Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 18-03-14.01 - abderazzak 01/05/2018 23:37:17.3.4 - x64
Microsoft Windows 7 Edition Intégrale 6.1.7601.1.1256.213.1036.18.3990.2318 [GMT 2:00]
Running from: c:\users\abderazzak\Desktop\ComboFix.exe
AV: ESET Internet Security *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET ÌÏÇÑ ÍãÇíÉ *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Internet Security *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2018-04-01 to 2018-05-01 )))))))))))))))))))))))))))))))
.
.
2018-05-01 21:45 . 2018-05-01 21:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2018-05-01 21:45 . 2018-05-01 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-05-01 20:48 . 2018-04-13 19:08 14575456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E27C6561-59AE-4329-B85E-E01A971710AC}\mpengine.dll
2018-04-30 13:55 . 2018-04-30 13:56 -------- d-----w- c:\program files\ProgDVB x64
2018-04-29 08:12 . 2018-05-01 16:50 253664 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-04-24 11:00 . 2018-04-24 11:09 -------- d-sh--w- c:\users\abderazzak\AppData\Local\12369
2018-04-24 11:00 . 2018-04-29 12:57 -------- d-----w- c:\users\abderazzak\AppData\Local\Kristans
2018-04-11 17:39 . 2018-03-31 01:09 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2018-04-11 08:40 . 2018-03-14 17:09 656384 ----a-w- c:\windows\system32\aeinv.dll
2018-04-11 08:40 . 2018-03-14 13:05 1559552 ----a-w- c:\windows\system32\appraiser.dll
2018-04-11 08:40 . 2018-03-14 13:05 291840 ----a-w- c:\windows\system32\acmigration.dll
2018-04-11 08:40 . 2018-03-14 17:14 135360 ----a-w- c:\windows\system32\CompatTelRunner.exe
2018-04-11 08:40 . 2018-03-14 13:05 739840 ----a-w- c:\windows\system32\generaltel.dll
2018-04-11 08:40 . 2018-03-14 13:05 599552 ----a-w- c:\windows\system32\devinv.dll
2018-04-11 08:40 . 2018-03-14 13:05 450048 ----a-w- c:\windows\system32\centel.dll
2018-04-11 08:40 . 2018-03-14 13:05 414720 ----a-w- c:\windows\system32\invagent.dll
2018-04-11 08:40 . 2018-03-14 13:05 237056 ----a-w- c:\windows\system32\aepic.dll
2018-04-11 08:40 . 2018-03-14 13:05 1993728 ----a-w- c:\windows\system32\aitstatic.exe
2018-04-03 13:41 . 2018-03-19 10:57 76192 ----a-w- c:\windows\system32\drivers\mbae64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-04-03 14:51 . 2016-12-02 16:09 50136 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2018-04-03 14:51 . 2016-12-02 16:09 61520 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2018-04-03 14:51 . 2015-09-23 07:30 82816 ----a-w- c:\windows\system32\drivers\epfw.sys
2018-04-03 14:51 . 2015-09-23 07:30 108320 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2018-04-03 14:51 . 2017-05-04 11:18 110432 ----a-w- c:\windows\system32\drivers\edevmon.sys
2018-04-03 14:51 . 2015-09-23 07:30 196112 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2018-04-03 14:51 . 2015-09-23 07:30 137928 ----a-w- c:\windows\system32\drivers\eamonm.sys
2018-03-31 01:09 . 2018-04-11 17:40 44544 ----a-w- c:\windows\apppatch\acwow64.dll
2018-03-11 14:24 . 2017-01-17 13:23 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-02-22 03:28 . 2018-03-14 09:44 217600 ----a-w- c:\windows\system32\WinSCard.dll
2018-02-22 03:06 . 2018-03-14 09:44 134656 ----a-w- c:\windows\SysWow64\WinSCard.dll
2018-02-18 21:34 . 2018-03-14 09:44 634272 ----a-w- c:\windows\system32\winload.exe
2018-02-10 18:35 . 2018-03-14 09:44 68288 ----a-w- c:\windows\system32\drivers\volmgr.sys
2018-02-10 18:35 . 2018-03-14 09:44 64192 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS
2018-02-10 18:35 . 2018-03-14 09:44 63168 ----a-w- c:\windows\system32\drivers\termdd.sys
2018-02-10 18:35 . 2018-03-14 09:44 12096 ----a-w- c:\windows\system32\drivers\swenum.sys
2018-02-10 18:35 . 2018-03-14 09:44 36032 ----a-w- c:\windows\system32\drivers\vdrvroot.sys
2018-02-10 18:35 . 2018-03-14 09:44 23744 ----a-w- c:\windows\system32\streamci.dll
2018-02-10 18:35 . 2018-03-14 09:44 367296 ----a-w- c:\windows\system32\drivers\msrpc.sys
2018-02-10 18:35 . 2018-03-14 09:44 185024 ----a-w- c:\windows\system32\drivers\pci.sys
2018-02-10 18:35 . 2018-03-14 09:44 31936 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2018-02-10 18:35 . 2018-03-14 09:44 122560 ----a-w- c:\windows\system32\drivers\NV_AGP.SYS
2018-02-10 18:35 . 2018-03-14 09:44 15040 ----a-w- c:\windows\system32\drivers\msisadrv.sys
2018-02-10 18:35 . 2018-03-14 09:44 20160 ----a-w- c:\windows\system32\drivers\isapnp.sys
2018-02-10 18:35 . 2018-03-14 09:44 334528 ----a-w- c:\windows\system32\drivers\acpi.sys
2018-02-10 18:35 . 2018-03-14 09:44 60608 ----a-w- c:\windows\system32\drivers\AGP440.sys
2018-02-10 18:23 . 2018-03-14 09:44 330240 ----a-w- c:\windows\SysWow64\zipfldr.dll
2018-02-10 18:23 . 2018-03-14 09:44 111616 ----a-w- c:\windows\SysWow64\racpldlg.dll
2018-02-10 18:23 . 2018-03-14 09:44 2292224 ----a-w- c:\windows\SysWow64\MSVidCtl.dll
2018-02-10 18:11 . 2018-03-14 09:44 369664 ----a-w- c:\windows\system32\zipfldr.dll
2018-02-10 18:11 . 2018-03-14 09:44 119296 ----a-w- c:\windows\system32\racpldlg.dll
2018-02-10 18:11 . 2018-03-14 09:44 3665920 ----a-w- c:\windows\system32\MSVidCtl.dll
2018-02-10 18:11 . 2018-03-14 09:44 133120 ----a-w- c:\windows\system32\msrahc.dll
2018-02-10 17:36 . 2018-03-14 09:44 40960 ----a-w- c:\windows\SysWow64\sdchange.exe
2018-02-10 17:36 . 2018-03-14 09:44 108032 ----a-w- c:\windows\SysWow64\msra.exe
2018-02-10 17:36 . 2018-03-14 09:44 7168 ----a-w- c:\windows\SysWow64\MsraLegacy.tlb
2018-02-10 17:26 . 2018-03-14 09:44 653312 ----a-w- c:\windows\system32\msra.exe
2018-02-10 17:26 . 2018-03-14 09:44 51712 ----a-w- c:\windows\system32\sdchange.exe
2018-02-10 17:25 . 2018-03-14 09:44 7168 ----a-w- c:\windows\system32\MsraLegacy.tlb
2018-02-10 17:25 . 2018-03-14 09:44 14336 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2018-02-10 17:25 . 2018-03-14 09:44 9728 ----a-w- c:\windows\system32\drivers\errdev.sys
2018-02-02 18:40 . 2018-03-14 09:44 114368 ----a-w- c:\windows\system32\consent.exe
2018-02-02 18:29 . 2018-03-14 09:44 2365952 ----a-w- c:\windows\SysWow64\msi.dll
2018-02-02 18:29 . 2018-03-14 09:44 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2018-02-02 18:29 . 2018-03-14 09:44 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2018-02-02 18:28 . 2018-03-14 09:44 1806848 ----a-w- c:\windows\SysWow64\authui.dll
2018-02-02 18:16 . 2018-03-14 09:44 3246080 ----a-w- c:\windows\system32\msi.dll
2018-02-02 18:16 . 2018-03-14 09:44 504320 ----a-w- c:\windows\system32\msihnd.dll
2018-02-02 18:16 . 2018-03-14 09:44 25088 ----a-w- c:\windows\system32\msimsg.dll
2018-02-02 18:14 . 2018-03-14 09:44 1942016 ----a-w- c:\windows\system32\authui.dll
2018-02-02 18:14 . 2018-03-14 09:44 70144 ----a-w- c:\windows\system32\appinfo.dll
2018-02-02 17:46 . 2018-03-14 09:44 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2018-02-02 17:36 . 2018-03-14 09:44 128512 ----a-w- c:\windows\system32\msiexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ProgLauncher"="c:\program files\ProgDVB x64\ProgLauncher.exe" [2018-04-20 659184]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MxService;MxService;c:\program files (x86)\Maxthon5\Bin\MxService.exe;c:\program files (x86)\Maxthon5\Bin\MxService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 fcvsc;fcvsc;c:\windows\system32\drivers\fcvsc.sys;c:\windows\SYSNATIVE\drivers\fcvsc.sys [x]
R3 gencounter;Microsoft Hyper-V Generation Counter;c:\windows\system32\drivers\vmgencounter.sys;c:\windows\SYSNATIVE\drivers\vmgencounter.sys [x]
R3 hyperkbd;hyperkbd;c:\windows\system32\drivers\hyperkbd.sys;c:\windows\SYSNATIVE\drivers\hyperkbd.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe;c:\program files\ESET\ESET Security\ekrn.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MaxthonUpdateSvc;Maxthon Core Update Service;c:\program files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe;c:\program files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IUFileFilter;IUFileFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [x]
S3 IURegProcessFilter;IURegProcessFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET_AMD64.SYS;c:\windows\SYSNATIVE\DRIVERS\SkyNET_AMD64.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2017-05-22 09:16 2478880 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2018-04-03 178496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 149.56.36.54:80
IE: E&xporter vers Microsoft Excel - c:\program files (x86)\MICROS~1\Office12\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEExt.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 0.0.0.0
FF - ProfilePath - c:\users\abderazzak\AppData\Roaming\Mozilla\Firefox\Profiles\fuaajkzx.default\
.
- - - - ORPHANS REMOVED - - - -
.
{CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-155762465-3415061182-3351304667-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2b,15,00,62,f9,15,b8,db,0d,82,3d,56,80,c8,89,23,42,66,7e,c0,ec,
56,2d,2d,5c,ad,c5,35,3c,e3,2a,e4,57,58,5d,e4,17,21,30,0f,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-155762465-3415061182-3351304667-1000_Classes\Wow6432Node\CLSID\{e86b1dcf-ee8e-446a-9e80-b2e7c43a9af4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000160
"Therad"=dword:0000000f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2018-05-01 23:58:50
ComboFix-quarantined-files.txt 2018-05-01 21:58
.
Pre-Run: 35 406 520 320 octets libres
Post-Run: 35 062 157 312 octets libres
.
- - End Of File - - CA2732218CAF0AF34F9A322881422E0D
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Edition Intégrale 6.1.7601.1.1256.213.1036.18.3990.2318 [GMT 2:00]
Running from: c:\users\abderazzak\Desktop\ComboFix.exe
AV: ESET Internet Security *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET ÌÏÇÑ ÍãÇíÉ *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Internet Security *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2018-04-01 to 2018-05-01 )))))))))))))))))))))))))))))))
.
.
2018-05-01 21:45 . 2018-05-01 21:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2018-05-01 21:45 . 2018-05-01 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-05-01 20:48 . 2018-04-13 19:08 14575456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E27C6561-59AE-4329-B85E-E01A971710AC}\mpengine.dll
2018-04-30 13:55 . 2018-04-30 13:56 -------- d-----w- c:\program files\ProgDVB x64
2018-04-29 08:12 . 2018-05-01 16:50 253664 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-04-24 11:00 . 2018-04-24 11:09 -------- d-sh--w- c:\users\abderazzak\AppData\Local\12369
2018-04-24 11:00 . 2018-04-29 12:57 -------- d-----w- c:\users\abderazzak\AppData\Local\Kristans
2018-04-11 17:39 . 2018-03-31 01:09 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2018-04-11 08:40 . 2018-03-14 17:09 656384 ----a-w- c:\windows\system32\aeinv.dll
2018-04-11 08:40 . 2018-03-14 13:05 1559552 ----a-w- c:\windows\system32\appraiser.dll
2018-04-11 08:40 . 2018-03-14 13:05 291840 ----a-w- c:\windows\system32\acmigration.dll
2018-04-11 08:40 . 2018-03-14 17:14 135360 ----a-w- c:\windows\system32\CompatTelRunner.exe
2018-04-11 08:40 . 2018-03-14 13:05 739840 ----a-w- c:\windows\system32\generaltel.dll
2018-04-11 08:40 . 2018-03-14 13:05 599552 ----a-w- c:\windows\system32\devinv.dll
2018-04-11 08:40 . 2018-03-14 13:05 450048 ----a-w- c:\windows\system32\centel.dll
2018-04-11 08:40 . 2018-03-14 13:05 414720 ----a-w- c:\windows\system32\invagent.dll
2018-04-11 08:40 . 2018-03-14 13:05 237056 ----a-w- c:\windows\system32\aepic.dll
2018-04-11 08:40 . 2018-03-14 13:05 1993728 ----a-w- c:\windows\system32\aitstatic.exe
2018-04-03 13:41 . 2018-03-19 10:57 76192 ----a-w- c:\windows\system32\drivers\mbae64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-04-03 14:51 . 2016-12-02 16:09 50136 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2018-04-03 14:51 . 2016-12-02 16:09 61520 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2018-04-03 14:51 . 2015-09-23 07:30 82816 ----a-w- c:\windows\system32\drivers\epfw.sys
2018-04-03 14:51 . 2015-09-23 07:30 108320 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2018-04-03 14:51 . 2017-05-04 11:18 110432 ----a-w- c:\windows\system32\drivers\edevmon.sys
2018-04-03 14:51 . 2015-09-23 07:30 196112 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2018-04-03 14:51 . 2015-09-23 07:30 137928 ----a-w- c:\windows\system32\drivers\eamonm.sys
2018-03-31 01:09 . 2018-04-11 17:40 44544 ----a-w- c:\windows\apppatch\acwow64.dll
2018-03-11 14:24 . 2017-01-17 13:23 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-02-22 03:28 . 2018-03-14 09:44 217600 ----a-w- c:\windows\system32\WinSCard.dll
2018-02-22 03:06 . 2018-03-14 09:44 134656 ----a-w- c:\windows\SysWow64\WinSCard.dll
2018-02-18 21:34 . 2018-03-14 09:44 634272 ----a-w- c:\windows\system32\winload.exe
2018-02-10 18:35 . 2018-03-14 09:44 68288 ----a-w- c:\windows\system32\drivers\volmgr.sys
2018-02-10 18:35 . 2018-03-14 09:44 64192 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS
2018-02-10 18:35 . 2018-03-14 09:44 63168 ----a-w- c:\windows\system32\drivers\termdd.sys
2018-02-10 18:35 . 2018-03-14 09:44 12096 ----a-w- c:\windows\system32\drivers\swenum.sys
2018-02-10 18:35 . 2018-03-14 09:44 36032 ----a-w- c:\windows\system32\drivers\vdrvroot.sys
2018-02-10 18:35 . 2018-03-14 09:44 23744 ----a-w- c:\windows\system32\streamci.dll
2018-02-10 18:35 . 2018-03-14 09:44 367296 ----a-w- c:\windows\system32\drivers\msrpc.sys
2018-02-10 18:35 . 2018-03-14 09:44 185024 ----a-w- c:\windows\system32\drivers\pci.sys
2018-02-10 18:35 . 2018-03-14 09:44 31936 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2018-02-10 18:35 . 2018-03-14 09:44 122560 ----a-w- c:\windows\system32\drivers\NV_AGP.SYS
2018-02-10 18:35 . 2018-03-14 09:44 15040 ----a-w- c:\windows\system32\drivers\msisadrv.sys
2018-02-10 18:35 . 2018-03-14 09:44 20160 ----a-w- c:\windows\system32\drivers\isapnp.sys
2018-02-10 18:35 . 2018-03-14 09:44 334528 ----a-w- c:\windows\system32\drivers\acpi.sys
2018-02-10 18:35 . 2018-03-14 09:44 60608 ----a-w- c:\windows\system32\drivers\AGP440.sys
2018-02-10 18:23 . 2018-03-14 09:44 330240 ----a-w- c:\windows\SysWow64\zipfldr.dll
2018-02-10 18:23 . 2018-03-14 09:44 111616 ----a-w- c:\windows\SysWow64\racpldlg.dll
2018-02-10 18:23 . 2018-03-14 09:44 2292224 ----a-w- c:\windows\SysWow64\MSVidCtl.dll
2018-02-10 18:11 . 2018-03-14 09:44 369664 ----a-w- c:\windows\system32\zipfldr.dll
2018-02-10 18:11 . 2018-03-14 09:44 119296 ----a-w- c:\windows\system32\racpldlg.dll
2018-02-10 18:11 . 2018-03-14 09:44 3665920 ----a-w- c:\windows\system32\MSVidCtl.dll
2018-02-10 18:11 . 2018-03-14 09:44 133120 ----a-w- c:\windows\system32\msrahc.dll
2018-02-10 17:36 . 2018-03-14 09:44 40960 ----a-w- c:\windows\SysWow64\sdchange.exe
2018-02-10 17:36 . 2018-03-14 09:44 108032 ----a-w- c:\windows\SysWow64\msra.exe
2018-02-10 17:36 . 2018-03-14 09:44 7168 ----a-w- c:\windows\SysWow64\MsraLegacy.tlb
2018-02-10 17:26 . 2018-03-14 09:44 653312 ----a-w- c:\windows\system32\msra.exe
2018-02-10 17:26 . 2018-03-14 09:44 51712 ----a-w- c:\windows\system32\sdchange.exe
2018-02-10 17:25 . 2018-03-14 09:44 7168 ----a-w- c:\windows\system32\MsraLegacy.tlb
2018-02-10 17:25 . 2018-03-14 09:44 14336 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2018-02-10 17:25 . 2018-03-14 09:44 9728 ----a-w- c:\windows\system32\drivers\errdev.sys
2018-02-02 18:40 . 2018-03-14 09:44 114368 ----a-w- c:\windows\system32\consent.exe
2018-02-02 18:29 . 2018-03-14 09:44 2365952 ----a-w- c:\windows\SysWow64\msi.dll
2018-02-02 18:29 . 2018-03-14 09:44 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2018-02-02 18:29 . 2018-03-14 09:44 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2018-02-02 18:28 . 2018-03-14 09:44 1806848 ----a-w- c:\windows\SysWow64\authui.dll
2018-02-02 18:16 . 2018-03-14 09:44 3246080 ----a-w- c:\windows\system32\msi.dll
2018-02-02 18:16 . 2018-03-14 09:44 504320 ----a-w- c:\windows\system32\msihnd.dll
2018-02-02 18:16 . 2018-03-14 09:44 25088 ----a-w- c:\windows\system32\msimsg.dll
2018-02-02 18:14 . 2018-03-14 09:44 1942016 ----a-w- c:\windows\system32\authui.dll
2018-02-02 18:14 . 2018-03-14 09:44 70144 ----a-w- c:\windows\system32\appinfo.dll
2018-02-02 17:46 . 2018-03-14 09:44 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2018-02-02 17:36 . 2018-03-14 09:44 128512 ----a-w- c:\windows\system32\msiexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ProgLauncher"="c:\program files\ProgDVB x64\ProgLauncher.exe" [2018-04-20 659184]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MxService;MxService;c:\program files (x86)\Maxthon5\Bin\MxService.exe;c:\program files (x86)\Maxthon5\Bin\MxService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 fcvsc;fcvsc;c:\windows\system32\drivers\fcvsc.sys;c:\windows\SYSNATIVE\drivers\fcvsc.sys [x]
R3 gencounter;Microsoft Hyper-V Generation Counter;c:\windows\system32\drivers\vmgencounter.sys;c:\windows\SYSNATIVE\drivers\vmgencounter.sys [x]
R3 hyperkbd;hyperkbd;c:\windows\system32\drivers\hyperkbd.sys;c:\windows\SYSNATIVE\drivers\hyperkbd.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe;c:\program files\ESET\ESET Security\ekrn.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MaxthonUpdateSvc;Maxthon Core Update Service;c:\program files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe;c:\program files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IUFileFilter;IUFileFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [x]
S3 IURegProcessFilter;IURegProcessFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET_AMD64.SYS;c:\windows\SYSNATIVE\DRIVERS\SkyNET_AMD64.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2017-05-22 09:16 2478880 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2018-04-03 178496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 149.56.36.54:80
IE: E&xporter vers Microsoft Excel - c:\program files (x86)\MICROS~1\Office12\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEExt.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 0.0.0.0
FF - ProfilePath - c:\users\abderazzak\AppData\Roaming\Mozilla\Firefox\Profiles\fuaajkzx.default\
.
- - - - ORPHANS REMOVED - - - -
.
{CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-155762465-3415061182-3351304667-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2b,15,00,62,f9,15,b8,db,0d,82,3d,56,80,c8,89,23,42,66,7e,c0,ec,
56,2d,2d,5c,ad,c5,35,3c,e3,2a,e4,57,58,5d,e4,17,21,30,0f,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-155762465-3415061182-3351304667-1000_Classes\Wow6432Node\CLSID\{e86b1dcf-ee8e-446a-9e80-b2e7c43a9af4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000160
"Therad"=dword:0000000f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2018-05-01 23:58:50
ComboFix-quarantined-files.txt 2018-05-01 21:58
.
Pre-Run: 35 406 520 320 octets libres
Post-Run: 35 062 157 312 octets libres
.
- - End Of File - - CA2732218CAF0AF34F9A322881422E0D
A36C5E4F47E84449FF07ED3517B43A31