cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-12-16.01 - mourad 16/12/2015 23:06:20.1.4 - x64
Microsoft Windows 7 Edition Intégrale 6.1.7601.1.1256.213.1036.18.8144.5445 [GMT 1:00]
Running from: c:\users\mourad\Downloads\Programs\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
[i] ADS - Windows: deleted 0 bytes in 1 streams. [/i]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Config\uninstinethnfd.exe
c:\program files (x86)\Common Files\Config\ver.xml
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\npapi.txt
c:\programdata\ntuser.pol
c:\windows\SysWow64\hfnapi.dll
c:\windows\SysWow64\hfpapi.dll
c:\windows\SysWow64\installd.exe
c:\windows\SysWow64\nethtsrv.exe
c:\windows\SysWow64\netupdsrv.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Service_nethfdrv
-------\Service_NetHttpService
-------\Service_ServiceUpdater
.
.
((((((((((((((((((((((((( Files Created from 2015-11-16 to 2015-12-16 )))))))))))))))))))))))))))))))
.
.
2015-12-16 20:46 . 2015-12-16 20:46 687 ----a-w- C:\awhABC8.tmp
2015-12-16 20:09 . 2015-12-16 20:09 687 ----a-w- C:\awhB70E.tmp
2015-12-16 19:39 . 2015-12-16 19:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D887CC31-B948-41EB-B286-BE1B56F67B04}\offreg.3220.dll
2015-12-16 19:32 . 2015-12-16 19:32 -------- d-----w- c:\users\mourad\AppData\Local\Bluestacks
2015-12-16 19:30 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D887CC31-B948-41EB-B286-BE1B56F67B04}\mpengine.dll
2015-12-16 19:20 . 2015-12-16 19:43 -------- dc----w- c:\users\mourad\AppData\Local\MigWiz
2015-12-11 22:35 . 2015-12-11 22:35 9498816 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-12-11 11:31 . 2015-12-16 19:04 -------- d-----w- c:\programdata\BlueStacksSetup
2015-12-06 15:05 . 2015-12-06 15:05 -------- d-----w- c:\program files (x86)\Valve
2015-11-20 20:38 . 2015-11-20 20:38 -------- d-----w- c:\users\mourad\AppData\Local\Lenovo
2015-11-20 20:38 . 2015-11-20 20:38 -------- d-----w- c:\windows\Downloaded Installations
2015-11-20 20:38 . 2015-11-20 20:38 -------- d-----w- c:\program files (x86)\Common Files\LENOVO
2015-11-20 20:38 . 2015-11-20 20:38 -------- d-----w- c:\program files (x86)\Lenovo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-11 22:35 . 2015-06-18 23:13 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-12-11 22:35 . 2015-06-18 23:13 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-08 18:39 . 2015-10-08 18:39 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-10-04 01:05 . 2015-10-04 01:05 4875861 ----a-w- c:\program files\Common Files\bibomlfk.exe
2015-10-03 23:48 . 2015-10-03 23:48 52736 ----a-w- c:\users\mourad\AppData\Local\Vilafase.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-08-15 3907152]
"Viber"="c:\users\mourad\AppData\Local\Viber\Viber.exe" [2015-11-09 51657424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Fast Boot"="c:\program files (x86)\MSI\Fast Boot\StartFastBoot.exe" [2012-09-19 764472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe, \"c:\users\mourad\AppData\Roaming\Microsoft\Windows\Templates\O41414Z\TuxO41414Z.exe\""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\programdata\caMyciloP\Opetough.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys;c:\windows\SYSNATIVE\DRIVERS\dmvsc.sys [x]
R3 h647906;DragonRise H647906 AMD64 Driver;c:\windows\system32\drivers\h647906.sys;c:\windows\SYSNATIVE\drivers\h647906.sys [x]
R3 h648101;DragonRise H648101 AMD64 Driver;c:\windows\system32\drivers\h648101.sys;c:\windows\SYSNATIVE\drivers\h648101.sys [x]
R3 h648103;DragonRise H648103 AMD64 Driver;c:\windows\system32\drivers\h648103.sys;c:\windows\SYSNATIVE\drivers\h648103.sys [x]
R3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys;c:\windows\SYSNATIVE\drivers\hid7906.sys [x]
R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys;c:\windows\SYSNATIVE\drivers\hid8101.sys [x]
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys;c:\windows\SYSNATIVE\drivers\hid8103.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [x]
R3 NTIOLib_MB;NTIOLib_MB;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys;c:\program files (x86)\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S1 BfLwf;Killer Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ApplicationHosting;ApplicationHosting;c:\programdata\\ApplicationHosting\\ApplicationHosting.exe;c:\programdata\\ApplicationHosting\\ApplicationHosting.exe [x]
S2 AppnorriA;AppnorriA;c:\programdata\\AppnorriA\\AppnorriA.exe;c:\programdata\\AppnorriA\\AppnorriA.exe [x]
S2 caMyciloP;caMyciloP;c:\programdata\\caMyciloP\\caMyciloP.exe;c:\programdata\\caMyciloP\\caMyciloP.exe [x]
S2 cohci1394;Compliant Host Controller;c:\program files\Controller\cohc.exe;c:\program files\Controller\cohc.exe [x]
S2 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe;c:\program files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 entdtwojozuuaate;U- Zaming;c:\users\mourad\AppData\Local\Vilafase.exe comwedatey entdtwojozuuaate;c:\users\mourad\AppData\Local\Vilafase.exe comwedatey entdtwojozuuaate [x]
S2 GamingApp_Service;GamingApp_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Killer Service V2;Killer Service V2;c:\program files\Killer Networking\Network Manager\KillerService.exe;c:\program files\Killer Networking\Network Manager\KillerService.exe [x]
S2 MSI_FastBoot;MSI_FastBoot;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe [x]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 Saophase;Saophase;c:\programdata\\Saophase\\Saophase.exe;c:\programdata\\Saophase\\Saophase.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for Killer e2201/e2202 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_FastBoot;NTIOLib_FastBoot;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NTIOLIB_FASTBOOT
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-08 21:21 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-20 22:35]
.
2015-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11 18:55]
.
2015-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-11 18:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-07-24 07:55 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-04-30 8466136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\programdata\caMyciloP\InchLax.dll
.
------- Supplementary Scan -------
.
uLocal Page = hxxp://www.babal.net/?utm_source=hp-ie&utm_medium=cpm&utm_campaign=22
uStart Page = https://www.google.dz/?gws_rd=cr,ssl&ei=NTljVrLnFYjbU7H8v4gB
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: Interfaces\{3C9B17CF-EF84-4837-88D4-644F9523B01E}: NameServer = 192.168.1.1
TCP: Interfaces\{6A9A392C-52E4-44DD-818A-0915FD8BFFD2}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\mourad\AppData\Roaming\Mozilla\Firefox\Profiles\2lv5hx5r.default\
FF - prefs.js: browser.startup.homepage - c:\\ProgramData\\Saophase\\ff.HP
FF - prefs.js: network.proxy.http - 107.170.58.132
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-inethnfd - c:\program files (x86)\Common Files\Config\uninstinethnfd.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-212472963-4267902375-3941050132-1000_Classes\Wow6432Node\CLSID\{12c86070-54e3-41ef-87f1-6ca9865d7089}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000118
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-212472963-4267902375-3941050132-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):61,87,f1,53,0b,81,0c,60,ea,32,c3,55,22,62,f1,52,a4,68,ac,08,40,
fd,27,f4,4a,31,d6,b4,7b,6e,43,f6,37,a7,e1,31,c2,17,32,af,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-212472963-4267902375-3941050132-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d4,d8,bd,59,33,1b,08,e3,e2,8c,be,60,ca,e2,ce,28,be,d5,f9,ec,fe,
4e,d5,62,d5,84,dd,3e,eb,a2,c5,88,a5,23,44,88,97,59,80,e2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-212472963-4267902375-3941050132-1000_Classes\Wow6432Node\CLSID\{cb112b75-bbab-4e87-81f9-9d234cc5b620}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000c5
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ce,da,cc,db,50,26,0f,69,67,35,f4,3d,5d,1c,30,3d,1e,4e,73,c9,c4,90,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\programdata\ApplicationHosting\ApplicationHosting.exe
c:\programdata\AppnorriA\AppnorriA.exe
c:\programdata\caMyciloP\caMyciloP.exe
c:\programdata\Saophase\Saophase.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-12-16 23:17:56 - machine was rebooted
ComboFix-quarantined-files.txt 2015-12-16 22:17
.
Pre-Run: 24 483 438 592 octets libres
Post-Run: 24 627 253 248 octets libres
.
- - End Of File - - 1059EE7689A04227D46106DE82CD1DC2
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité