Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-07-12.01 - TWINS 14/07/2015 16:57:31.1.4 - x64
Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.966.1036.18.4030.1647 [GMT 1:00]
Running from: c:\users\TWINS\Desktop\ComboFix.exe
AV: AVG AntiVirus 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\Skype\Phone\Skype.exe
c:\users\TWINS\ZHPDiag3.exe
c:\windows\iun6002.exe
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\drivers\RKHit.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2015-06-14 to 2015-07-14 )))))))))))))))))))))))))))))))
.
.
2015-07-14 16:01 . 2015-07-14 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-14 14:55 . 2015-07-14 14:58 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-14 14:55 . 2015-07-14 14:57 -------- d-----w- c:\programdata\RogueKiller
2015-07-14 03:33 . 2015-07-14 03:33 -------- d-----w- c:\programdata\AVG Security Toolbar
2015-07-14 03:32 . 2015-07-14 03:32 -------- d-----w- c:\programdata\AVG Secure Search
2015-07-14 03:32 . 2015-07-14 03:32 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2015-07-14 03:05 . 2015-07-14 16:02 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-14 03:05 . 2015-07-14 03:05 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-14 03:05 . 2015-07-14 03:05 -------- d-----w- c:\programdata\Malwarebytes
2015-07-14 03:05 . 2015-06-18 07:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-14 03:05 . 2015-06-18 07:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-14 03:05 . 2015-06-18 07:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-14 03:00 . 2015-07-14 03:00 -------- d-----w- c:\users\TWINS\AppData\Roaming\AVG2015
2015-07-14 01:52 . 2015-07-14 15:37 -------- d-----w- c:\users\TWINS\AppData\Roaming\ZHP
2015-07-12 17:55 . 2015-07-12 17:55 -------- d-----w- c:\program files (x86)\MSXML 4.0
2015-07-12 17:51 . 2015-07-12 17:55 -------- d-----w- c:\windows\system32\MRT
2015-07-12 17:45 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-12 17:45 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-07-12 17:45 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-07-12 17:45 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-07-12 17:45 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-07-12 17:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2015-07-12 17:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2015-07-12 17:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2015-07-12 17:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2015-07-12 17:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2015-07-12 17:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2015-07-12 17:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2015-07-12 17:43 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-12 17:43 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-07-12 17:35 . 2015-07-12 17:35 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-07-12 17:06 . 2015-07-12 17:06 -------- d-----w- c:\users\TWINS\AppData\Local\AVG Web TuneUp
2015-07-12 17:05 . 2015-07-12 17:06 -------- d-----w- c:\programdata\AVG Web TuneUp
2015-07-12 17:05 . 2015-07-14 03:32 -------- d-----w- c:\program files (x86)\AVG Web TuneUp
2015-07-12 16:50 . 2015-07-14 01:15 -------- d-----w- c:\program files\Common Files\AV
2015-07-12 16:50 . 2015-07-14 01:15 -------- d-----w- c:\programdata\AVG2015
2015-07-12 16:50 . 2015-07-14 01:14 -------- d-----w- C:\$AVG
2015-07-12 16:49 . 2015-07-12 16:49 -------- d-----w- c:\program files (x86)\AVG
2015-07-12 16:39 . 2015-07-14 14:22 -------- d-----w- c:\programdata\MFAData
2015-07-12 16:39 . 2015-07-14 03:30 -------- d-----w- c:\users\TWINS\AppData\Local\Avg2015
2015-07-12 16:39 . 2015-07-12 16:39 -------- d-----w- c:\users\TWINS\AppData\Local\MFAData
2015-07-12 13:29 . 2015-07-12 13:29 -------- d-----w- c:\users\TWINS\AppData\Roaming\URSoft
2015-07-12 13:29 . 2015-07-12 13:29 -------- d-----w- c:\program files (x86)\Your Uninstaller 2010
2015-07-11 14:25 . 2015-07-11 14:25 -------- d-----w- c:\users\TWINS\AppData\Roaming\MailProducts
2015-07-11 12:50 . 2011-04-20 02:07 1930240 ----a-w- c:\windows\system32\drivers\athurx.sys
2015-07-11 12:50 . 2011-04-20 02:07 1930240 ----a-w- c:\windows\system32\athurx.sys
2015-07-11 12:49 . 2015-07-11 12:50 -------- d-----w- c:\programdata\TP-LINK
2015-06-26 08:49 . 2015-06-26 08:49 293296 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-06-16 14:55 . 2015-06-16 14:55 259040 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-11 13:17 . 2014-03-19 22:02 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-11 13:17 . 2014-03-19 22:02 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-10 15:38 . 2015-06-10 15:38 226784 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2015-05-12 13:39 . 2015-05-12 13:39 281568 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2015-05-12 13:36 . 2015-05-12 13:36 253408 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2015-05-07 12:50 . 2015-05-07 12:50 378336 ----a-w- c:\windows\system32\drivers\avgloga.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-12-18 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-12-18 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-07-07 3730344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthMtpEnum;Enumérateur de périphérique MTP Bluetooth;c:\windows\system32\DRIVERS\BthMtpEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthMtpEnum.sys [x]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmusbser.sys [x]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater18.7.0;vToolbarUpdater18.7.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [x]
S2 WtuSystemSupport;WtuSystemSupport;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-11 13:16 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19 13:17]
.
2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:03]
.
2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:03]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_191_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_191_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_191_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_191_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE04.00.00.01MSWINDOWS"="A101C632B88A52AF820B78B26FD94BDBD69946E6BAE28023B50EAFF8B51ABC38600EF12547658269D5DFF4F015BEAB572C5594E4C6E6CD403A45295D1BA6734D9898E866CF22A501EC609C2D4F3C44A983841CFBBD07FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98088EDD5E5BE2F6E667771C0D30EFE704DFC82F28CA3D72120A16766E8FDDAB70CF45929C7A476680DFBF62415B078120CD4D785E81C15DA608BE24526F887440D5E0051630F0718E6CCB36C6A48F5F1B90F37D87F931EDA2CB1C1B299BED3723A9811628C288A4440D722DFB8F225C089499442EB1B63DD40B31F0C9A6EF6E44E8710D1B004480CA686261344169172DA8F05752C813ACBFDCD3C1834B04DB039449B6A6D96D447F081CEF3707A4EF817EFEC4E8041ADD1ABE312E176432037213FA64F967E4F4715BF3FA3FCCA60F35AF1D9ED94934384D1146D937F49A2CD92DC9E937DF1A5CE63593A7FAA858DDA7B6F97D8026DD68F91766EA8F216B633591CCA0F3249408564AF5A00FCFB20A707396FAADC8A75BF079380FBBB1EB78B4CE71E33A336EC7EDB5ED13901DC605D7A7C9B52507B54539C5B673CD9374803B5D759688B5D5320E771F308B8FB7865BFC3CD01ED63F9D8CEB304EC956F252DF94ED1C50F30E9FC9EE022E7EC93B092C7DECF146D513205BBF48D52931678B6F33C15C775BEB2DEA6564C55D939EC8311A2CC43CC38EC9C6F9F446587CE88B68D82E45597F5A3CEE82E5B58E5740C90324A0F61483A7DE263881DD3A359F767E0D42C6C215D7728357FC3F6DA31350EFD344BC579D666802788CE1A1FAC8B49938E0D57576F5388F557028C8AB1F6878C4E3CB7F3EE5AE9C20871A591335F1D4A6426AA7A15C3BAA525E396346FDDF5277A25E7F34D7C164793CD09CE64C1F7F0C73820538C36BA289374174EFE147E6CC75B3B874817503ADC2D69D8405EE1D7CD11DA9007B80F5983F1227C48BF5D48D260E8596B8DFD0CE0BFE829A6E5BE67114C0A8E365705A0290809A0AD3076CE5D2B43056E95D5D5258A1617F281F4648BF75867078FAB72C966661242556B3E4EC71F893180DEB8F3F9A492BE73B5C4331C63F573D20AB6213A18321FE8864FBB9931553555171C1ADC83CBBF7747A8698C6C0EF54A406D11A93FAACF482EA05D46D2BBBC951990BDF102C71B4512B9BF988EB34ED13CB8D15A1B61C2D6DEABA2AD5D71A3278416F69D784AF901FA770ACA6174051B7B30D3F361AE5E339B73C7C28AB5D5FF57D57B10CA1020FEC6057DBBB0CD7D823AD282B3F7C24E896DC0C61C12A1A34BD130F731DD494CA107883086A8860F1ABD69EBCAC2A969E7D1613C106CA072B85FD46BBFDE2376F2047908456"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-07-14 17:06:05 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-14 16:06
.
Pre-Run: 130 562 945 024 octets libres
Post-Run: 130 593 681 408 octets libres
.
- - End Of File - - BF1C71131D76E2DC590D65AE5F89497C
Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.966.1036.18.4030.1647 [GMT 1:00]
Running from: c:\users\TWINS\Desktop\ComboFix.exe
AV: AVG AntiVirus 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\Skype\Phone\Skype.exe
c:\users\TWINS\ZHPDiag3.exe
c:\windows\iun6002.exe
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\drivers\RKHit.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2015-06-14 to 2015-07-14 )))))))))))))))))))))))))))))))
.
.
2015-07-14 16:01 . 2015-07-14 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-14 14:55 . 2015-07-14 14:58 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-14 14:55 . 2015-07-14 14:57 -------- d-----w- c:\programdata\RogueKiller
2015-07-14 03:33 . 2015-07-14 03:33 -------- d-----w- c:\programdata\AVG Security Toolbar
2015-07-14 03:32 . 2015-07-14 03:32 -------- d-----w- c:\programdata\AVG Secure Search
2015-07-14 03:32 . 2015-07-14 03:32 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2015-07-14 03:05 . 2015-07-14 16:02 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-14 03:05 . 2015-07-14 03:05 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-14 03:05 . 2015-07-14 03:05 -------- d-----w- c:\programdata\Malwarebytes
2015-07-14 03:05 . 2015-06-18 07:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-14 03:05 . 2015-06-18 07:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-14 03:05 . 2015-06-18 07:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-14 03:00 . 2015-07-14 03:00 -------- d-----w- c:\users\TWINS\AppData\Roaming\AVG2015
2015-07-14 01:52 . 2015-07-14 15:37 -------- d-----w- c:\users\TWINS\AppData\Roaming\ZHP
2015-07-12 17:55 . 2015-07-12 17:55 -------- d-----w- c:\program files (x86)\MSXML 4.0
2015-07-12 17:51 . 2015-07-12 17:55 -------- d-----w- c:\windows\system32\MRT
2015-07-12 17:45 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-12 17:45 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-07-12 17:45 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-07-12 17:45 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-07-12 17:45 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-07-12 17:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2015-07-12 17:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2015-07-12 17:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2015-07-12 17:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2015-07-12 17:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2015-07-12 17:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2015-07-12 17:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2015-07-12 17:43 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-12 17:43 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-07-12 17:35 . 2015-07-12 17:35 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-07-12 17:06 . 2015-07-12 17:06 -------- d-----w- c:\users\TWINS\AppData\Local\AVG Web TuneUp
2015-07-12 17:05 . 2015-07-12 17:06 -------- d-----w- c:\programdata\AVG Web TuneUp
2015-07-12 17:05 . 2015-07-14 03:32 -------- d-----w- c:\program files (x86)\AVG Web TuneUp
2015-07-12 16:50 . 2015-07-14 01:15 -------- d-----w- c:\program files\Common Files\AV
2015-07-12 16:50 . 2015-07-14 01:15 -------- d-----w- c:\programdata\AVG2015
2015-07-12 16:50 . 2015-07-14 01:14 -------- d-----w- C:\$AVG
2015-07-12 16:49 . 2015-07-12 16:49 -------- d-----w- c:\program files (x86)\AVG
2015-07-12 16:39 . 2015-07-14 14:22 -------- d-----w- c:\programdata\MFAData
2015-07-12 16:39 . 2015-07-14 03:30 -------- d-----w- c:\users\TWINS\AppData\Local\Avg2015
2015-07-12 16:39 . 2015-07-12 16:39 -------- d-----w- c:\users\TWINS\AppData\Local\MFAData
2015-07-12 13:29 . 2015-07-12 13:29 -------- d-----w- c:\users\TWINS\AppData\Roaming\URSoft
2015-07-12 13:29 . 2015-07-12 13:29 -------- d-----w- c:\program files (x86)\Your Uninstaller 2010
2015-07-11 14:25 . 2015-07-11 14:25 -------- d-----w- c:\users\TWINS\AppData\Roaming\MailProducts
2015-07-11 12:50 . 2011-04-20 02:07 1930240 ----a-w- c:\windows\system32\drivers\athurx.sys
2015-07-11 12:50 . 2011-04-20 02:07 1930240 ----a-w- c:\windows\system32\athurx.sys
2015-07-11 12:49 . 2015-07-11 12:50 -------- d-----w- c:\programdata\TP-LINK
2015-06-26 08:49 . 2015-06-26 08:49 293296 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-06-16 14:55 . 2015-06-16 14:55 259040 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-11 13:17 . 2014-03-19 22:02 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-11 13:17 . 2014-03-19 22:02 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-10 15:38 . 2015-06-10 15:38 226784 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2015-05-12 13:39 . 2015-05-12 13:39 281568 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2015-05-12 13:36 . 2015-05-12 13:36 253408 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2015-05-07 12:50 . 2015-05-07 12:50 378336 ----a-w- c:\windows\system32\drivers\avgloga.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-12-18 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-12-18 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-07-07 3730344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthMtpEnum;Enumérateur de périphérique MTP Bluetooth;c:\windows\system32\DRIVERS\BthMtpEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthMtpEnum.sys [x]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmusbser.sys [x]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater18.7.0;vToolbarUpdater18.7.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [x]
S2 WtuSystemSupport;WtuSystemSupport;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-11 13:16 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19 13:17]
.
2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:03]
.
2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:03]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_191_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_191_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_191_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_191_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE04.00.00.01MSWINDOWS"="A101C632B88A52AF820B78B26FD94BDBD69946E6BAE28023B50EAFF8B51ABC38600EF12547658269D5DFF4F015BEAB572C5594E4C6E6CD403A45295D1BA6734D9898E866CF22A501EC609C2D4F3C44A983841CFBBD07FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98088EDD5E5BE2F6E667771C0D30EFE704DFC82F28CA3D72120A16766E8FDDAB70CF45929C7A476680DFBF62415B078120CD4D785E81C15DA608BE24526F887440D5E0051630F0718E6CCB36C6A48F5F1B90F37D87F931EDA2CB1C1B299BED3723A9811628C288A4440D722DFB8F225C089499442EB1B63DD40B31F0C9A6EF6E44E8710D1B004480CA686261344169172DA8F05752C813ACBFDCD3C1834B04DB039449B6A6D96D447F081CEF3707A4EF817EFEC4E8041ADD1ABE312E176432037213FA64F967E4F4715BF3FA3FCCA60F35AF1D9ED94934384D1146D937F49A2CD92DC9E937DF1A5CE63593A7FAA858DDA7B6F97D8026DD68F91766EA8F216B633591CCA0F3249408564AF5A00FCFB20A707396FAADC8A75BF079380FBBB1EB78B4CE71E33A336EC7EDB5ED13901DC605D7A7C9B52507B54539C5B673CD9374803B5D759688B5D5320E771F308B8FB7865BFC3CD01ED63F9D8CEB304EC956F252DF94ED1C50F30E9FC9EE022E7EC93B092C7DECF146D513205BBF48D52931678B6F33C15C775BEB2DEA6564C55D939EC8311A2CC43CC38EC9C6F9F446587CE88B68D82E45597F5A3CEE82E5B58E5740C90324A0F61483A7DE263881DD3A359F767E0D42C6C215D7728357FC3F6DA31350EFD344BC579D666802788CE1A1FAC8B49938E0D57576F5388F557028C8AB1F6878C4E3CB7F3EE5AE9C20871A591335F1D4A6426AA7A15C3BAA525E396346FDDF5277A25E7F34D7C164793CD09CE64C1F7F0C73820538C36BA289374174EFE147E6CC75B3B874817503ADC2D69D8405EE1D7CD11DA9007B80F5983F1227C48BF5D48D260E8596B8DFD0CE0BFE829A6E5BE67114C0A8E365705A0290809A0AD3076CE5D2B43056E95D5D5258A1617F281F4648BF75867078FAB72C966661242556B3E4EC71F893180DEB8F3F9A492BE73B5C4331C63F573D20AB6213A18321FE8864FBB9931553555171C1ADC83CBBF7747A8698C6C0EF54A406D11A93FAACF482EA05D46D2BBBC951990BDF102C71B4512B9BF988EB34ED13CB8D15A1B61C2D6DEABA2AD5D71A3278416F69D784AF901FA770ACA6174051B7B30D3F361AE5E339B73C7C28AB5D5FF57D57B10CA1020FEC6057DBBB0CD7D823AD282B3F7C24E896DC0C61C12A1A34BD130F731DD494CA107883086A8860F1ABD69EBCAC2A969E7D1613C106CA072B85FD46BBFDE2376F2047908456"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-07-14 17:06:05 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-14 16:06
.
Pre-Run: 130 562 945 024 octets libres
Post-Run: 130 593 681 408 octets libres
.
- - End Of File - - BF1C71131D76E2DC590D65AE5F89497C