Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-01-13.01 - Unknown_2015 23/01/2017 5:58.1.2 - x86
Microsoft Windows 7 Edition Starter 6.1.7601.1.1256.966.1036.18.2046.832 [GMT 1:00]
Running from: c:\users\Unknown_2015\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2016-12-23 to 2017-01-23 )))))))))))))))))))))))))))))))
.
.
2017-01-23 05:10 . 2017-01-23 05:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-22 16:59 . 2017-01-22 17:00 -------- d-----w- c:\program files\RogueKiller
2017-01-22 16:29 . 2017-01-22 16:29 -------- d-----w- c:\programdata\ProductData
2017-01-22 16:29 . 2017-01-22 16:29 -------- d-----w- c:\users\Unknown_2015\AppData\Roaming\ProductData
2017-01-21 09:54 . 2017-01-21 09:54 -------- d-----w- c:\users\Unknown_2015\AppData\Roaming\Avira
2017-01-21 09:49 . 2016-12-06 15:01 30672 ----a-w- c:\windows\system32\drivers\avusbflt.sys
2017-01-21 09:49 . 2016-12-06 15:01 60088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2017-01-21 09:49 . 2016-12-06 15:01 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2017-01-21 09:49 . 2016-12-06 15:01 140840 ----a-w- c:\windows\system32\drivers\avipbb.sys
2017-01-21 09:49 . 2016-12-06 15:01 119208 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2017-01-21 09:48 . 2017-01-21 09:55 -------- d-----w- c:\program files\Avira
2017-01-21 09:48 . 2017-01-21 09:55 -------- d-----w- c:\programdata\Avira
2017-01-20 02:51 . 2017-01-23 04:32 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-20 02:49 . 2016-03-10 13:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-01-20 02:49 . 2016-03-10 13:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-01-20 02:49 . 2016-03-10 13:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-01-20 02:49 . 2017-01-20 02:51 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2017-01-17 13:05 . 2017-01-17 13:05 -------- d-----w- c:\program files\Daring Development
2017-01-17 13:05 . 2017-01-21 09:54 -------- d-----w- c:\programdata\Package Cache
2017-01-13 16:58 . 2016-07-22 07:21 589944 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2017-01-13 16:58 . 2016-07-22 07:21 1121040 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2017-01-13 16:58 . 2016-07-22 07:21 146048 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2017-01-13 15:36 . 2017-01-13 15:36 -------- d-----w- c:\program files\Samsung
2017-01-13 15:34 . 2017-01-13 15:34 -------- d-----w- c:\programdata\Samsung
2017-01-09 20:30 . 2017-01-23 04:40 -------- d-----w- c:\program files\iPod
2017-01-09 05:13 . 2017-01-09 05:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FECB344-2242-4641-AB0B-1730C1B8C10B}\offreg.2132.dll
2017-01-08 06:17 . 2017-01-08 06:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FECB344-2242-4641-AB0B-1730C1B8C10B}\offreg.3888.dll
2016-12-31 18:22 . 2016-12-31 18:22 -------- d-----w- c:\users\Unknown_2015\AppData\Local\Trolltech
2016-12-31 18:19 . 2016-12-31 19:43 -------- d-----w- c:\program files\LenovoUsbDriver
2016-12-31 18:00 . 2016-12-31 18:00 -------- d-----w- c:\program files\DIFX
2016-12-31 17:44 . 2017-01-13 16:04 -------- d-----w- c:\programdata\SP_FT_Logs
2016-12-28 14:40 . 2016-12-28 14:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FECB344-2242-4641-AB0B-1730C1B8C10B}\offreg.4016.dll
2016-12-27 17:56 . 2016-12-27 17:56 -------- d-----w- c:\programdata\SlySoft
2016-12-27 17:56 . 2016-12-27 17:56 -------- d-----w- c:\program files\RedFox
2016-12-25 05:27 . 2006-12-27 23:00 66560 ----a-w- c:\windows\system32\eswia7e.dll
2016-12-25 05:27 . 2006-12-27 23:00 208896 ----a-w- c:\windows\system32\esint7e.dll
2016-12-25 05:27 . 2006-03-09 23:00 3584 ----a-w- c:\windows\system32\eswiaml.dll
2016-12-25 04:46 . 2006-12-08 02:04 76800 ----a-w- c:\windows\system32\E_FLBCAE.DLL
2016-12-25 04:46 . 2006-04-19 02:00 62976 ----a-w- c:\windows\system32\E_FD4BCAE.DLL
2016-12-25 04:45 . 2016-12-25 05:27 -------- d-----w- c:\program files\EPSON
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-21 18:48 . 2015-12-10 15:07 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-01-21 18:48 . 2015-12-10 15:07 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-01-06 10:11 . 2012-07-17 13:37 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-12-12 23:00 . 2016-12-12 23:00 12872 ----a-w- c:\windows\system32\bootdelete.exe
2016-12-12 09:55 . 2016-12-12 09:55 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-12-07 03:08 . 2016-12-07 03:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FECB344-2242-4641-AB0B-1730C1B8C10B}\offreg.1984.dll
2016-11-23 03:16 . 2016-11-23 03:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FECB344-2242-4641-AB0B-1730C1B8C10B}\offreg.5456.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Unknown_2015\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Unknown_2015\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Unknown_2015\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"StarterBackgroundChanger"="c:\program files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe" [2014-07-12 287744]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-10-01 3981368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2012-09-25 1163264]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"CloneCDTray"="c:\program files\RedFox\CloneCD\CloneCDTray.exe" [2016-03-29 57344]
"avgnt"="c:\program files\Avira\Antivirus\avgnt.exe" [2016-12-06 917576]
"Avira SystrayStartTrigger"="c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-11-24 61640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-12-04 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.474\SSScheduler.exe [2016-12-14 342792]
Utilitaire de configuration sans fil TP-LINK.lnk - c:\program files\TP-LINK\Utilitaire de configuration sans fil TP-LINK\TWCU.exe -nogui [2016-8-16 846848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae.sys [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2016-06-30 108032]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2016-04-22 2960160]
R3 cpuz138;cpuz138;c:\users\UNKNOW~1\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2016-09-05 109184]
R3 FXDrv32;FXDrv32;D:\FXDrv32.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-05-11 102912]
R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\drivers\farflt.sys [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.474\McCHSvc.exe [2016-12-14 272136]
R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\rtwlanu.sys [2013-04-09 867472]
R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys [2016-01-02 55328]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2016-09-05 147072]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2016-07-22 146048]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2016-08-16 128704]
S0 avusbflt;avusbflt;c:\windows\System32\Drivers\avusbflt.sys [2016-12-06 30672]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2016-04-01 71488]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2016-12-06 37896]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-04-01 206312]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2016-04-01 146024]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2016-04-01 44608]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\Antivirus\avmailc7.exe [2016-12-06 1089592]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\Antivirus\sched.exe [2016-12-06 476736]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\Antivirus\avwebg7.exe [2016-12-06 1490296]
S2 Avira.ServiceHost;Avira Service Host;c:\program files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-24 350528]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2016-12-06 60088]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2016-04-01 111040]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-09-21 147120]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-07-22 754784]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-01-23 170200]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0093.sys [2016-01-02 37920]
S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - hitmanpro37
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 11:55 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-01-21 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-21 18:48]
.
2017-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-10 18:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bureau108.fr/
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-IDMan - c:\program files (x86)\Internet Download Manager\IDMan.exe
AddRemove-ImgBurn - c:\users\Unknown_2015\Downloads\uninstall.exe
AddRemove-{547ef30e-708b-43f7-86c9-71fdac05cf9d} - c:\program files\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-27_ssconn - c:\program files\Samsung\USB Drivers\27_ssconn\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2866674283-3230663183-555734474-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a8,8d,db,c5,6b,1f,9c,61,b7,ea,b3,c8,03,b6,a6,02,43,e0,1b,8e,6e,
c5,c1,83,33,ff,36,d8,ab,57,21,9c,be,01,5a,25,03,61,9b,35,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2866674283-3230663183-555734474-1000_Classes\CLSID\{61766721-c6a7-4244-8889-bb2bad6a54a0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000126
"Therad"=dword:00000001
.
[HKEY_USERS\S-1-5-21-2866674283-3230663183-555734474-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9a,5a,cf,ad,56,4d,75,e1,74,a4,69,d6,47,af,48,c0,f4,24,68,aa,ee,
79,c8,0b,78,8e,0a,ac,40,c4,0b,fb,5e,c6,2e,f5,b4,dd,b8,de,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2866674283-3230663183-555734474-1000_Classes\CLSID\{924a2be0-7173-4001-88a7-39184761ce82}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b4
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-01-23 06:13:52
ComboFix-quarantined-files.txt 2017-01-23 05:13
.
Pre-Run: 39 132 807 168 octets libres
Post-Run: 39 304 208 384 octets libres
.
- - End Of File - - A23701CE398FC62DF40BDE42AB2221FA
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Edition Starter 6.1.7601.1.1256.966.1036.18.2046.832 [GMT 1:00]
Running from: c:\users\Unknown_2015\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2016-12-23 to 2017-01-23 )))))))))))))))))))))))))))))))
.
.
2017-01-23 05:10 . 2017-01-23 05:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-22 16:59 . 2017-01-22 17:00 -------- d-----w- c:\program files\RogueKiller
2017-01-22 16:29 . 2017-01-22 16:29 -------- d-----w- c:\programdata\ProductData
2017-01-22 16:29 . 2017-01-22 16:29 -------- d-----w- c:\users\Unknown_2015\AppData\Roaming\ProductData
2017-01-21 09:54 . 2017-01-21 09:54 -------- d-----w- c:\users\Unknown_2015\AppData\Roaming\Avira
2017-01-21 09:49 . 2016-12-06 15:01 30672 ----a-w- c:\windows\system32\drivers\avusbflt.sys
2017-01-21 09:49 . 2016-12-06 15:01 60088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2017-01-21 09:49 . 2016-12-06 15:01 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2017-01-21 09:49 . 2016-12-06 15:01 140840 ----a-w- c:\windows\system32\drivers\avipbb.sys
2017-01-21 09:49 . 2016-12-06 15:01 119208 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2017-01-21 09:48 . 2017-01-21 09:55 -------- d-----w- c:\program files\Avira
2017-01-21 09:48 . 2017-01-21 09:55 -------- d-----w- c:\programdata\Avira
2017-01-20 02:51 . 2017-01-23 04:32 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-20 02:49 . 2016-03-10 13:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-01-20 02:49 . 2016-03-10 13:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-01-20 02:49 . 2016-03-10 13:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-01-20 02:49 . 2017-01-20 02:51 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2017-01-17 13:05 . 2017-01-17 13:05 -------- d-----w- c:\program files\Daring Development
2017-01-17 13:05 . 2017-01-21 09:54 -------- d-----w- c:\programdata\Package Cache
2017-01-13 16:58 . 2016-07-22 07:21 589944 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2017-01-13 16:58 . 2016-07-22 07:21 1121040 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2017-01-13 16:58 . 2016-07-22 07:21 146048 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2017-01-13 15:36 . 2017-01-13 15:36 -------- d-----w- c:\program files\Samsung
2017-01-13 15:34 . 2017-01-13 15:34 -------- d-----w- c:\programdata\Samsung
2017-01-09 20:30 . 2017-01-23 04:40 -------- d-----w- c:\program files\iPod
2017-01-09 05:13 . 2017-01-09 05:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FECB344-2242-4641-AB0B-1730C1B8C10B}\offreg.2132.dll
2017-01-08 06:17 . 2017-01-08 06:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FECB344-2242-4641-AB0B-1730C1B8C10B}\offreg.3888.dll
2016-12-31 18:22 . 2016-12-31 18:22 -------- d-----w- c:\users\Unknown_2015\AppData\Local\Trolltech
2016-12-31 18:19 . 2016-12-31 19:43 -------- d-----w- c:\program files\LenovoUsbDriver
2016-12-31 18:00 . 2016-12-31 18:00 -------- d-----w- c:\program files\DIFX
2016-12-31 17:44 . 2017-01-13 16:04 -------- d-----w- c:\programdata\SP_FT_Logs
2016-12-28 14:40 . 2016-12-28 14:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FECB344-2242-4641-AB0B-1730C1B8C10B}\offreg.4016.dll
2016-12-27 17:56 . 2016-12-27 17:56 -------- d-----w- c:\programdata\SlySoft
2016-12-27 17:56 . 2016-12-27 17:56 -------- d-----w- c:\program files\RedFox
2016-12-25 05:27 . 2006-12-27 23:00 66560 ----a-w- c:\windows\system32\eswia7e.dll
2016-12-25 05:27 . 2006-12-27 23:00 208896 ----a-w- c:\windows\system32\esint7e.dll
2016-12-25 05:27 . 2006-03-09 23:00 3584 ----a-w- c:\windows\system32\eswiaml.dll
2016-12-25 04:46 . 2006-12-08 02:04 76800 ----a-w- c:\windows\system32\E_FLBCAE.DLL
2016-12-25 04:46 . 2006-04-19 02:00 62976 ----a-w- c:\windows\system32\E_FD4BCAE.DLL
2016-12-25 04:45 . 2016-12-25 05:27 -------- d-----w- c:\program files\EPSON
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-21 18:48 . 2015-12-10 15:07 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-01-21 18:48 . 2015-12-10 15:07 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-01-06 10:11 . 2012-07-17 13:37 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-12-12 23:00 . 2016-12-12 23:00 12872 ----a-w- c:\windows\system32\bootdelete.exe
2016-12-12 09:55 . 2016-12-12 09:55 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-12-07 03:08 . 2016-12-07 03:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FECB344-2242-4641-AB0B-1730C1B8C10B}\offreg.1984.dll
2016-11-23 03:16 . 2016-11-23 03:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FECB344-2242-4641-AB0B-1730C1B8C10B}\offreg.5456.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Unknown_2015\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Unknown_2015\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Unknown_2015\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"StarterBackgroundChanger"="c:\program files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe" [2014-07-12 287744]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-10-01 3981368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2012-09-25 1163264]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"CloneCDTray"="c:\program files\RedFox\CloneCD\CloneCDTray.exe" [2016-03-29 57344]
"avgnt"="c:\program files\Avira\Antivirus\avgnt.exe" [2016-12-06 917576]
"Avira SystrayStartTrigger"="c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-11-24 61640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-12-04 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.474\SSScheduler.exe [2016-12-14 342792]
Utilitaire de configuration sans fil TP-LINK.lnk - c:\program files\TP-LINK\Utilitaire de configuration sans fil TP-LINK\TWCU.exe -nogui [2016-8-16 846848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae.sys [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2016-06-30 108032]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2016-04-22 2960160]
R3 cpuz138;cpuz138;c:\users\UNKNOW~1\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2016-09-05 109184]
R3 FXDrv32;FXDrv32;D:\FXDrv32.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-05-11 102912]
R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\drivers\farflt.sys [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.474\McCHSvc.exe [2016-12-14 272136]
R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\rtwlanu.sys [2013-04-09 867472]
R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys [2016-01-02 55328]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2016-09-05 147072]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2016-07-22 146048]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2016-08-16 128704]
S0 avusbflt;avusbflt;c:\windows\System32\Drivers\avusbflt.sys [2016-12-06 30672]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2016-04-01 71488]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2016-12-06 37896]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-04-01 206312]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2016-04-01 146024]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2016-04-01 44608]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\Antivirus\avmailc7.exe [2016-12-06 1089592]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\Antivirus\sched.exe [2016-12-06 476736]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\Antivirus\avwebg7.exe [2016-12-06 1490296]
S2 Avira.ServiceHost;Avira Service Host;c:\program files\Avira\Launcher\Avira.ServiceHost.exe [2016-11-24 350528]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2016-12-06 60088]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2016-04-01 111040]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-09-21 147120]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-07-22 754784]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-01-23 170200]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0093.sys [2016-01-02 37920]
S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - hitmanpro37
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 11:55 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-01-21 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-21 18:48]
.
2017-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-10 18:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bureau108.fr/
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-IDMan - c:\program files (x86)\Internet Download Manager\IDMan.exe
AddRemove-ImgBurn - c:\users\Unknown_2015\Downloads\uninstall.exe
AddRemove-{547ef30e-708b-43f7-86c9-71fdac05cf9d} - c:\program files\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-27_ssconn - c:\program files\Samsung\USB Drivers\27_ssconn\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2866674283-3230663183-555734474-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a8,8d,db,c5,6b,1f,9c,61,b7,ea,b3,c8,03,b6,a6,02,43,e0,1b,8e,6e,
c5,c1,83,33,ff,36,d8,ab,57,21,9c,be,01,5a,25,03,61,9b,35,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2866674283-3230663183-555734474-1000_Classes\CLSID\{61766721-c6a7-4244-8889-bb2bad6a54a0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000126
"Therad"=dword:00000001
.
[HKEY_USERS\S-1-5-21-2866674283-3230663183-555734474-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9a,5a,cf,ad,56,4d,75,e1,74,a4,69,d6,47,af,48,c0,f4,24,68,aa,ee,
79,c8,0b,78,8e,0a,ac,40,c4,0b,fb,5e,c6,2e,f5,b4,dd,b8,de,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2866674283-3230663183-555734474-1000_Classes\CLSID\{924a2be0-7173-4001-88a7-39184761ce82}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b4
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-01-23 06:13:52
ComboFix-quarantined-files.txt 2017-01-23 05:13
.
Pre-Run: 39 132 807 168 octets libres
Post-Run: 39 304 208 384 octets libres
.
- - End Of File - - A23701CE398FC62DF40BDE42AB2221FA
A36C5E4F47E84449FF07ED3517B43A31