediatekWiFi\Common\RaRegistry64.exe;c:\program files (x86)\MediatekWiFi\Common\RaRegistry64.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\System32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\System32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-22 14:28 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.91\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2014-12-03 06:31 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05 12:58]
.
2015-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05 12:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-03-28 01:32 24600 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-08-19 18:37 741376 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?gws_rd=ssl
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer � OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: T�l�charger avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: T�l�charger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
Trusted Zone: ma-config.com
Trusted Zone: touslesdrivers.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BB86F05C-5223-47E2-8A8F-7C4EF626B83E}: NameServer = 192.168.87.1
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7b53a1de-3052-4d52-863e-e1f8009f8286} - c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.dll
BHO-{7b53a1de-3052-4d52-863e-e1f8009f8286} - c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.x64.dll
ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - c:\program files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll
AddRemove-{06B99631-BFA2-3B7A-F58B-D067C2BA59B7} - c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3492466885-2975308169-3589532494-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dc,3e,87,1e,8a,a5,35,af,b1,38,da,dc,7d,c2,00,0d,b3,79,5f,78,dd,
8b,a8,69,38,56,65,28,3e,0c,98,e9,94,ac,bd,06,41,4e,ec,3b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3492466885-2975308169-3589532494-1001_Classes\Wow6432Node\CLSID\{951007d7-7b8a-4f7d-ae53-4288f0688bf5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (S-1-15-2-1)
"Model"=dword:0000007f
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2015-05-12 03:56:12
ComboFix-quarantined-files.txt 2015-05-12 03:56
.
Pre-Run: 48�046�833�664 octets libres
Post-Run: 47�919�849�472 octets libres
.
- - End Of File - - 8F9C63B41022C2956FBCAA7C0B452B65
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 8 Professionnel 6.2.9200.0.1256.212.1036.18.4072.2877 [GMT 0:00]
Running from: c:\users\Asus\Downloads\Programs\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\PPriceMinuass
c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.dat
c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.dll
c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.exe
c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.tlb
c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.x64.dll
c:\programdata\10378430802023999159
c:\programdata\10378430802023999159\01857ccf570f79dcd376cd007cd999be.ini
c:\programdata\10378430802023999159\cd5b15e575e1c3d0d376cd007cd999be.ini
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\mcdetection.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ma-config.com\server.pem
c:\users\Asus\AppData\Roaming\logs.dat
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\jS7@YlTPX.com
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\jS7@YlTPX.com\bootstrap.js
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\jS7@YlTPX.com\chrome.manifest
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\jS7@YlTPX.com\content\bg.js
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\jS7@YlTPX.com\install.rdf
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\M@Hsd7V.org
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\M@Hsd7V.org\bootstrap.js
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\M@Hsd7V.org\chrome.manifest
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\M@Hsd7V.org\content\bg.js
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\extensions\M@Hsd7V.org\install.rdf
c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\searchplugins\trovi-search.xml
.
.
((((((((((((((((((((((((( Files Created from 2015-04-12 to 2015-05-12 )))))))))))))))))))))))))))))))
.
.
2015-05-12 03:53 . 2015-05-12 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-12 01:08 . 2015-05-12 01:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FCD0E62-0D69-4165-9097-1FC522A799B1}\offreg.dll
2015-05-11 03:42 . 2015-05-11 03:42 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2015-05-09 19:12 . 2015-05-09 19:12 -------- d-----w- c:\program files (x86)\NirSoft
2015-05-09 13:21 . 2015-04-04 06:25 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FCD0E62-0D69-4165-9097-1FC522A799B1}\mpengine.dll
2015-05-09 13:18 . 2015-05-09 13:18 -------- d-----w- c:\programdata\Mediatek
2015-05-09 13:18 . 2012-05-10 22:01 308736 ----a-w- c:\windows\system32\ssleay32.dll
2015-05-09 13:18 . 2012-05-10 22:01 1503744 ----a-w- c:\windows\system32\libeay32.dll
2015-05-08 22:58 . 2015-05-08 22:58 -------- d-----w- c:\programdata\kcnfpeedpjcappgjnalaahahigfodief
2015-05-05 14:22 . 2015-05-05 14:22 -------- d-----w- c:\program files (x86)\BlueSquad
2015-04-26 20:40 . 2015-04-26 20:40 -------- d-----w- c:\users\Asus\AppData\Local\Opera Software
2015-04-26 20:40 . 2015-04-26 20:40 -------- d-----w- c:\users\Asus\AppData\Roaming\Opera Software
2015-04-20 13:10 . 2015-04-20 13:11 180488 ----a-w- c:\windows\PSEXESVC.EXE
2015-04-13 03:00 . 2015-04-13 03:00 -------- d-----w- c:\users\Asus\VirtualBox VMs
2015-04-13 02:59 . 2015-04-13 03:15 -------- d-----w- c:\users\Asus\.VirtualBox
2015-04-13 02:58 . 2015-03-16 17:36 922704 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2015-04-13 02:57 . 2015-03-16 17:35 128592 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2015-04-13 02:57 . 2015-04-13 02:57 -------- d-----w- c:\program files\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-12 13:19 . 2015-03-20 11:52 269992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2015-03-16 17:35 . 2015-03-16 17:35 204264 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2015-03-16 17:35 . 2015-03-16 17:35 156360 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2015-03-16 17:35 . 2015-03-16 17:35 141440 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2015-03-03 13:17 . 2015-01-05 15:25 295552 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-08-19 18:37 610816 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2011-12-19 2967368]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-06 389120]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-01-05 3829328]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Meditel Imola ModemListener"="c:\program files (x86)\HSPA USB MODEM\BackgroundService\ModemListener.exe" [2011-06-20 102400]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-12-08 55568]
"Idea Imola ModemListener"="c:\program files (x86)\Idea Net Setter\BackgroundService\ModemListener.exe" [2012-04-13 118784]
.
c:\users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ispce-by ilyotek.rar.lnk - c:\programdata\{40295d9d-0ed7-b09b-4029-95d9d0ed7674}\ispce-by ilyotek.rar.exe --startup=1 [2014-3-4 1063936]
OneNote 2010 - Capture d��cran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Mediatek Wireless Utility.lnk - c:\program files (x86)\MediatekWiFi\Common\RaUI.exe -s [2015-5-9 15611024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 Internet Mobile. RunOuc;Internet Mobile. OUC;c:\program files (x86)\Internet Mobile\UpdateDog\ouc.exe;c:\program files (x86)\Internet Mobile\UpdateDog\ouc.exe [x]
R2 Meditel Imola Modem Device Helper;Meditel Imola Modem Device Helper;c:\program files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe;c:\program files (x86)\HSPA USB MODEM\BackgroundService\ServiceManager.exe [x]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\MediatekWiFi\Common\RaMediaServer.exe;c:\program files (x86)\MediatekWiFi\Common\RaMediaServer.exe [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 AppProtectEx;AppProtectEx;c:\windows\System32\drivers\AppProtectEx.sys;c:\windows\SYSNATIVE\drivers\AppProtectEx.sys [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 evusbat;CDMA Modem AT Port;c:\windows\system32\DRIVERS\evusbat.sys;c:\windows\SYSNATIVE\DRIVERS\evusbat.sys [x]
R3 evusbdiag;CDMA Modem Service Port;c:\windows\system32\DRIVERS\evusbdiag.sys;c:\windows\SYSNATIVE\DRIVERS\evusbdiag.sys [x]
R3 evusbmdm;CDMA Modem USB Modem;c:\windows\system32\DRIVERS\evusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\evusbmdm.sys [x]
R3 evusbvoc;CDMA Modem Voice Port;c:\windows\system32\DRIVERS\evusbvoc.sys;c:\windows\SYSNATIVE\DRIVERS\evusbvoc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\System32\drivers\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
R3 hwusb_cdcacm;hwusb_cdcacm;c:\windows\system32\DRIVERS\ew_cdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_cdcacm.sys [x]
R3 hwusb_wwanecm;hwusb_wwanecm;c:\windows\system32\DRIVERS\ew_wwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_wwanecm.sys [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 ma-config_amd64;ma-config_amd64;c:\program files\ma-config.com\Drivers\ma-config_amd64.sys;c:\program files\ma-config.com\Drivers\ma-config_amd64.sys [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy2.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 Idea Imola Modem Device Helper;Idea Imola Modem Device Helper;c:\program files (x86)\Idea Net Setter\BackgroundService\ServiceManager.exe;c:\program files (x86)\Idea Net Setter\BackgroundService\ServiceManager.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MaConfigAgent;Ma-Config Agent;c:\program files\ma-config.com\MaConfigAgent.exe;c:\program files\ma-config.com\MaConfigAgent.exe [x]
S2 MediatekRegistryWriter;MediatekRegistryWriter;c:\program files (x86)\MediatekWiFi\Common\RaRegistry.exe;c:\program files (x86)\MediatekWiFi\Common\RaRegistry.exe [x]
S2 MediatekRegistryWriter64;MediatekRegistryWriter64;c:\program files (x86)\MediatekWiFi\Common\RaRegistry64.exe;c:\program files (x86)\MediatekWiFi\Common\RaRegistry64.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\System32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\System32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-22 14:28 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.91\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2014-12-03 06:31 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05 12:58]
.
2015-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05 12:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-03-28 01:32 24600 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2012-08-19 18:37 741376 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?gws_rd=ssl
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer � OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: T�l�charger avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: T�l�charger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
Trusted Zone: ma-config.com
Trusted Zone: touslesdrivers.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BB86F05C-5223-47E2-8A8F-7C4EF626B83E}: NameServer = 192.168.87.1
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\k4tv44tm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7b53a1de-3052-4d52-863e-e1f8009f8286} - c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.dll
BHO-{7b53a1de-3052-4d52-863e-e1f8009f8286} - c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.x64.dll
ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - c:\program files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll
AddRemove-{06B99631-BFA2-3B7A-F58B-D067C2BA59B7} - c:\program files (x86)\PPriceMinuass\7kKPsKNEUmdIlQ.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3492466885-2975308169-3589532494-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):dc,3e,87,1e,8a,a5,35,af,b1,38,da,dc,7d,c2,00,0d,b3,79,5f,78,dd,
8b,a8,69,38,56,65,28,3e,0c,98,e9,94,ac,bd,06,41,4e,ec,3b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3492466885-2975308169-3589532494-1001_Classes\Wow6432Node\CLSID\{951007d7-7b8a-4f7d-ae53-4288f0688bf5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (S-1-15-2-1)
"Model"=dword:0000007f
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2015-05-12 03:56:12
ComboFix-quarantined-files.txt 2015-05-12 03:56
.
Pre-Run: 48�046�833�664 octets libres
Post-Run: 47�919�849�472 octets libres
.
- - End Of File - - 8F9C63B41022C2956FBCAA7C0B452B65
A36C5E4F47E84449FF07ED3517B43A31