ComboFix 15-07-12.01 - TWINS 14/07/2015 16:57:31.1.4 - x64 Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.966.1036.18.4030.1647 [GMT 1:00] Running from: c:\users\TWINS\Desktop\ComboFix.exe AV: AVG AntiVirus 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413} SP: AVG AntiVirus 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\prefs.js c:\program files (x86)\Skype\Phone\Skype.exe c:\users\TWINS\ZHPDiag3.exe c:\windows\iun6002.exe c:\windows\msxml4-KB954430-enu.LOG c:\windows\msxml4-KB973688-enu.LOG c:\windows\SysWow64\DEBUG.log c:\windows\SysWow64\drivers\RKHit.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_RkHit . . ((((((((((((((((((((((((( Files Created from 2015-06-14 to 2015-07-14 ))))))))))))))))))))))))))))))) . . 2015-07-14 16:01 . 2015-07-14 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-07-14 14:55 . 2015-07-14 14:58 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2015-07-14 14:55 . 2015-07-14 14:57 -------- d-----w- c:\programdata\RogueKiller 2015-07-14 03:33 . 2015-07-14 03:33 -------- d-----w- c:\programdata\AVG Security Toolbar 2015-07-14 03:32 . 2015-07-14 03:32 -------- d-----w- c:\programdata\AVG Secure Search 2015-07-14 03:32 . 2015-07-14 03:32 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2015-07-14 03:05 . 2015-07-14 16:02 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-07-14 03:05 . 2015-07-14 03:05 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-07-14 03:05 . 2015-07-14 03:05 -------- d-----w- c:\programdata\Malwarebytes 2015-07-14 03:05 . 2015-06-18 07:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-07-14 03:05 . 2015-06-18 07:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-07-14 03:05 . 2015-06-18 07:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-07-14 03:00 . 2015-07-14 03:00 -------- d-----w- c:\users\TWINS\AppData\Roaming\AVG2015 2015-07-14 01:52 . 2015-07-14 15:37 -------- d-----w- c:\users\TWINS\AppData\Roaming\ZHP 2015-07-12 17:55 . 2015-07-12 17:55 -------- d-----w- c:\program files (x86)\MSXML 4.0 2015-07-12 17:51 . 2015-07-12 17:55 -------- d-----w- c:\windows\system32\MRT 2015-07-12 17:45 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-07-12 17:45 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2015-07-12 17:45 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2015-07-12 17:45 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2015-07-12 17:45 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2015-07-12 17:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2015-07-12 17:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2015-07-12 17:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2015-07-12 17:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2015-07-12 17:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2015-07-12 17:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2015-07-12 17:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2015-07-12 17:43 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2015-07-12 17:43 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2015-07-12 17:35 . 2015-07-12 17:35 -------- d-s---w- c:\windows\SysWow64\Microsoft 2015-07-12 17:06 . 2015-07-12 17:06 -------- d-----w- c:\users\TWINS\AppData\Local\AVG Web TuneUp 2015-07-12 17:05 . 2015-07-12 17:06 -------- d-----w- c:\programdata\AVG Web TuneUp 2015-07-12 17:05 . 2015-07-14 03:32 -------- d-----w- c:\program files (x86)\AVG Web TuneUp 2015-07-12 16:50 . 2015-07-14 01:15 -------- d-----w- c:\program files\Common Files\AV 2015-07-12 16:50 . 2015-07-14 01:15 -------- d-----w- c:\programdata\AVG2015 2015-07-12 16:50 . 2015-07-14 01:14 -------- d-----w- C:\$AVG 2015-07-12 16:49 . 2015-07-12 16:49 -------- d-----w- c:\program files (x86)\AVG 2015-07-12 16:39 . 2015-07-14 14:22 -------- d-----w- c:\programdata\MFAData 2015-07-12 16:39 . 2015-07-14 03:30 -------- d-----w- c:\users\TWINS\AppData\Local\Avg2015 2015-07-12 16:39 . 2015-07-12 16:39 -------- d-----w- c:\users\TWINS\AppData\Local\MFAData 2015-07-12 13:29 . 2015-07-12 13:29 -------- d-----w- c:\users\TWINS\AppData\Roaming\URSoft 2015-07-12 13:29 . 2015-07-12 13:29 -------- d-----w- c:\program files (x86)\Your Uninstaller 2010 2015-07-11 14:25 . 2015-07-11 14:25 -------- d-----w- c:\users\TWINS\AppData\Roaming\MailProducts 2015-07-11 12:50 . 2011-04-20 02:07 1930240 ----a-w- c:\windows\system32\drivers\athurx.sys 2015-07-11 12:50 . 2011-04-20 02:07 1930240 ----a-w- c:\windows\system32\athurx.sys 2015-07-11 12:49 . 2015-07-11 12:50 -------- d-----w- c:\programdata\TP-LINK 2015-06-26 08:49 . 2015-06-26 08:49 293296 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2015-06-16 14:55 . 2015-06-16 14:55 259040 ----a-w- c:\windows\system32\drivers\avgldx64.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-07-11 13:17 . 2014-03-19 22:02 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-07-11 13:17 . 2014-03-19 22:02 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-06-10 15:38 . 2015-06-10 15:38 226784 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2015-05-12 13:39 . 2015-05-12 13:39 281568 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2015-05-12 13:36 . 2015-05-12 13:36 253408 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2015-05-07 12:50 . 2015-05-07 12:50 378336 ----a-w- c:\windows\system32\drivers\avgloga.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [-] 2011-12-18 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll . [-] 2011-12-18 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-07-07 3730344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] R3 BthMtpEnum;Enumérateur de périphérique MTP Bluetooth;c:\windows\system32\DRIVERS\BthMtpEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthMtpEnum.sys [x] R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmusbser.sys [x] R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x] S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 vToolbarUpdater18.7.0;vToolbarUpdater18.7.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [x] S2 WtuSystemSupport;WtuSystemSupport;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-07-11 13:16 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19 13:17] . 2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:03] . 2015-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:03] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_191_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_191_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_191_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_191_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.17" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_191.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OOSAFEERASE04.00.00.01MSWINDOWS"="A101C632B88A52AF820B78B26FD94BDBD69946E6BAE28023B50EAFF8B51ABC38600EF12547658269D5DFF4F015BEAB572C5594E4C6E6CD403A45295D1BA6734D9898E866CF22A501EC609C2D4F3C44A983841CFBBD07FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D14075D575E7D6A3B98088EDD5E5BE2F6E667771C0D30EFE704DFC82F28CA3D72120A16766E8FDDAB70CF45929C7A476680DFBF62415B078120CD4D785E81C15DA608BE24526F887440D5E0051630F0718E6CCB36C6A48F5F1B90F37D87F931EDA2CB1C1B299BED3723A9811628C288A4440D722DFB8F225C089499442EB1B63DD40B31F0C9A6EF6E44E8710D1B004480CA686261344169172DA8F05752C813ACBFDCD3C1834B04DB039449B6A6D96D447F081CEF3707A4EF817EFEC4E8041ADD1ABE312E176432037213FA64F967E4F4715BF3FA3FCCA60F35AF1D9ED94934384D1146D937F49A2CD92DC9E937DF1A5CE63593A7FAA858DDA7B6F97D8026DD68F91766EA8F216B633591CCA0F3249408564AF5A00FCFB20A707396FAADC8A75BF079380FBBB1EB78B4CE71E33A336EC7EDB5ED13901DC605D7A7C9B52507B54539C5B673CD9374803B5D759688B5D5320E771F308B8FB7865BFC3CD01ED63F9D8CEB304EC956F252DF94ED1C50F30E9FC9EE022E7EC93B092C7DECF146D513205BBF48D52931678B6F33C15C775BEB2DEA6564C55D939EC8311A2CC43CC38EC9C6F9F446587CE88B68D82E45597F5A3CEE82E5B58E5740C90324A0F61483A7DE263881DD3A359F767E0D42C6C215D7728357FC3F6DA31350EFD344BC579D666802788CE1A1FAC8B49938E0D57576F5388F557028C8AB1F6878C4E3CB7F3EE5AE9C20871A591335F1D4A6426AA7A15C3BAA525E396346FDDF5277A25E7F34D7C164793CD09CE64C1F7F0C73820538C36BA289374174EFE147E6CC75B3B874817503ADC2D69D8405EE1D7CD11DA9007B80F5983F1227C48BF5D48D260E8596B8DFD0CE0BFE829A6E5BE67114C0A8E365705A0290809A0AD3076CE5D2B43056E95D5D5258A1617F281F4648BF75867078FAB72C966661242556B3E4EC71F893180DEB8F3F9A492BE73B5C4331C63F573D20AB6213A18321FE8864FBB9931553555171C1ADC83CBBF7747A8698C6C0EF54A406D11A93FAACF482EA05D46D2BBBC951990BDF102C71B4512B9BF988EB34ED13CB8D15A1B61C2D6DEABA2AD5D71A3278416F69D784AF901FA770ACA6174051B7B30D3F361AE5E339B73C7C28AB5D5FF57D57B10CA1020FEC6057DBBB0CD7D823AD282B3F7C24E896DC0C61C12A1A34BD130F731DD494CA107883086A8860F1ABD69EBCAC2A969E7D1613C106CA072B85FD46BBFDE2376F2047908456" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\loggingserver.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2015-07-14 17:06:05 - machine was rebooted ComboFix-quarantined-files.txt 2015-07-14 16:06 . Pre-Run: 130 562 945 024 octets libres Post-Run: 130 593 681 408 octets libres . - - End Of File - - BF1C71131D76E2DC590D65AE5F89497C