Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-10-28.01 - Home 10/31/2015 1:50.1.2 - x86
Microsoft Windows 7 Edition Intégrale 6.1.7601.1.1256.212.1036.18.3543.2627 [GMT 0:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Home\AppData\Roaming\as
c:\users\Home\AppData\Roaming\as\listen1.exe
c:\users\Home\AppData\Roaming\as\listen2.exe
c:\users\Home\AppData\Roaming\as\listen3.exe
c:\users\Home\AppData\Roaming\as\listen4.exe
c:\users\Home\AppData\Roaming\as\recorder1.exe
c:\users\Home\AppData\Roaming\as\recorder2.exe
c:\users\Home\AppData\Roaming\as\recorder3.exe
c:\users\Home\AppData\Roaming\as\recorder4.exe
c:\users\Home\AppData\Roaming\as\rtmpdump.exe
c:\users\Home\AppData\Roaming\as\rtmpgw.exe
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ati.EXE
c:\users\Home\AppData\Roaming\mIRC\logs\status.log
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-09-28 to 2015-10-31 )))))))))))))))))))))))))))))))
.
.
2015-10-31 01:56 . 2015-10-31 01:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFD4BDF2-B960-4448-9EC9-4D529AE0B7A3}\offreg.6044.dll
2015-10-30 19:35 . 2015-10-30 20:45 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-30 19:35 . 2015-10-30 19:53 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-10-30 19:35 . 2015-10-05 09:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-30 19:35 . 2015-10-05 09:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-30 19:35 . 2015-10-05 09:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-30 18:40 . 2015-10-30 18:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFD4BDF2-B960-4448-9EC9-4D529AE0B7A3}\offreg.3888.dll
2015-10-30 18:32 . 2015-10-31 00:52 -------- d-----w- c:\users\Home\AppData\Roaming\ZHP
2015-10-30 16:18 . 2015-10-13 09:30 8985080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFD4BDF2-B960-4448-9EC9-4D529AE0B7A3}\mpengine.dll
2015-10-28 20:33 . 2015-10-28 20:33 -------- d-----w- c:\program files\Vimicro
2015-10-28 20:33 . 2007-06-13 09:24 1469312 ----a-w- c:\windows\system32\drivers\ZS211.sys
2015-10-28 20:33 . 2007-04-06 14:21 77824 ----a-w- c:\windows\ZS211Cap.exe
2015-10-28 20:33 . 2007-04-06 11:06 57344 ----a-w- c:\windows\ZSSnp211.exe
2015-10-28 20:33 . 2006-08-18 16:58 49152 ----a-w- c:\windows\Domino.exe
2015-10-28 20:33 . 2006-08-09 17:37 81920 ----a-w- c:\windows\system32\ZS211STI.dll
2015-10-28 20:33 . 2006-07-14 14:36 172115 ----a-w- c:\windows\system32\ZS211Prp.Ax
2015-10-28 20:33 . 2006-03-14 14:28 172032 ----a-w- c:\windows\amcap.exe
2015-10-28 20:33 . 2015-10-28 20:33 -------- d-----w- c:\users\Home\AppData\Roaming\InstallShield
2015-10-25 21:14 . 2015-10-30 21:42 -------- d-----w- c:\program files\Reason
2015-10-21 14:11 . 2015-10-21 14:17 -------- d-----w- c:\users\Home\AppData\Local\FreeFixer
2015-10-21 14:11 . 2015-10-21 14:11 -------- d-----w- c:\users\Home\AppData\Roaming\FreeFixer
2015-10-15 07:33 . 2015-09-18 17:47 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 07:33 . 2015-09-18 17:44 587776 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 07:33 . 2015-09-18 17:44 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 07:33 . 2015-09-18 17:44 423936 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 07:33 . 2015-09-18 17:44 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-10-15 07:33 . 2015-09-18 17:44 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 07:33 . 2015-09-18 17:35 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-10-12 12:50 . 2015-10-24 21:40 -------- d-----w- c:\program files\CCleaner
2015-10-11 00:54 . 2015-10-11 00:54 -------- d-----w- c:\users\Home\AppData\Roaming\PotPlayerMini
2015-10-06 00:37 . 2015-10-06 00:37 -------- d-----w- c:\users\Home\AppData\Local\Mega Limited
2015-10-06 00:37 . 2015-10-24 21:54 -------- d-----w- c:\users\Home\AppData\Local\MEGAsync
2015-10-05 19:43 . 2015-10-05 19:43 -------- d-----w- c:\users\Home\AppData\Roaming\RPEng
2015-10-02 08:34 . 2015-10-02 08:34 -------- d-----w- c:\users\Home\REACHit
2015-10-02 08:34 . 2015-10-02 08:34 -------- d-----w- c:\users\Home\AppData\Local\Lenovo
2015-10-02 08:33 . 2015-10-05 14:52 -------- d-----w- c:\program files\Lenovo
2015-10-02 08:33 . 2015-10-02 08:33 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-30 20:39 . 2015-09-03 20:01 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-30 20:39 . 2015-09-03 20:01 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-26 07:52 . 2015-09-26 07:52 345360 ----a-w- c:\windows\system32\LavasoftTcpService.dll
2015-09-02 02:48 . 2015-09-09 21:26 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48 . 2015-09-09 21:26 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48 . 2015-09-09 21:26 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48 . 2015-09-09 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:35 . 2015-09-09 21:26 2393600 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:33 . 2015-09-09 21:26 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-27 17:58 . 2015-09-09 21:28 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58 . 2015-09-09 21:28 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51 . 2015-09-09 21:28 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 21:28 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-11 11:22 . 2015-07-15 13:34 2895360 ----a-w- c:\windows\system32\pwNative.exe
2015-08-05 17:41 . 2015-09-09 21:28 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:40 . 2015-09-09 21:28 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 21:28 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-08-05 17:40 . 2015-09-09 21:28 19968 ----a-w- c:\windows\system32\jnwmon.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-09-28 57987712]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-09-16 6495144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"AdobeCEPServiceManager"="c:\program files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Syncios device service"="c:\program files\Syncios\SynciosDeviceService.exe" [2015-07-21 851968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-01 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
.
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
bin [2015-10-25 0]
GTProtector.asi.upk [2015-10-25 32768]
GTProtector.dll.upk [2015-10-25 135168]
GTProtector.ini.upk [2015-10-25 175]
motd_temp.html [2015-10-25 0]
Nexon.upk [2015-10-25 129]
NexonGameMenu.upk [2015-10-25 781]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[COLOR=RED] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [/COLOR]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 cpuz134;cpuz134;c:\users\Home\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2015-07-29 25016]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 MDA_NTDRV;MDA_NTDRV;c:\windows\system32\MDA_NTDRV.sys [2013-02-25 18136]
R3 netr28u;Pilote de carte réseau sans fil RT2870 USB pour Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2015-03-05 17160]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2015-03-05 13064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys [2015-07-24 43104]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 tapstrong;StrongVPN Adapter;c:\windows\system32\DRIVERS\tapstrong.sys [2015-01-18 32872]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2014-08-04 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2014-08-04 26880]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2015-04-29 20256]
R3 workfolderssvc;Dossiers de travail;c:\windows\System32\svchost.exe [2014-08-03 21504]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-03-10 51824]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-03-10 193464]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-03-10 135808]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-03-10 37928]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2014-08-03 21504]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-01-28 1349576]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968]
S3 e1kexpress;Pilote K de la connexion réseau Intel(R) PRO/1000 PCI Express;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0022.sys [2015-07-24 26208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WorkFoldersSvcGroup REG_MULTI_SZ workfolderssvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-24 21:45 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-03 20:39]
.
2015-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-24 21:43]
.
2015-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-24 21:43]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uDefault_Search_URL = hxxp://go.microsoft.com
mStart Page = about:blank
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\LavasoftTcpService.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\88lrblnz.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2536906684-2532996388-3794283676-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):79,fc,02,45,d9,a9,1f,34,42,f9,dc,e2,6d,69,77,20,14,69,ce,65,cc,
60,c8,49,5d,ef,70,db,51,21,d9,71,2b,ff,9a,74,9a,db,f3,54,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2536906684-2532996388-3794283676-1001_Classes\CLSID\{a33a8c9f-1403-4985-88a1-a203beb3aea0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ff
"Therad"=dword:0000000f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4068)
c:\windows\system32\LavasoftTcpService.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2015-10-31 02:02:50 - machine was rebooted
ComboFix-quarantined-files.txt 2015-10-31 02:02
.
Pre-Run: 63,881,351,168 octets libres
Post-Run: 63,964,594,176 octets libres
.
- - End Of File - - 3E471DB6CDA8EF4CC254D55848738EB2
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Edition Intégrale 6.1.7601.1.1256.212.1036.18.3543.2627 [GMT 0:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Home\AppData\Roaming\as
c:\users\Home\AppData\Roaming\as\listen1.exe
c:\users\Home\AppData\Roaming\as\listen2.exe
c:\users\Home\AppData\Roaming\as\listen3.exe
c:\users\Home\AppData\Roaming\as\listen4.exe
c:\users\Home\AppData\Roaming\as\recorder1.exe
c:\users\Home\AppData\Roaming\as\recorder2.exe
c:\users\Home\AppData\Roaming\as\recorder3.exe
c:\users\Home\AppData\Roaming\as\recorder4.exe
c:\users\Home\AppData\Roaming\as\rtmpdump.exe
c:\users\Home\AppData\Roaming\as\rtmpgw.exe
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ati.EXE
c:\users\Home\AppData\Roaming\mIRC\logs\status.log
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-09-28 to 2015-10-31 )))))))))))))))))))))))))))))))
.
.
2015-10-31 01:56 . 2015-10-31 01:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFD4BDF2-B960-4448-9EC9-4D529AE0B7A3}\offreg.6044.dll
2015-10-30 19:35 . 2015-10-30 20:45 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-30 19:35 . 2015-10-30 19:53 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-10-30 19:35 . 2015-10-05 09:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-30 19:35 . 2015-10-05 09:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-30 19:35 . 2015-10-05 09:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-30 18:40 . 2015-10-30 18:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFD4BDF2-B960-4448-9EC9-4D529AE0B7A3}\offreg.3888.dll
2015-10-30 18:32 . 2015-10-31 00:52 -------- d-----w- c:\users\Home\AppData\Roaming\ZHP
2015-10-30 16:18 . 2015-10-13 09:30 8985080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFD4BDF2-B960-4448-9EC9-4D529AE0B7A3}\mpengine.dll
2015-10-28 20:33 . 2015-10-28 20:33 -------- d-----w- c:\program files\Vimicro
2015-10-28 20:33 . 2007-06-13 09:24 1469312 ----a-w- c:\windows\system32\drivers\ZS211.sys
2015-10-28 20:33 . 2007-04-06 14:21 77824 ----a-w- c:\windows\ZS211Cap.exe
2015-10-28 20:33 . 2007-04-06 11:06 57344 ----a-w- c:\windows\ZSSnp211.exe
2015-10-28 20:33 . 2006-08-18 16:58 49152 ----a-w- c:\windows\Domino.exe
2015-10-28 20:33 . 2006-08-09 17:37 81920 ----a-w- c:\windows\system32\ZS211STI.dll
2015-10-28 20:33 . 2006-07-14 14:36 172115 ----a-w- c:\windows\system32\ZS211Prp.Ax
2015-10-28 20:33 . 2006-03-14 14:28 172032 ----a-w- c:\windows\amcap.exe
2015-10-28 20:33 . 2015-10-28 20:33 -------- d-----w- c:\users\Home\AppData\Roaming\InstallShield
2015-10-25 21:14 . 2015-10-30 21:42 -------- d-----w- c:\program files\Reason
2015-10-21 14:11 . 2015-10-21 14:17 -------- d-----w- c:\users\Home\AppData\Local\FreeFixer
2015-10-21 14:11 . 2015-10-21 14:11 -------- d-----w- c:\users\Home\AppData\Roaming\FreeFixer
2015-10-15 07:33 . 2015-09-18 17:47 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 07:33 . 2015-09-18 17:44 587776 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 07:33 . 2015-09-18 17:44 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 07:33 . 2015-09-18 17:44 423936 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 07:33 . 2015-09-18 17:44 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-10-15 07:33 . 2015-09-18 17:44 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 07:33 . 2015-09-18 17:35 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-10-12 12:50 . 2015-10-24 21:40 -------- d-----w- c:\program files\CCleaner
2015-10-11 00:54 . 2015-10-11 00:54 -------- d-----w- c:\users\Home\AppData\Roaming\PotPlayerMini
2015-10-06 00:37 . 2015-10-06 00:37 -------- d-----w- c:\users\Home\AppData\Local\Mega Limited
2015-10-06 00:37 . 2015-10-24 21:54 -------- d-----w- c:\users\Home\AppData\Local\MEGAsync
2015-10-05 19:43 . 2015-10-05 19:43 -------- d-----w- c:\users\Home\AppData\Roaming\RPEng
2015-10-02 08:34 . 2015-10-02 08:34 -------- d-----w- c:\users\Home\REACHit
2015-10-02 08:34 . 2015-10-02 08:34 -------- d-----w- c:\users\Home\AppData\Local\Lenovo
2015-10-02 08:33 . 2015-10-05 14:52 -------- d-----w- c:\program files\Lenovo
2015-10-02 08:33 . 2015-10-02 08:33 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-30 20:39 . 2015-09-03 20:01 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-30 20:39 . 2015-09-03 20:01 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-26 07:52 . 2015-09-26 07:52 345360 ----a-w- c:\windows\system32\LavasoftTcpService.dll
2015-09-02 02:48 . 2015-09-09 21:26 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48 . 2015-09-09 21:26 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48 . 2015-09-09 21:26 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48 . 2015-09-09 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:35 . 2015-09-09 21:26 2393600 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:33 . 2015-09-09 21:26 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-27 17:58 . 2015-09-09 21:28 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58 . 2015-09-09 21:28 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51 . 2015-09-09 21:28 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 21:28 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-11 11:22 . 2015-07-15 13:34 2895360 ----a-w- c:\windows\system32\pwNative.exe
2015-08-05 17:41 . 2015-09-09 21:28 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:40 . 2015-09-09 21:28 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 21:28 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-08-05 17:40 . 2015-09-09 21:28 19968 ----a-w- c:\windows\system32\jnwmon.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-09-28 57987712]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-09-16 6495144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"AdobeCEPServiceManager"="c:\program files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Syncios device service"="c:\program files\Syncios\SynciosDeviceService.exe" [2015-07-21 851968]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-01 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
.
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
bin [2015-10-25 0]
GTProtector.asi.upk [2015-10-25 32768]
GTProtector.dll.upk [2015-10-25 135168]
GTProtector.ini.upk [2015-10-25 175]
motd_temp.html [2015-10-25 0]
Nexon.upk [2015-10-25 129]
NexonGameMenu.upk [2015-10-25 781]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[COLOR=RED] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [/COLOR]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 cpuz134;cpuz134;c:\users\Home\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2015-07-29 25016]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 MDA_NTDRV;MDA_NTDRV;c:\windows\system32\MDA_NTDRV.sys [2013-02-25 18136]
R3 netr28u;Pilote de carte réseau sans fil RT2870 USB pour Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2015-03-05 17160]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2015-03-05 13064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys [2015-07-24 43104]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 tapstrong;StrongVPN Adapter;c:\windows\system32\DRIVERS\tapstrong.sys [2015-01-18 32872]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2014-08-04 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2014-08-04 26880]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2015-04-29 20256]
R3 workfolderssvc;Dossiers de travail;c:\windows\System32\svchost.exe [2014-08-03 21504]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-03-10 51824]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-03-10 193464]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-03-10 135808]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-03-10 37928]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2014-08-03 21504]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-01-28 1349576]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968]
S3 e1kexpress;Pilote K de la connexion réseau Intel(R) PRO/1000 PCI Express;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0022.sys [2015-07-24 26208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WorkFoldersSvcGroup REG_MULTI_SZ workfolderssvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-24 21:45 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-03 20:39]
.
2015-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-24 21:43]
.
2015-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-24 21:43]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uDefault_Search_URL = hxxp://go.microsoft.com
mStart Page = about:blank
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: c:\windows\system32\LavasoftTcpService.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\88lrblnz.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2536906684-2532996388-3794283676-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):79,fc,02,45,d9,a9,1f,34,42,f9,dc,e2,6d,69,77,20,14,69,ce,65,cc,
60,c8,49,5d,ef,70,db,51,21,d9,71,2b,ff,9a,74,9a,db,f3,54,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2536906684-2532996388-3794283676-1001_Classes\CLSID\{a33a8c9f-1403-4985-88a1-a203beb3aea0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ff
"Therad"=dword:0000000f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4068)
c:\windows\system32\LavasoftTcpService.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2015-10-31 02:02:50 - machine was rebooted
ComboFix-quarantined-files.txt 2015-10-31 02:02
.
Pre-Run: 63,881,351,168 octets libres
Post-Run: 63,964,594,176 octets libres
.
- - End Of File - - 3E471DB6CDA8EF4CC254D55848738EB2
A36C5E4F47E84449FF07ED3517B43A31