cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-09-25.01 - lIVE 3 30/09/2015 11:48:02.1.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1256.966.1033.18.4046.2594 [GMT 3:00]
Running from: c:\users\lIVE 3\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Psedit
c:\programdata\Psedit\gup.xml
c:\programdata\Psedit\Psedit.exe
c:\programdata\sherp
c:\programdata\sherp\gup.xml
c:\programdata\sherp\sherp.exe
c:\users\lIVE 3\AppData\Local\nseB859.tmp
c:\users\lIVE 3\AppData\Local\nsgAD34.tmp
c:\users\lIVE 3\AppData\Local\nsoE9E7.tmp
c:\users\lIVE 3\AppData\Roaming\AnyProtectEx
c:\users\lIVE 3\AppData\Roaming\AnyProtectEx\installer\ab.test.json
c:\users\lIVE 3\AppData\Roaming\AnyProtectEx\installer\tempfile.t
c:\users\lIVE 3\AppData\Roaming\AnyProtectEx\language\de.xml
c:\users\lIVE 3\AppData\Roaming\AnyProtectEx\language\en.xml
c:\users\lIVE 3\AppData\Roaming\AnyProtectEx\language\fr.xml
c:\users\lIVE 3\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.quick.results
c:\users\lIVE 3\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.results
c:\users\lIVE 3\AppData\Roaming\AnyProtectEx\swf\mov01.swf
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2015-08-28 to 2015-09-30 )))))))))))))))))))))))))))))))
.
.
2015-09-30 08:20 . 2015-09-30 08:20 -------- d-----w- c:\program files (x86)\ea6bbc5a-4c4c-4198-9566-a9a4e74e7221
2015-09-30 08:20 . 2015-09-30 08:20 -------- d-----w- c:\program files (x86)\CinemaPlus-3.2cV29.09
2015-09-30 08:12 . 2015-09-30 08:14 -------- d-----w- c:\programdata\iWdsManProi
2015-09-30 08:08 . 2015-09-30 08:08 -------- d-----w- c:\users\lIVE 3\AppData\Local\8DC09EA-7214-4FC5-9EB1-B354E326AA
2015-09-29 21:26 . 2015-09-29 21:26 28144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-09-29 21:26 . 2015-09-29 21:26 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-09-29 21:26 . 2015-09-29 21:26 43112 ----a-w- c:\windows\avastSS.scr
2015-09-29 21:26 . 2015-09-29 21:26 454528 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-09-29 20:58 . 2015-09-29 21:11 -------- d-----w- c:\program files (x86)\GUPlayer
2015-09-29 20:29 . 2015-09-29 20:31 -------- d-----w- c:\programdata\DWdsManProD
2015-09-29 18:35 . 2015-09-29 18:35 -------- d-----w- c:\program files (x86)\predm
2015-09-29 17:15 . 2015-09-29 18:05 -------- d-----w- c:\program files (x86)\globalUpdate
2015-09-29 17:15 . 2015-09-29 17:15 -------- d-----w- c:\users\lIVE 3\AppData\Local\globalUpdate
2015-09-29 15:31 . 2015-09-29 15:32 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\Qtwin
2015-09-29 15:31 . 2015-09-29 15:31 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\VolIE
2015-09-29 15:31 . 2015-09-29 15:31 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\Fixs
2015-09-29 15:31 . 2015-09-29 15:31 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\Cloud5
2015-09-29 15:31 . 2015-09-29 15:31 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\bush
2015-09-29 15:15 . 2015-09-30 08:13 -------- d-----w- c:\program files (x86)\SFK
2015-09-29 15:15 . 2015-09-29 15:16 -------- d-----w- c:\programdata\lWdsManProl
2015-09-29 15:15 . 2015-09-29 15:15 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\mystartsearch
2015-09-29 15:14 . 2015-09-29 18:33 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\RunDir
2015-09-29 15:14 . 2015-09-29 15:14 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\NetService
2015-09-29 15:13 . 2015-09-29 15:14 -------- d-----w- c:\program files (x86)\jogotempo
2015-09-29 15:13 . 2015-09-30 08:11 592 ----a-w- C:\task.vbs
2015-09-29 15:11 . 2015-09-29 15:11 -------- d-----w- c:\users\lIVE 3\AppData\Local\214DA216-1B26-406B-B0CF-F05F924DC4DF
2015-09-26 16:53 . 2015-09-29 18:43 -------- d-----w- c:\program files (x86)\DE37F2B5-1443286425-11E1-9F10-46058F062018
2015-09-26 16:52 . 2015-09-29 21:12 -------- d-----w- c:\programdata\ToolsUpdatePlatform
2015-09-26 16:50 . 2015-09-26 16:50 -------- d-----w- c:\program files (x86)\RayDld
2015-09-24 08:43 . 2015-09-24 08:43 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\FlashGet
2015-09-24 08:42 . 2015-09-24 08:45 -------- d-----w- c:\program files (x86)\FlashGet
2015-09-24 08:41 . 2015-09-24 08:40 425744 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-09-24 08:40 . 2015-09-24 08:40 345360 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
2015-09-24 08:40 . 2015-09-24 08:40 -------- d-----w- c:\program files (x86)\Lavasoft
2015-09-24 08:39 . 2015-09-24 08:39 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\RPEng
2015-09-24 07:47 . 2015-09-30 08:13 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\uTorrent
2015-09-06 14:01 . 2015-09-06 14:01 -------- d-----w- c:\users\lIVE 3\AppData\Local\Skype
2015-09-06 14:01 . 2015-09-30 08:43 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\Skype
2015-09-06 14:01 . 2015-09-06 14:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-09-06 14:01 . 2015-09-06 14:01 -------- d-----r- c:\program files (x86)\Skype
2015-09-06 14:01 . 2015-09-06 14:01 -------- d-----w- c:\programdata\Skype
2015-09-01 19:27 . 2015-09-26 16:56 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2015-09-01 18:56 . 2015-09-01 18:56 -------- d-----w- c:\users\lIVE 3\AppData\Local\Macromedia
2015-09-01 18:09 . 2015-09-26 16:56 -------- d-----w- c:\programdata\Norton
2015-09-01 10:10 . 2015-09-02 15:06 -------- d-----w- c:\windows\SysWow64\Adobe
2015-09-01 10:06 . 2015-09-01 10:06 -------- d-----w- c:\programdata\McAfee
2015-08-31 19:21 . 2015-08-31 19:21 -------- d-----w- c:\users\lIVE 3\AppData\Roaming\AVAST Software
2015-08-31 19:20 . 2015-09-29 21:26 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-31 19:20 . 2015-09-29 21:26 153744 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-08-31 19:20 . 2015-09-29 21:26 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-31 19:20 . 2015-09-29 21:26 448968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-08-31 19:20 . 2015-09-29 21:26 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-31 19:20 . 2015-09-29 21:26 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-31 19:20 . 2015-09-29 21:26 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-08-31 19:20 . 2015-09-29 21:26 1049880 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-31 19:12 . 2015-08-31 19:12 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-01 10:05 . 2015-04-24 18:03 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-01 10:05 . 2015-04-24 18:03 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-01 13:01 . 2015-08-01 13:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF9D4205-03E7-4D11-AC9D-6CE3CB1B1446}\offreg.1428.dll
2015-07-11 13:54 . 2015-07-11 13:54 0 ----a-w- c:\windows\SysWow64\REN908B.tmp
2015-07-03 13:31 . 2015-07-03 13:31 0 ----a-w- c:\windows\SysWow64\REN13CE.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2015-01-20 1582592]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-02-23 3890768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-08-26 55100016]
"GoogleChromeAutoLaunch_9FE19A47E6B745CB1CABF717ED3BDEC3"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-09-24 815944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-16 959904]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-29 6134544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 gyvixodu;CD Feature;c:\program files (x86)\DE37F2B5-1443286425-11E1-9F10-46058F062018\hnslF816.tmp;c:\program files (x86)\DE37F2B5-1443286425-11E1-9F10-46058F062018\hnslF816.tmp [x]
S2 hineponu;Chatroom Space Bar;c:\program files (x86)\DE37F2B5-1443286425-11E1-9F10-46058F062018\knsl5E7E.tmpfs;c:\program files (x86)\DE37F2B5-1443286425-11E1-9F10-46058F062018\knsl5E7E.tmpfs [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 ihpmServer;ihpmServer;c:\program files (x86)\RayDld\ihpmServer.exe;c:\program files (x86)\RayDld\ihpmServer.exe [x]
S2 NetTcpHandler;Net.Tcp Service Handler;c:\users\lIVE 3\AppData\Roaming\NetService\netservice.exe;c:\users\lIVE 3\AppData\Roaming\NetService\netservice.exe [x]
S2 SSFK;SSFK;c:\program files (x86)\SFK\SSFK.exe;c:\program files (x86)\SFK\SSFK.exe [x]
S2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\DRIVERS\ubsbm.sys;c:\windows\SYSNATIVE\DRIVERS\ubsbm.sys [x]
S2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\DRIVERS\ubumapi.sys;c:\windows\SYSNATIVE\DRIVERS\ubumapi.sys [x]
S2 WdsManPro;WdsManPro Service;c:\programdata\iWdsManProi\WdsManPro.exe;c:\programdata\iWdsManProi\WdsManPro.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 Mbm3CBus;Ericsson MobileBroadband Module (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\DRIVERS\ubohci.sys;c:\windows\SYSNATIVE\DRIVERS\ubohci.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-24 21:32]
.
2015-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-24 21:32]
.
2015-09-30 c:\windows\Tasks\LV7zeVRqiuuW1tH7R.job
- c:\users\lIVE 3\AppData\Roaming\LV7zeVRqiuuW1tH7R.exe [2015-04-20 14:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-29 21:26 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sa.hao123.com/?tn=sdkw_inner_hp_09_hao123_sa&fr=AFYf6lQnRPpy9SleCwxU1SZXF%2B9caRA%3D
mStart Page = hxxp://sa.hao123.com/?tn=sdkw_inner_hp_09_hao123_sa&fr=AFYf6lQnRPpy9SleCwxU1SZXF%2B9caRA%3D
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Ê&ÕÏíÑ Åáì Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\lIVE 3\AppData\Roaming\Mozilla\Firefox\Profiles\bd716aq0.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sa.hao123.com/?tn=sdkw_inner_hp_09_hao123_sa&fr=AFYf6lQnRPpy9SleCwxU1SZXF%2B9caRA%3D
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run- - (no file)
Wow6432Node-HKLM-Run-gmsd_ra_005010100 - (no file)
Wow6432Node-HKLM-Run-gmsd_ra_005010101 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gyvixodu]
"ImagePath"="c:\program files (x86)\DE37F2B5-1443286425-11E1-9F10-46058F062018\hnslF816.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hineponu]
"ImagePath"="c:\program files (x86)\DE37F2B5-1443286425-11E1-9F10-46058F062018\knsl5E7E.tmpfs"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2627746867-3454132297-1350242263-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ee,f1,43,4d,b5,fe,93,95,8f,62,cc,8b,e4,f6,8f,cb,89,bb,de,f8,99,
55,43,cb,38,ad,5e,9f,04,08,25,f1,52,cf,46,99,2d,cf,65,bd,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2627746867-3454132297-1350242263-1000_Classes\Wow6432Node\CLSID\{94dc3fd8-aba3-4cba-a83c-713a5ddb7315}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000c8
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,df,93,08,39,c7,2e,1e,09,4f,56,ff,46,93,64,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2015-09-30 12:04:12 - machine was rebooted
ComboFix-quarantined-files.txt 2015-09-30 09:04
.
Pre-Run: 115,056,930,816 bytes free
Post-Run: 117,071,847,424 bytes free
.
- - End Of File - - DD9DB08C13870FA384DD9154FA89C50E
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité